All of lore.kernel.org
 help / color / mirror / Atom feed
* Linux v2.6.9...
@ 2004-10-18 22:45 Linus Torvalds
  2004-10-18 23:27 ` Thomas Zehetbauer
                   ` (5 more replies)
  0 siblings, 6 replies; 261+ messages in thread
From: Linus Torvalds @ 2004-10-18 22:45 UTC (permalink / raw)
  To: Kernel Mailing List


Ok,
 despite some naming confusion (expanation: I'm a retard), I did end up
doing the 2.6.9 release today. And it wasn't the same as the "-final" test
release (see explanation above).

Excuses aside, not a lot of changes since -rc4 (which was the last
announced test-kernel), mainly some UML updates that don't affect anybody
else. And a number of one-liners or compiler fixes. Full list appended.

		Linus

----

Summary of changes from v2.6.9-rc4 to v2.6.9
============================================

<mgoodman:csua.berkeley.edu>:
  o Fix NFS3 krb5 clients on x86-64

Al Borchers:
  o USB: corrected digi_acceleport 2.6.9-rc1 fix for hang on disconnect

Andrea Arcangeli:
  o ptep_establish smp race x86 PAE >4G

Andrew Morton:
  o revert writeback threshold changes
  o ext3 direct io assert fix

Anton Blanchard:
  o ppc64: fix some issues with mem_reserve

Benjamin Herrenschmidt:
  o ppc64: Split iomap implementation & eeh !
  o ppc32: Add "native" iomap interfaces
  o ppc64: more issues with mem_reserve

Chris Wright:
  o uml: fix ubd deadlock on SMP

Christoph Hellwig:
  o [XFS] fix a freeze/thaw deadlock

Christoph Lameter:
  o time interpolator fixes

David Brownell:
  o USB: EHCI SMP fix
  o USB: net2280 updates

David Woodhouse:
  o ppc64: one more explicit cmp instruction sizing

Dmitry Torokhov:
  o Fix oops in parkbd

Greg Kroah-Hartman:
  o USB: handle NAK packets in input devices

Herbert Xu:
  o USB: Fix hiddev devfs oops

Hirokazu Takata:
  o m32r: fix syscall table
  o m32r: remove obsolete system calls

Ingo Molnar:
  o tailcall prevention in sys_wait4() and sys_waitid()

James Morris:
  o SELinux: fix bugs in mprotect hook

John L. Byrne:
  o fix oops in fork() cleanup path

John Rose:
  o PCI Hotplug: rpaphp safe list traversal

Lars Ellenberg:
  o uml: fix critical IP checksum corruption

Linus Torvalds:
  o Fix threaded user page write memory ordering
  o Take the whole PCI bus range into account when scanning PCI bridges

Nathan Lynch:
  o ppc64:  fix smp_startup_cpu for cpu hotplug

Nathan Scott:
  o [XFS] Fix up write_inode return type to use the right signedness
  o [XFS] Fix regression when running in laptop mode, causes hangs on
    sync

Nick Piggin:
  o ACPI: check parameter for NULL
  o kswapd lockup fix

Nicolas Pitre:
  o Fix MTD build error for Lubbock map driver
  o unbalanced locking in MTD Intel chip driver
  o Duh. _Really_ unbalanced locking in MTD Intel chip driver

Olaf Hering:
  o joydump needs gameport

Olaf Kirch:
  o auth_domain_lookup fix

Oliver Neukum:
  o security issue in firmware system

Paolo 'Blaisorblade' Giarrusso:
  o uml: don't declare cpu_online - fix compilation error
  o uml: fix wrong type for rb_entry call
  o uml: fix warning for unused var
  o uml: finish update for 2.6.8 API changes
  o uml: fix an "unused" warnings
  o uml: export more Symbols
  o uml: Set cflags before including arch Makefile
  o uml: force using /bin/bash for building
  o uml: no extraversion in arch/um/Makefile for mainline
  o uml: Single Linking Step for vmlinux
  o uml: make -j fix
  o uml: update makefile to new kbuild API names
  o uml: kbuild - add even more cleaning
  o uml: mark broken configs
  o uml: use always a separate io thread for UBD

Pavel Machek:
  o swsusp: fix x86-64 - do not use memory in copy loop

Randy Dunlap:
  o cyber2000: fix init/exit section confusion
  o intel_agp: dangling devexit reference

Sreenivas Bagalkote:
  o megaraid 2.20.4: fix a data corruption bug

Stephen D. Smalley:
  o SELinux: retain ptracer SID across fork

Tim Schmielau:
  o Fix reporting of process start times

Vojtech Pavlik:
  o USB: Fix oops in usblp driver

Yoshinori Sato:
  o H8/300 some error/warning fix


^ permalink raw reply	[flat|nested] 261+ messages in thread
* Re: Linux v2.6.9 and GPL Buyout
@ 2004-10-22 19:38 Jeff V. Merkey
  0 siblings, 0 replies; 261+ messages in thread
From: Jeff V. Merkey @ 2004-10-22 19:38 UTC (permalink / raw)
  To: linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: Re: Linux v2.6.9 and GPL Buyout --]
[-- Type: message/rfc822, Size: 2199 bytes --]

