evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/kernel
History
Jack Pham 775e281fb6 trace: ipc_logging: Avoid buffer overflow in ipc_log_string() 
In ipc_log_string() the return value from vsnprintf(), data_size,
is used to increment ectxt.offset. However, this length could
actually be much larger than that of ectxt.buff itself. This is a
typical mistake of [v]snprintf() usage [1], in that it returns
not the number of characters written but how many characters
*would* have been written regardless of whether it was truncated.
The result is that even though ectxt.buff itself is not overrun,
the incorrect size in ectxt.offset will be later used as the length
parameter when memcpy()'ing to the ipc_log_page's data, overflowing
that memory and beyond. The write_page's write_offset would also
indicate an out-of-bounds (greater than PAGE_SIZE) length.

The fix is simple: use vscnprintf() instead of vsnprintf().

[1] https://lwn.net/Articles/69419/

Change-Id: I2e9d44e74f5f30a009732e31a554d82e31946999
Signed-off-by: Jack Pham <jackp@codeaurora.org>
2017-03-30 17:34:50 -07:00
..
bpf Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
configs kconfig: tinyconfig: provide whole choice blocks to avoid warnings 2016-09-24 10:07:42 +02:00
debug Merge branch 'linux-linaro-lsk-v4.4' into linux-linaro-lsk-v4.4-android 2017-01-09 12:01:35 +08:00
events Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
gcov gcov: add support for GCC 5.1 2015-06-30 19:44:57 -07:00
irq Merge tag 'lsk-v4.4-16.12-android' into branch 'msm-4.4' 2017-02-28 17:10:49 -08:00
livepatch livepatch: x86: fix relocation computation with kASLR 2015-11-11 17:36:04 +01:00
locking Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
power Merge tag 'lsk-v4.4-16.12-android' into branch 'msm-4.4' 2017-02-28 17:10:49 -08:00
printk Merge tag v4.4.55 into branch 'msm-4.4' 2017-03-23 03:22:14 -07:00
rcu rcu: Induce msm watchdog bite for rcu stalls 2017-03-09 10:07:35 -08:00
sched Merge "ARM: dts: msm: disable core_ctl for SDM630" 2017-03-23 09:44:48 -07:00
time Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
trace trace: ipc_logging: Avoid buffer overflow in ipc_log_string() 2017-03-30 17:34:50 -07:00
.gitignore certs: add .gitignore to stop git nagging about x509_certificate_list 2015-10-21 15:18:35 +01:00
acct.c
async.c
audit.c BACKPORT: audit: consistently record PIDs with task_tgid_nr() 2016-10-12 17:34:22 +05:30
audit.h audit: audit_tree_match can be boolean 2015-11-04 08:23:51 -05:00
audit_fsnotify.c audit: clean simple fsnotify implementation 2015-08-06 16:14:53 -04:00
audit_tree.c audit: audit_tree_match can be boolean 2015-11-04 08:23:51 -05:00
audit_watch.c audit: fix exe_file access in audit_exe_compare 2016-09-24 10:07:36 +02:00
auditfilter.c audit: fix comment block whitespace 2015-11-04 08:23:51 -05:00
auditsc.c audit: fix a double fetch in audit_log_single_execve_arg() 2016-11-23 11:33:07 -08:00
backtracetest.c
bounds.c
capability.c exec: Ensure mm->user_ns contains the execed files 2017-01-06 11:16:14 +01:00
cgroup.c Merge tag 'lsk-v4.4-16.12-android' into branch 'msm-4.4' 2017-02-28 17:10:49 -08:00
cgroup_freezer.c cgroup: fix handling of multi-destination migration from subtree_control enabling 2015-12-03 10:18:21 -05:00
cgroup_pids.c cgroup_pids: don't account for the root cgroup 2015-12-03 10:18:21 -05:00
compat.c compat: cleanup coding in compat_get_bitmap() and compat_put_bitmap() 2015-06-04 23:57:18 +02:00
configs.c
context_tracking.c context_tracking: avoid irq_save/irq_restore on guest entry and exit 2015-11-10 12:06:23 +01:00
cpu.c Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
cpu_pm.c lpm-levels: Do not disable non-sec interrupts in suspend 2016-03-22 11:07:22 -07:00
cpuset.c Merge tag 'lsk-v4.4-16.12-android' into branch 'msm-4.4' 2017-02-28 17:10:49 -08:00
crash_dump.c
cred.c cred: Reject inodes with invalid ids in set_create_file_as() 2016-09-15 08:27:49 +02:00
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c Merge branch 'v4.4-16.09-android-tmp' into lsk-v4.4-16.09-android 2016-12-16 13:52:17 -08:00
extable.c kernel/extable.c: remove duplicated include 2015-09-10 13:29:01 -07:00
