Dapper CVE-2010-4163: block: check for proper length of iov entries earlier in blk_rq_map_user_iov()
Stefan Bader
stefan.bader at canonical.com
Mon Feb 21 08:35:05 UTC 2011
Same comment as for the Hardy patch.
On 02/18/2011 10:24 PM, Tim Gardner wrote:
> The following changes since commit 352701fdc50086ac0db65862e16dc8b20918d174:
> Steve Conklin (1):
> UBUNTU: Ubuntu-2.6.15-55.93
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/rtg/ubuntu-dapper.git CVE-2010-4163
>
> Tim Gardner (1):
> block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163
>
> fs/bio.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> From a80bcfd393b668c43d9a8cd2b00b93fd6b31fa00 Mon Sep 17 00:00:00 2001
> From: Tim Gardner <tim.gardner at canonical.com>
> Date: Fri, 18 Feb 2011 14:22:11 -0700
> Subject: [PATCH] block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163
>
> BugLink: http://bugs.launchpad.net/bugs/721504
>
> CVE-2010-4163
>
> commit 9284bcf checks for proper length of iov entries in
> blk_rq_map_user_iov(). But if the map is unaligned, kernel
> will break out the loop without checking for the proper length.
> So we need to check the proper length before the unalign check.
>
> Signed-off-by: Xiaotian Feng <dfeng at redhat.com>
> Cc: stable at kernel.org
> Signed-off-by: Jens Axboe <jaxboe at fusionio.com>
> (backported from commit 5478755616ae2ef1ce144dded589b62b2a50d575)
>
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> fs/bio.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/fs/bio.c b/fs/bio.c
> index 460554b..09b1255 100644
> --- a/fs/bio.c
> +++ b/fs/bio.c
> @@ -574,6 +574,9 @@ static struct bio *__bio_map_user_iov(request_queue_t *q,
> unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
> unsigned long start = uaddr >> PAGE_SHIFT;
>
> + if (!len)
> + return ERR_PTR(-EINVAL);
> +
> nr_pages += end - start;
> /*
> * transfer and buffer must be aligned to at least hardsector
More information about the kernel-team
mailing list