From: "Jeff V. Merkey" <jmerkey@drdos.com>
To: "Jeff V. Merkey" <jmerkey@drdos.com>
Cc: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>,  David Weinehall <tao@acc.umu.se>, Dax Kelson <dax@gurulabs.com>, Linus Torvalds <torvalds@osdl.org>,  Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Linux v2.6.9 and GPL Buyout
Date: Fri, 22 Oct 2004 13:37:28 -0600
Message-ID: <41796178.7010006@drdos.com>

Jeff V. Merkey wrote:

SCO Just sent over a list of contaminated files with a "bill of health" 
certification for Linux that if we remove the identified files
they will certify our Linux distribution as clean. They are also sending 
out some form of statement that we are
not affiliated with them, and that we are competitors of SCO since we 
use Linux. They claim the following and I have
a listing of files, lines numbers, etc. they told us we must remove in 
order for our Linux appliances to be considered
"clean." This info might be useful to others. They have a cert program 
to remove the areas.

Here it is. I can get the line numbers of the file and their names if 
anyone needs it, but the list is very big.

RCU
46 files
109,688 lines

NUMA
101 files
56,587 lines

JFS
44 files
32,224 lines

XFS
173 Files
119,130 lines

SMP
1,185 files
829,393 lines

Total files/lines they [allege] contains SCO source code
1,549 files
1,147,022 lines

If you guys want the specific line numbers and filenames, I will ask 
them to post the specific filenames/line numbers they claim
are theirs. They stated we can ship Linux with fear of being sued if we 
comply with their Linux Certification Program.




^ permalink raw reply	[flat|nested] 261+ messages in thread
* Re: Linux v2.6.9 and GPL Buyout
@ 2004-10-22 21:31 brian wheeler
  2004-10-22 21:27 ` Jeff V. Merkey
  0 siblings, 1 reply; 261+ messages in thread
From: brian wheeler @ 2004-10-22 21:31 UTC (permalink / raw)
  To: linux-kernel

I'd like to see the list (as well as knowing which kernel version the
list comes from) as would many others, I suspect.

Brian Wheeler
bdwheele@indiana.edu


---------------------
Jeff V. Merkey wrote:

SCO Just sent over a list of contaminated files with a "bill of health" 
certification for Linux that if we remove the identified files
they will certify our Linux distribution as clean. They are also sending 
out some form of statement that we are
not affiliated with them, and that we are competitors of SCO since we 
use Linux. They claim the following and I have
a listing of files, lines numbers, etc. they told us we must remove in 
order for our Linux appliances to be considered
"clean." This info might be useful to others. They have a cert program 
to remove the areas.

Here it is. I can get the line numbers of the file and their names if 
anyone needs it, but the list is very big.

RCU
46 files
109,688 lines

NUMA
101 files
56,587 lines

JFS
44 files
32,224 lines

XFS
173 Files
119,130 lines

SMP
1,185 files
829,393 lines

Total files/lines they [allege] contains SCO source code
1,549 files
1,147,022 lines

If you guys want the specific line numbers and filenames, I will ask 
them to post the specific filenames/line numbers they claim
are theirs. They stated we can ship Linux with fear of being sued if we 
comply with their Linux Certification Program.




^ permalink raw reply	[flat|nested] 261+ messages in thread
* Re: Linux v2.6.9 and GPL Buyout
@ 2004-10-24  8:45 Shawn Starr
  0 siblings, 0 replies; 261+ messages in thread
From: Shawn Starr @ 2004-10-24  8:45 UTC (permalink / raw)
  To: linux-kernel

Ok, enough Im sick of hearing this, we're NOT interested in your FUD. 

We don't need you or anyone else spreading FUD and SCOs (represented) view on 
here. 

We certainly don't need to listen to YOU spew your crap on here, it's 
OFF-TOPIC for one thing, and another don't troll here.

You've really irritated me at almost 5AM and I have better things to do then 
hear you blab about 'IP' crap.

</rant off>

Shawn.

no, i wont CC him directly.