fork.c Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
freezer.c
futex.c Merge tag v4.4.55 into branch 'msm-4.4' 2017-03-23 03:22:14 -07:00
futex_compat.c ptrace: use fsuid, fsgid, effective creds for fs access checks 2016-02-25 12:01:16 -08:00
groups.c
hung_task.c
irq_work.c treewide: Remove old email address 2015-11-23 09:44:58 +01:00
jump_label.c jump_labels: API for flushing deferred jump label updates 2017-01-19 20:17:19 +01:00
kallsyms.c
kcmp.c ptrace: use fsuid, fsgid, effective creds for fs access checks 2016-02-25 12:01:16 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kexec.c kexec: use file name as the output message prefix 2015-11-06 17:50:42 -08:00
kexec_core.c kexec: use file name as the output message prefix 2015-11-06 17:50:42 -08:00
kexec_file.c kexec: fix double-free when failing to relocate the purgatory 2016-09-24 10:07:36 +02:00
kexec_internal.h kexec: split kexec_file syscall code to kexec_file.c 2015-09-10 13:29:01 -07:00
kmod.c kmod: don't run async usermode helper as a child of kworker thread 2015-10-23 17:55:10 +09:00
kprobes.c perf/x86/hw_breakpoints: Disallow kernel breakpoints unless kprobe-safe 2015-08-04 10:16:54 +02:00
ksysfs.c kexec: split kexec_load syscall from kexec core code 2015-09-10 13:29:01 -07:00
kthread.c kernel/kthread.c:kthread_create_on_node(): clarify documentation 2015-09-04 16:54:41 -07:00
latencytop.c
Makefile sys_membarrier(): system-wide memory barrier (generic, x86) 2015-09-11 15:21:34 -07:00
membarrier.c Fix: Disable sys_membarrier when nohz_full is enabled 2017-03-12 06:37:26 +01:00
memremap.c mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done} 2017-01-19 20:17:18 +01:00
module-internal.h
module.c Merge branch 'v4.4-16.09-android-tmp' into lsk-v4.4-16.09-android 2016-12-16 13:52:17 -08:00
module_signing.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
notifier.c Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-01 08:40:25 -07:00
nsproxy.c
padata.c
panic.c Merge branch 'v4.4-16.09-android-tmp' into lsk-v4.4-16.09-android 2016-12-16 13:52:17 -08:00
params.c Nothing exciting, minor tweaks and cleanups. 2015-11-09 15:53:39 -08:00
pid.c Use after free from pid_nr_ns() 2017-01-23 18:31:21 -08:00
pid_namespace.c
profile.c mm: rename alloc_pages_exact_node() to __alloc_pages_node() 2015-09-08 15:35:28 -07:00
ptrace.c ptrace: Capture the ptracer's creds not PT_PTRACE_CAP 2017-01-06 11:16:11 +01:00
range.c
reboot.c kexec: split kexec_load syscall from kexec core code 2015-09-10 13:29:01 -07:00
relay.c kernel/relay.c: use kvfree() in relay_free_page_array() 2015-06-30 19:44:59 -07:00
resource.c Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
seccomp.c seccomp: always propagate NO_NEW_PRIVS on tsync 2016-03-03 15:07:25 -08:00
signal.c kernel/signal.c: unexport sigsuspend() 2015-11-20 16:17:32 -08:00
smp.c smp: Do not wake up all idle CPUs 2016-09-24 10:59:58 -07:00
smpboot.c sched: Add per CPU load tracking for each task 2016-10-17 12:43:53 -07:00
smpboot.h
softirq.c
stacktrace.c
stop_machine.c kernel: remove stop_machine() Kconfig dependency 2015-12-12 10:15:34 -08:00
sys.c BACKPORT: timer: convert timer_slack_ns from unsigned long to u64 2016-07-11 12:43:04 +05:30
sys_ni.c mm: mlock: add new mlock system call 2015-11-05 19:34:48 -08:00
sysctl.c Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
sysctl_binary.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
task_work.c task_work: remove fifo ordering guarantee 2015-09-05 13:46:58 -07:00
taskstats.c
test_kprobes.c
torture.c torture: Consolidate cond_resched_rcu_qs() into stutter_wait() 2015-10-06 11:25:01 -07:00
tracepoint.c tracepoint: Give priority to probes of tracepoints 2015-10-25 21:33:54 -04:00
tsacct.c
uid16.c
up.c
user-return-notifier.c
user.c
user_namespace.c capabilities: ambient capabilities 2015-09-04 16:54:41 -07:00
utsname.c
utsname_sysctl.c
watchdog.c Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4' 2017-03-18 08:55:10 -07:00
workqueue.c workqueue: fix possible livelock with concurrent mod_delayed_work() 2017-01-11 11:53:39 +05:30
workqueue_internal.h