linux/arch/alpha/kernel
Dan Rosenberg 21c5977a83 alpha: fix several security issues
Fix several security issues in Alpha-specific syscalls.  Untested, but
mostly trivial.

1. Signedness issue in osf_getdomainname allows copying out-of-bounds
kernel memory to userland.

2. Signedness issue in osf_sysinfo allows copying large amounts of
kernel memory to userland.

3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy
size, allowing copying large amounts of kernel memory to userland.

4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows
privilege escalation via writing return value of sys_wait4 to kernel
memory.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-15 20:04:02 -07:00
..
.gitignore alpha: .gitignore vmlinux.lds 2009-01-15 16:39:40 -08:00
alpha_ksyms.c Generic semaphore implementation 2008-04-17 10:42:34 -04:00
asm-offsets.c CRED: Separate task security context from task_struct 2008-11-14 10:39:16 +11:00
binfmt_loader.c alpha: binfmt_aout fix 2009-05-02 15:36:10 -07:00
console.c
core_apecs.c
core_cia.c
core_irongate.c Introduce flags for reserve_bootmem() 2008-02-07 08:42:25 -08:00
core_lca.c Fix common misspellings 2011-03-31 11:26:23 -03:00
core_marvel.c arch/alpha/kernel: Add kmalloc NULL tests 2009-11-30 15:38:19 -05:00
core_mcpcia.c alpha: Remove set but unused variables. 2011-04-17 14:41:30 -07:00
core_polaris.c
core_t2.c alpha: use single HAE window on T2 core logic (gamma, sable) 2010-10-26 16:52:12 -07:00
core_titan.c arch/alpha/kernel: Add kmalloc NULL tests 2009-11-30 15:38:19 -05:00
core_tsunami.c alpha: remove remaining __FUNCTION__ occurrences 2008-04-28 08:58:27 -07:00
core_wildfire.c
entry.S alpha: switch osf_sigprocmask() to use of sigprocmask() 2010-09-27 12:19:53 -07:00
err_common.c
err_ev6.c alpha: Use static const char * const where possible 2010-09-18 23:06:17 -04:00
err_ev7.c alpha: titan and marvel build fixes 2009-05-02 15:36:10 -07:00
err_impl.h alpha: titan and marvel build fixes 2009-05-02 15:36:10 -07:00
err_marvel.c Fix common misspellings 2011-03-31 11:26:23 -03:00
err_titan.c alpha: Remove set but unused variables. 2011-04-17 14:41:30 -07:00
es1888.c
gct.c
head.S alpha: convert to use __HEAD and HEAD_TEXT macros. 2009-04-26 09:20:38 -07:00
init_task.c alpha: use .data.init_task instead of .data.init_thread. 2009-09-24 17:16:22 -07:00
io.c
irq.c alpha: Use generic show_interrupts() 2011-03-29 14:47:58 +02:00
irq_alpha.c alpha: Fix RTC interrupt setup. 2011-04-17 14:41:30 -07:00
irq_i8259.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
irq_impl.h alpha: i8259, alcor, jensen wildfire: Convert irq_chip 2011-03-02 14:57:55 -05:00
irq_pyxis.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
irq_srm.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
machvec_impl.h alpha: use single HAE window on T2 core logic (gamma, sable) 2010-10-26 16:52:12 -07:00
Makefile alpha: Don't force -Werror. 2011-04-17 14:41:30 -07:00
module.c alpha: handle kcalloc failure 2008-04-28 08:58:27 -07:00
osf_sys.c alpha: fix several security issues 2011-06-15 20:04:02 -07:00
pc873xx.c alpha: Detect Super IO chip, no IDE on Avanti, enable EPP19 2010-06-15 14:19:08 -04:00
pc873xx.h alpha: Detect Super IO chip, no IDE on Avanti, enable EPP19 2010-06-15 14:19:08 -04:00
pci-noop.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pci-sysfs.c alpha: remove unnecessary cast from void* in assignment. 2010-09-18 23:06:17 -04:00
pci.c resource/PCI: mark struct resource as const 2010-02-22 16:16:57 -08:00
pci_impl.h alpha: AGP update (fixes compile failure) 2009-09-24 07:21:06 -07:00
pci_iommu.c alpha: remove dma64_addr_t usage 2010-10-27 18:03:17 -07:00
perf_event.c perf: Dynamic pmu types 2010-12-16 11:36:43 +01:00
process.c alpha: replace with new cpumask APIs 2011-05-25 08:39:38 -07:00
proto.h Fix call to replaced SuperIO functions 2010-08-31 22:45:31 -04:00
ptrace.c ptrace: change signature of arch_ptrace() 2010-10-27 18:03:10 -07:00
setup.c alpha: replace with new cpumask APIs 2011-05-25 08:39:38 -07:00
signal.c Fix up more fallout form alpha signal cleanups 2010-09-30 08:37:38 -07:00
smc37c93x.c alpha: Remove set but unused variables. 2011-04-17 14:41:30 -07:00
smc37c669.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
smp.c alpha: replace with new cpumask APIs 2011-05-25 08:39:38 -07:00
srm_env.c alpha: remove unnecessary cast from void* in assignment. 2010-09-18 23:06:17 -04:00
srmcons.c
sys_alcor.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_cabriolet.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_dp264.c alpha: replace with new cpumask APIs 2011-05-25 08:39:38 -07:00
sys_eb64p.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_eiger.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_jensen.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_marvel.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_miata.c PCI: alpha: use generic pci_swizzle_interrupt_pin() 2009-01-07 11:12:53 -08:00
sys_mikasa.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_nautilus.c alpha: nautilus - fix hang on boot 2009-01-15 16:39:40 -08:00
sys_noritake.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_rawhide.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_ruffian.c arch/alpha/kernel/sys_ruffian.c: Use DIV_ROUND_CLOSEST 2009-11-30 15:37:25 -05:00
sys_rx164.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_sable.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_sio.c alpha: Detect Super IO chip, no IDE on Avanti, enable EPP19 2010-06-15 14:19:08 -04:00
sys_sx164.c
sys_takara.c alpha: Convert to new irq function names 2011-03-29 14:47:58 +02:00
sys_titan.c alpha: replace with new cpumask APIs 2011-05-25 08:39:38 -07:00
sys_wildfire.c alpha: Remove set but unused variables. 2011-04-17 14:41:30 -07:00
systbls.S ns: Wire up the setns system call 2011-05-28 10:48:39 -07:00
time.c alpha: convert to clocksource_register_hz 2011-05-13 19:16:10 -04:00
traps.c alpha: kill big kernel lock 2010-09-18 23:06:18 -04:00
vmlinux.lds.S Merge branch 'for-2.6.40' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2011-05-24 11:53:42 -07:00