> List:       linux-kernel
> Subject:    Re: Linux v2.6.9 and GPL Buyout
> From:       "Jeff V. Merkey" <jmerkey () drdos ! com>
> Date:       2004-10-24 5:11:25
> Message-ID: <417B397D.2070106 () drdos ! com>
> [Download message RAW]
> 
> Linus Torvalds wrote:
> 
> >Jeff,
> > can you plkease stop Cc'ing me on this thread?
> >
> >  
> >
> 
> Linus,
> 
> I never Cc'd you on this thread.  The person who added you somewhere way 
> back there was
> someone else.    Talk to them.  Beyond this response, I won't cc you 
> ever again.
> 
> >No, nobody I know (certainly not me) is willing to re-license Linux under 
> >anything else than the GPL. Quite frankly, I suspect you'll have an easier 
> >time just rewriting the whole thing.
> >  
> >
> I won't be "re-writing" anything.  I've written something different that 
> takes all the Linux device drivers,
> application layer, and a handful of file systems, and drops out most of 
> the core of Linux, and these
> drivers I suspect will get rewritten over time.  Since it's all open 
> source anyway, doesn't really matter.
> 
> 
> >And no, the only offer from SCO I'm interested in is a public apology from
> >Darl McSwine.  Their made-up stories about copyright ownership weren't
> >really that amusing a year ago, and now they're boring and stale.
> >
> >  
> >
> Linus, you took code from these companies without bothering to check if 
> there were any agreements
> that made certain they weren't contaminating Linux.  You have an 
> obligation under US Law if you
> are doing business in this country to perform due diligence and this 
> stuff.  Then rather than be reasonable
> and honorable about it, and say something like, " I have not verified 
> that associated intellectual property
> with this submission nor have I received a release of claims from the 
> contributor.  I have been informed
> that several companies have conflicting claims regarding ownership and I 
> have removed the code from
> the Linux Kernel and asked these vendors to maintain it as separate 
> patches until these claims are resolved.",
> you keep right on sending it out, hosting it on your servers, all the 
> while Linux Community members
> make statements that even if the code was someone else's "it's ours now 
> because it was GPL'd". 
> This flies in the face of every precept of contract law and intellectual 
> property law in the United States.
> 
> The facts are that there is some code which is the subject of a dispute 
> and you are distributing it, willfully,
> knowingly, and with malicious intent to keep it for yourself.  Whether 
> it's has their copyrights, or even
> their trade secrets doesn't bother you one bit.    I felt like Novell 
> should apologize to me after what
> happened with them, but in all the crap with Novell, I never took their 
> source code, and now that
> GrokSmear has posted the ruling everyone knows this as well. And guess 
> what, I was in the wrong. 
> I was doing exactly what you are doing.  Using lawyers and sophistry to 
> conceal taking their
> trade secrets and using them for myself, and I paid dearly for it.   You 
> will too, and so will a
> lot of other people who depend on you.
> 
> I don't think SCO has to apologize to you if you are not even willing to 
> take a mature, adult, responsible
> position regarding intellectual property, and even try to work with 
> these people.  You owe them an apology
> for running an IP laundry mat, cleverly disguised as a "freedom for all" 
> open source effort. 
> 
> This is not good leadership or responsible stewardship of the IP of 
> others.  No one can trust you
> if this is how you are going to operate, or trust that your effort is 
> free from contamination from
> others.  
> 
> >So please just remove me 
> >
> 
> You code has been removed.
> 
> from the cc, ok?
> 
> ok
> 
> Jeff
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> [prev in list] [next in list] [prev in thread] [next in thread] 

^ permalink raw reply	[flat|nested] 261+ messages in thread
* Re: Linux v2.6.9 and GPL Buyout
@ 2004-10-24 19:38 Xose Vazquez Perez
  0 siblings, 0 replies; 261+ messages in thread
From: Xose Vazquez Perez @ 2004-10-24 19:38 UTC (permalink / raw)
  To: linux-kernel; +Cc: David S. Miller, Matti Aarnio

enough,

Can this thread be closed and put @sco.com and @drdos.com
in the black list of linux-kernel ml ?

-thanks-



^ permalink raw reply	[flat|nested] 261+ messages in thread
* Linux-2.6.9 won't allow a write to a NTFS file-system.
@ 2004-11-04 16:01 linux-os
  2004-11-04 16:48 ` Giuseppe Bilotta
  0 siblings, 1 reply; 261+ messages in thread
From: linux-os @ 2004-11-04 16:01 UTC (permalink / raw)
  To: Linux kernel


Hello anybody maintaining NTFS,

I can't write to a NTFS file-system.

/proc/mounts shows it's mounted RW:
/dev/sdd1 /mnt ntfs rw,uid=0,gid=0,fmask=0177,dmask=077,nls=utf8,errors=continue,mft_zone_multiplier=1 0 0

.config shows RW support.

CONFIG_NTFS_FS=m
# CONFIG_NTFS_DEBUG is not set
CONFIG_NTFS_RW=y

Errno is 1 (Operation not permitted), even though root.


Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
  Notice : All mail here is now cached for review by John Ashcroft.
                  98.36% of all statistics are fiction.

^ permalink raw reply	[flat|nested] 261+ messages in thread
* What if?
@ 2004-12-02  0:04 Imanpreet Singh Arora
  2004-12-02  4:40 ` Theodore Ts'o
                   ` (3 more replies)
  0 siblings, 4 replies; 261+ messages in thread
From: Imanpreet Singh Arora @ 2004-12-02  0:04 UTC (permalink / raw)
  To: lkml - Kernel Mailing List


Hi All,
   
    Firstly I have read the FAQ. So though FAQ answers my question, it 
does so only partially.


    "What if Linux were to be implemented in C++?"


    I realize most of the unhappiness lies with C++ compilers being 
slow. Also the fact that a lot of Hackers around here are a lot more 
familiar with C, rather than C++. However other than that what are the  
_implementation_  issues that you hackers might need to consider if it 
were to be implemented in C++. My question is regarding how will kernel 
deal with C++ doing too much behind the back, Calling constructors, 
templates exceptions and other. What are the possible issues of such an 
approach while writing device drivers?  What sort of modifications do 
you reckon might be needed if such a move were to be made?




-- 
Imanpreet Singh Arora

Even if you are on the right track you are going to get runover if you just sit there.
	-- Will Rogers


^ permalink raw reply	[flat|nested] 261+ messages in thread
* [Coverity] Untrusted user data in kernel
@ 2004-12-17  1:33 Bryan Fulton
  2004-12-17  5:15   ` James Morris
  2005-01-05 12:04 ` Marcelo Tosatti
  0 siblings, 2 replies; 261+ messages in thread
From: Bryan Fulton @ 2004-12-17  1:33 UTC (permalink / raw)
  To: linux-kernel

Hi, recently we ran a security checker over linux and discovered some 
flaws in the Linux 2.6.9 kernel. I've inserted into this post a few
examples of what we found.  These functions copy in user data
(copy_from_user) and use it as an array index, loop bound or memory
function argument without proper bounds checking.  

This posting just involves bugs in /fs, /net and /drivers/net. There
will be more postings for similar flaws in the drivers, as well as
network exploitable bugs and bugs in system calls.  

Some can be viewed as minor as they might involve directly passing an
unsigned tainted scalar to kmalloc. I was under the impression that
kmalloc has an implicit bounds check as it returns null if attempting to
allocate >64kb (or at least it used to). Can someone confirm/disconfirm
that? 

Suggestions for other security properties to check are welcome.  We
appreciate your feedback as a method to improve and expand our
security checkers.

Thanks,
.:Bryan Fulton and Ted Unangst of Coverity, Inc.

Quick location summary:

/fs/coda/pioctl.c::coda_pioctl
/fs/xfs/linux-2.6/xfs_ioctl.c::xfs_attrmulti_by_handle
/net/ipv6/netfilter/ip6_tables.c::do_replace
/net/bridge/br_ioctl.c::old_deviceless
/net/rose/rose_route.c::rose_rt_ioctl
/drivers/net/wan/sdla.c::sdla_xfer

/////////////////////////////////////////////////////
// 1:  /fs/coda/pioctl.c::coda_pioctl              //
/////////////////////////////////////////////////////
- tainted scalars (signed shorts) data->vi.in_size and data->vi.out_size
are used to copy memory from and to user space
- neither are properly upper/lower bounds checked (in_size only
upper-bound checked, out_size only lower-bound checked)

Call to function "copy_from_user" TAINTS argument "data"

61    if (copy_from_user(&data, (void __user *)user_data, sizeof(data)))
{
62        return -EINVAL;
63    }
64             

...

TAINTED variable "(data).vi" was passed to a tainted sink.

90    error = venus_pioctl(inode->i_sb, &(cnp->c_fid), cmd, &data);
91      
92    path_release(&nd);
93    return error;
94 }
95      
96      


inside linux-2.6.9/fs/coda/upcall.c::venus_pioctl

Checked upper bounds of signed scalar "((data)->vi).in_size" 
                                 by "((data)->vi).in_size > 8192"

553    if (data->vi.in_size > VC_MAXDATASIZE) {
554        error = -EINVAL;
555        goto exit;
556    }
557

...

Assigned TAINTED variable "((data)->vi).in_size" to variable
"((inp)->coda_ioctl).len"

568    inp->coda_ioctl.len = data->vi.in_size;

...

TAINTED variable "((data)->vi).in_size" passed to tainted data sink
"copy_from_user"

572    if ( copy_from_user((char*)inp + (long)inp->coda_ioctl.data,
573                         data->vi.in, data->vi.in_size) ) {
574            error = -EINVAL;
575            goto exit;
576    }

... 

Checked lower bounds of signed scalar "((data)->vi).out_size" by 
                            "((outp)->coda_ioctl).len >
((data)->vi).out_size"

588             if (outp->coda_ioctl.len > data->vi.out_size) {
589                     error = -EINVAL;
590             } else {

TAINTED variable "((data)->vi).out_size" passed to tainted data sink
"copy_to_user"

591                     if (copy_to_user(data->vi.out, 
592                                      (char *)outp +
(long)outp->coda_ioctl.data, 
593                                      data->vi.out_size)) {
594                             error = -EFAULT;
595                             goto exit;
596                     }



////////////////////////////////////////////////////////////////////
// 2:  /fs/xfs/linux-2.6/xfs_ioctl.c::xfs_attrmulti_by_handle     //
////////////////////////////////////////////////////////////////////

- tainted unsigned scalar am_hreq.opcount multiplied and passed to
kmalloc (512) and copy_from_user (518), and used as a loop bounds (524)
- this is fairly minor as there is a capable() call before the
copy_from_user in xfs_vget_fsop_handlereq

Call to function "xfs_vget_fsop_handlereq" TAINTS argument "am_hreq"

504    error = xfs_vget_fsop_handlereq(mp, parinode, CAP_SYS_ADMIN, arg,
505                                   
sizeof(xfs_fsop_attrmulti_handlereq_t),
506                                    (xfs_fsop_handlereq_t *)&am_hreq,
507                                    &vp, &inode);
508    if (error)
509           return -error;
510     

Assign TAINTED variable "((am_hreq).opcount * 24)" to variable "size"

511    size = am_hreq.opcount * sizeof(attr_multiop_t);

TAINTED variable "size" was passed to a tainted sink.

512    ops = (xfs_attr_multiop_t *)kmalloc(size, GFP_KERNEL);

...

TAINTED variable "size" was passed to a tainted sink.

518    if (copy_from_user(ops, am_hreq.ops, size)) {
519           kfree(ops);
520           VN_RELE(vp);
521           return -XFS_ERROR(EFAULT);
522    }
523 

TAINTED variable "(am_hreq).opcount" used as a loop boundary

524    for (i = 0; i < am_hreq.opcount; i++) {



////////////////////////////////////////////////////////
// 3:   /net/ipv6/netfilter/ip6_tables.c::do_replace  //
////////////////////////////////////////////////////////
 
- tainted unsigned scalar tmp.num_counters multiplied and passed to
vmalloc (1161) and memset (1166) which could overflow or be too large

Call to function "copy_from_user" TAINTS argument "tmp"

1143            if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1144                    return -EFAULT;

...

TAINTED variable "((tmp).num_counters * 16)" was passed to a tainted
sink.

1161            counters = vmalloc(tmp.num_counters * sizeof(struct
ip6t_counters));
1162            if (!counters) {
1163                    ret = -ENOMEM;
1164                    goto free_newinfo;
1165            }

TAINTED variable "((tmp).num_counters * 16)" was passed to a tainted
sink.

1166            memset(counters, 0, tmp.num_counters * sizeof(struct
ip6t_counters));



//////////////////////////////////////////////////
// 4:  /net/bridge/br_ioctl.c::old_deviceless   //
//////////////////////////////////////////////////

- tainted unsigned scalar args[2] multiplied and passed to kmalloc (327)
and memset (331) which could overflow
- same scalar then used as a boundary to array index to the alloc'd
memory (inside get_bridge_ifindices)

Call to function "copy_from_user" TAINTS argument "args"

315             if (copy_from_user(args, uarg, sizeof(args)))
316                     return -EFAULT;
317     
317     
318             switch (args[0]) {
319 

...

TAINTED variable "(args[2] * 4)" was passed to a tainted sink.

327                     indices = kmalloc(args[2]*sizeof(int),
GFP_KERNEL);

...

TAINTED variable "(args[2] * 4)" was passed to a tainted sink.

331                     memset(indices, 0, args[2]*sizeof(int));
332                     args[2] = get_bridge_ifindices(indices,
args[2]);
333     

inside /net/bridge/br_ioctl.c::get_bridge_ifindices

24      static int get_bridge_ifindices(int *indices, int num)
25      {
26              struct net_device *dev;
27              int i = 0;
28      
29              for (dev = dev_base; dev && i < num; dev = dev->next) {
30                      if (dev->priv_flags & IFF_EBRIDGE) 
31                              indices[i++] = dev->ifindex;
32              }
33      
34              return i;
35      }



////////////////////////////////////////////////// 
// 5:   /net/rose/rose_route.c::rose_rt_ioctl   //
//////////////////////////////////////////////////

- tainted scalar (unsigned char) rose_route->ndigis used as a loop
boundary (122) for indexing into rose_neigh->digipeat->calls[] of
8 structs

Call to function "copy_from_user" TAINTS argument "rose_route"

720                     if (copy_from_user(&rose_route, arg,
sizeof(struct
rose_route_struct)))
721                             return -EFAULT;

...mem.len

TAINTED variable "(rose_route).ndigis" was passed to a tainted sink.
[model]

731                     err = rose_add_node(&rose_route, dev);

inside /net/rose/rose_route.c::rose_add_node

112                     if (rose_route->ndigis != 0) {
...

Tainted variable "(rose_route)->ndigis" used as a loop boundary

122                             for (i = 0; i < rose_route->ndigis; i++)
{
123                                     rose_neigh->digipeat->calls[i]    =
124                                             rose_route->digipeaters[i];
125                                     rose_neigh->digipeat->repeated[i] = 0;
126                             }



//////////////////////////////////////////////
// 6:   /drivers/net/wan/sdla.c::sdla_xfer  //
//////////////////////////////////////////////

- tainted signed scalar mem.len passed to kmalloc and memset (1206 and
1211, or 1220 and 1223). Possibly minor because of kmalloc's
implicit size check

Call to function "copy_from_user" TAINTS argument "mem"

1201            if(copy_from_user(&mem, info, sizeof(mem)))

...

TAINTED variable "(mem).len" was passed to a tainted sink.

1206                    temp = kmalloc(mem.len, GFP_KERNEL);

...

TAINTED variable "(mem).len" was passed to a tainted sink.

1209                    memset(temp, 0, mem.len);
1210                    sdla_read(dev, mem.addr, temp, mem.len);

TAINTED variable "(mem).len" was passed to a tainted sink.

1211                    if(copy_to_user(mem.data, temp, mem.len))

...

TAINTED variable "(mem).len" was passed to a tainted sink.

1220                    temp = kmalloc(mem.len, GFP_KERNEL);
1221                    if (!temp)
1222                            return(-ENOMEM);

TAINTED variable "(mem).len" was passed to a tainted sink.

1223                    if(copy_from_user(temp, mem.data, mem.len))
1224                    {


-- 
Bryan J Fulton
Coverity, Inc.

Email: bryan@coverity.com



^ permalink raw reply	[flat|nested] 261+ messages in thread

end of thread, other threads:[~2005-01-07 21:57 UTC | newest]

Thread overview: 261+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-10-18 22:45 Linux v2.6.9 Linus Torvalds
2004-10-18 23:27 ` Thomas Zehetbauer
2004-10-19  2:54 ` Eric W. Biederman
2004-10-19 16:55   ` Jesper Juhl
2004-10-19 14:36 ` Linux v2.6.9... (compile stats) John Cherry
2004-10-19 16:18   ` Matthew Dharm
2004-10-19 16:49     ` viro
2004-10-19 21:37     ` John Cherry
2004-10-20 22:11     ` John Cherry
2004-10-20 22:41       ` viro
2004-10-21  0:12         ` Linus Torvalds
2004-10-21  0:29           ` Jeff Garzik
2004-10-21  0:44             ` viro
2004-10-21  1:55             ` viro
2004-10-21  1:59               ` Jeff Garzik
2004-10-21  2:24                 ` viro
2004-10-21  2:37                   ` Jeff Garzik
2004-10-21  4:35                     ` viro
2004-10-21  8:57                       ` Jeff Garzik
2004-10-20 22:50       ` Dave Jones
2004-10-19 17:38 ` Linux v2.6.9 and GPL Buyout Jeff V. Merkey
2004-10-19 19:13   ` Russell King
2004-10-19 19:04     ` Jeff V. Merkey
2004-10-19 19:24   ` Kurt Wall
2004-10-19 19:12     ` Jeff V. Merkey
2004-10-19 20:01     ` Richard B. Johnson
2004-10-19 20:39       ` Matt Mackall
2004-10-20  0:06         ` Richard B. Johnson
2004-10-20  5:21           ` Matt Mackall
2004-10-19 19:28   ` Andre Hedrick
2004-10-19 19:10     ` Jeff V. Merkey
2004-10-19 19:30   ` Rik van Riel
2004-10-19 19:05     ` Jeff V. Merkey
2004-10-19 20:14       ` Diego Calleja
2004-10-19 19:41         ` Jeff V. Merkey
2004-10-20  8:27           ` Bernd Petrovitsch
2004-10-20  8:45             ` Jens Axboe
2004-10-19 19:47         ` Jeff V. Merkey
2004-10-19 20:05     ` Richard B. Johnson
2004-10-19 19:38       ` Jeff V. Merkey
2004-10-19 20:30         ` Thomas Gleixner
2004-10-19 20:15           ` Jeff V. Merkey
2004-10-22 23:22           ` Tonnerre
2004-10-19 19:45   ` Ross Biro
2004-10-19 19:36     ` Jeff V. Merkey
2004-10-19 19:54   ` David Johnson
2004-10-19 19:55   ` viro
2004-10-19 19:25     ` Jeff V. Merkey
2004-10-19 20:38   ` Dax Kelson
2004-10-19 20:09     ` Jeff V. Merkey
2004-10-19 22:16       ` Jim Nelson
2004-10-19 22:57         ` Bernd Petrovitsch
2004-10-19 22:27       ` Scott Robert Ladd
2004-10-20 19:41         ` Bill Davidsen
2004-10-20  1:15       ` Horst von Brand
2004-10-20  1:16       ` Bastiaan Spandaw
2004-10-20 19:35         ` Bill Davidsen
2004-10-20  3:45       ` Ryan Anderson
2004-10-20  4:18         ` Lee Revell
2004-10-20  4:41           ` Lee Revell
2004-10-20 11:49             ` Richard B. Johnson
2004-10-29 12:12               ` Semaphore assembly-code bug linux-os
2004-10-29 14:46                 ` Linus Torvalds
2004-10-29 15:11                   ` Andi Kleen
2004-10-29 18:18                     ` Linus Torvalds
2004-10-29 18:35                       ` Richard Henderson
2004-10-29 16:06                   ` Andreas Steinmetz
2004-10-29 17:08                     ` linux-os
2004-10-29 18:06                       ` Linus Torvalds
2004-10-29 18:39                         ` linux-os
2004-10-29 19:12                           ` Linus Torvalds
2004-11-01  1:31                             ` linux-os
2004-11-01  5:49                               ` Linus Torvalds
2004-11-01 20:23                               ` dean gaudet
2004-11-01 20:52                                 ` linux-os
2004-11-01 21:23                                   ` dean gaudet
2004-11-01 22:22                                     ` linux-os
2004-11-01 21:40                                   ` Linus Torvalds
2004-11-01 21:46                                     ` Linus Torvalds
2004-11-02 15:02                                       ` linux-os
2004-11-02 16:02                                         ` Linus Torvalds
2004-11-02 16:06                                           ` Linus Torvalds
2004-11-02 16:51                                             ` linux-os
2004-11-01 22:16                                     ` linux-os
2004-11-01 22:26                                       ` Linus Torvalds
2004-11-01 23:14                                         ` linux-os
2004-11-01 23:42                                           ` Linus Torvalds
2004-11-03  1:52                                       ` Horst von Brand
2004-11-03 21:24                                       ` Bill Davidsen
2004-11-02  6:37                                     ` Chris Friesen
2004-10-29 18:58                         ` Andreas Steinmetz
2004-10-29 19:15                           ` Linus Torvalds
2004-10-29 19:40                             ` Andreas Steinmetz
2004-10-29 19:56                               ` Linus Torvalds
2004-10-29 22:07                                 ` Jeff Garzik
2004-10-29 23:50                               ` dean gaudet
2004-10-30  0:15                                 ` Linus Torvalds
2004-10-29 23:37                         ` dean gaudet
2004-10-29 17:22                   ` linux-os
2004-10-29 17:55                     ` Richard Henderson
2004-10-29 18:17                       ` linux-os
2004-10-29 18:42                         ` Linus Torvalds
2004-10-29 18:54                           ` Linus Torvalds
2004-10-30  3:35                           ` Jeff Garzik
2004-10-29 19:20                     ` Linus Torvalds
2004-10-29 19:26                       ` Linus Torvalds
2004-10-29 21:03                       ` Linus Torvalds
2004-10-29 17:57                   ` Richard Henderson
2004-10-29 18:37                   ` Gabriel Paubert
2004-10-20  5:58           ` Linux v2.6.9 and GPL Buyout John Alvord
2004-10-20 14:42           ` Martin Waitz
2004-10-21 23:59       ` Kelledin
2004-10-22  8:46       ` Bernd Petrovitsch
2004-10-22  9:07       ` David Weinehall
2004-10-22 16:15         ` Jeff V. Merkey
2004-10-22 17:52           ` Al Viro
2004-10-22 17:22             ` Jeff V. Merkey
2004-10-22 19:37               ` Jeff V. Merkey
2004-10-22 20:46                 ` Grahame White
2004-10-22 20:58                 ` Buddy Lucas
2004-10-22 21:00                 ` Richard B. Johnson
2004-10-22 21:03                 ` Thomas Gleixner
2004-10-23 12:33                 ` Bernd Petrovitsch
2004-10-24 14:15                 ` Kai Henningsen
2004-10-27  1:45                 ` Horst von Brand
2004-10-24 11:00           ` Matthias Andree
2004-10-24 14:13           ` Kai Henningsen
2004-10-25 18:44             ` Bill Davidsen
2004-10-20 19:46     ` Bill Davidsen
2004-10-19 21:02   ` Pekka Pietikainen
2004-10-19 20:27     ` Jeff V. Merkey
2004-10-22  6:54       ` Erik Andersen
2004-10-22 16:12         ` Jeff V. Merkey
2004-10-19 21:17     ` Paul Fulghum
2004-10-20 20:41     ` Geert Uytterhoeven
2004-10-23 13:43       ` James Bruce
2004-10-19 21:26   ` Ramón Rey Vicente
2004-10-19 22:52   ` Buddy Lucas
2004-10-20 23:43   ` Eric Bambach
2004-10-20 23:48     ` Eric Bambach
2004-10-20 23:59     ` Hua Zhong
2004-10-21  0:13     ` Russell Miller
2004-10-21  0:18       ` Adam Heath
2004-10-21 10:16       ` Horst von Brand
2004-10-22  8:48   ` Ingo Molnar
2004-10-22 16:15     ` Jeff V. Merkey
2004-10-23  0:14   ` Jon Masters
2004-10-22 23:46     ` Jeff V. Merkey
2004-10-23  0:57       ` Jon Masters
2004-10-23  4:42         ` Jeff V. Merkey
2004-10-23  6:32           ` Nick Piggin
     [not found]             ` <20041023064538.GA7866@galt.devicelogics.com>
2004-10-23  7:20               ` Jeff V. Merkey
2004-10-23 10:11           ` Gene Heskett
2004-10-23 16:28           ` Linus Torvalds
2004-10-24  2:48             ` Jesper Juhl
2004-10-24  5:11             ` Jeff V. Merkey
2004-10-24 11:14               ` Jon Masters
2004-10-24 11:50               ` Jim Nelson
2004-10-24 15:35               ` Ingo Molnar
2004-10-24 15:53               ` Bernd Petrovitsch
2004-10-31 23:14               ` Jan 'JaSan' Sarenik
2004-10-24  2:11           ` Buddy Lucas
2004-10-23  0:38     ` Lee Revell
2004-10-23  0:07       ` Jeff V. Merkey
2004-10-23  1:06         ` Lee Revell
2004-10-21  2:41 ` Linux v2.6.9 (Strange tty problem?) Paul
2004-10-21  9:07   ` Alan Cox
2004-10-21 12:39     ` Russell King
2004-10-21 13:20     ` Paul Fulghum
2004-10-21 15:37       ` Alan Cox
2004-10-21 17:00         ` Paul Fulghum
2004-10-21 15:47       ` Paul Fulghum
2004-10-21 18:12     ` Paul Fulghum
2004-10-31 21:11 ` Linux v2.6.9 dies when starting X on radeon 9200 SE PCI Helge Hafting
2004-10-22 19:38 Linux v2.6.9 and GPL Buyout Jeff V. Merkey
2004-10-22 21:31 brian wheeler
2004-10-22 21:27 ` Jeff V. Merkey
2004-10-22 23:03   ` Jon Masters
2004-10-22 22:58     ` Jeff V. Merkey
2004-10-22 23:27       ` Jeff V. Merkey
2004-10-23 13:30         ` Denis Vlasenko
2004-10-24 11:10         ` Matthias Andree
2004-10-23  0:24       ` David Schwartz
2004-10-23  0:48         ` Jon Masters
2004-10-23  0:30       ` Jon Masters
2004-10-23  0:02         ` Jeff V. Merkey
2004-10-23  1:18           ` Diego Calleja
2004-10-23  8:43       ` Thomas Gleixner
2004-10-23 16:13         ` Giuseppe Bilotta
2004-10-23 12:59   ` Bernd Petrovitsch
2004-10-24 11:04   ` Matthias Andree
2004-10-24  8:45 Shawn Starr
2004-10-24 19:38 Xose Vazquez Perez
2004-11-04 16:01 Linux-2.6.9 won't allow a write to a NTFS file-system linux-os
2004-11-04 16:48 ` Giuseppe Bilotta
2004-11-04 17:09   ` linux-os
2004-11-04 17:40     ` Giuseppe Bilotta
2004-11-04 17:46     ` Mathieu Segaud
2004-11-04 22:17     ` Anton Altaparmakov
2004-11-04 22:18       ` Anton Altaparmakov
2004-11-04 22:38       ` linux-os
2004-11-05 14:43         ` Rahul Karnik
2004-11-05  1:46     ` Horst von Brand
2004-11-05 12:41       ` linux-os
2004-12-02  0:04 What if? Imanpreet Singh Arora
2004-12-02  4:40 ` Theodore Ts'o
2004-12-02  6:39   ` Norbert van Nobelen
2004-12-02  8:24   ` James Bruce
2004-12-02 20:25     ` Theodore Ts'o
2004-12-03  2:23       ` David Schwartz
2004-12-02  8:33   ` J.A. Magallon
2004-12-02 10:46     ` Bernd Petrovitsch
2004-12-02 10:56       ` Pawel Sikora
2004-12-13 15:23       ` H. Peter Anvin
2004-12-13 21:08         ` J.A. Magallon
2004-12-16  0:57           ` Alan Cox
2004-12-16  2:44             ` H. Peter Anvin
2004-12-16 13:23               ` Alan Cox
2004-12-16 15:23                 ` Geert Uytterhoeven
2004-12-16 20:37                 ` H. Peter Anvin
2004-12-16 20:52                   ` Jan Engelhardt
2004-12-16 20:56                     ` H. Peter Anvin
2004-12-16 21:08                       ` Jan Engelhardt
2004-12-02 10:25 ` Jan Engelhardt
2004-12-05  0:23   ` Horst von Brand
2004-12-05  6:21     ` Kyle Moffett
2004-12-05 22:43       ` Horst von Brand
2004-12-06 17:27         ` linux-os
2004-12-06 18:52           ` Horst von Brand
2004-12-02 10:53 ` Bernd Petrovitsch
2004-12-11  8:52 ` Gábor Lénárt
2004-12-17  1:33 [Coverity] Untrusted user data in kernel Bryan Fulton
2004-12-17  5:15 ` James Morris
2004-12-17  5:15   ` James Morris
2004-12-17  5:25   ` Patrick McHardy
2004-12-17  6:45     ` James Morris
2004-12-17  6:45       ` James Morris
2004-12-17 13:18       ` Tomas Carnecky
2004-12-17 19:16         ` David S. Miller
2004-12-17 19:16           ` David S. Miller
2004-12-17 19:34           ` Tomas Carnecky
2004-12-17 19:30             ` David S. Miller
2004-12-17 19:30               ` David S. Miller
2004-12-17 15:47       ` Bill Davidsen
2004-12-17 16:11         ` linux-os
2004-12-17 16:31           ` Oliver Neukum
2004-12-17 18:37           ` Bill Davidsen
2004-12-17 19:18           ` Tomas Carnecky
2004-12-17 19:30             ` Oliver Neukum
2004-12-17 19:39               ` Tomas Carnecky
2004-12-18  1:42           ` Horst von Brand
2004-12-17 15:10   ` Pavel Machek
2004-12-17 15:38     ` James Morris
2005-01-05 12:04 ` Marcelo Tosatti
2005-01-05 15:09   ` Jan Harkes
2005-01-05 23:17   ` Nathan Scott
     [not found]   ` <20050105161653.GF13455@fi.muni.cz>
     [not found]     ` <20050105140549.GA14622@logos.cnet>
2005-01-06  9:18       ` Jan Kasprzak
2005-01-06 14:48         ` Paulo Marques
2005-01-06 16:29         ` Alan Cox
2005-01-07 21:49   ` [PATCH 2.4.29-pre3-bk4] fs/coda " Jan Harkes
2005-01-07 21:54   ` [PATCH 2.6.10-mm2] " Jan Harkes

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.