Go to file
Andy Whitcroft 65eea8edc3 floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
The final field of a floppy_struct is the field "name", which is a pointer
to a string in kernel memory.  The kernel pointer should not be copied to
user memory.  The FDGETPRM ioctl copies a floppy_struct to user memory,
including this "name" field.  This pointer cannot be used by the user
and it will leak a kernel address to user-space, which will reveal the
location of kernel code and data and undermine KASLR protection.

Model this code after the compat ioctl which copies the returned data
to a previously cleared temporary structure on the stack (excluding the
name pointer) and copy out to userspace from there.  As we already have
an inparam union with an appropriate member and that memory is already
cleared even for read only calls make use of that as a temporary store.

Based on an initial patch by Brian Belleville.

CVE-2018-7755
Signed-off-by: Andy Whitcroft <apw@canonical.com>

Broke up long line.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-09-20 09:09:48 -06:00
arch IOMMU Update for Linux v4.19 2018-08-24 13:10:38 -07:00
block blk-cgroup: increase number of supported policies 2018-09-11 10:59:53 -06:00
certs Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
crypto DMAengine updates for v4.19-rc1 2018-08-18 15:55:59 -07:00
Documentation Merge branch 'stable/for-jens-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen into for-linus 2018-08-27 11:27:32 -06:00
drivers floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl 2018-09-20 09:09:48 -06:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs This pull request contains a single fix for UBIFS: 2018-08-25 13:27:35 -07:00
include blk-cgroup: increase number of supported policies 2018-09-11 10:59:53 -06:00
init Merge branch 'akpm' (patches from Andrew) 2018-08-22 12:34:08 -07:00
ipc ipc/util.c: update return value of ipc_getref from int to bool 2018-08-22 10:52:52 -07:00
kernel Merge branch 'for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2018-08-24 13:19:27 -07:00
lib lib/fonts: convert comments to utf-8 2018-08-23 18:48:43 -07:00
LICENSES LICENSES: Add Linux-OpenIB license text 2018-04-27 16:41:53 -06:00
mm blkcg: delay blkg destruction until after writeback has finished 2018-08-31 14:48:56 -06:00
net Merge branch 'akpm' (patches from Andrew) 2018-08-23 19:20:12 -07:00
samples samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM 2018-08-16 21:55:32 +02:00
scripts treewide: correct "differenciate" and "instanciate" typos 2018-08-23 18:48:43 -07:00
security + Cleanups 2018-08-24 13:00:33 -07:00
sound Merge branch 'akpm' (patches from Andrew) 2018-08-23 19:20:12 -07:00
tools treewide: convert ISO_8859-1 text comments to utf-8 2018-08-23 18:48:43 -07:00
usr kbuild: rename built-in.o to built-in.a 2018-03-26 02:01:19 +09:00
virt ARM: Support for Group0 interrupts in guests, Cache management 2018-08-22 13:52:44 -07:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap Merge branch 'linus/master' into rdma.git for-next 2018-08-16 14:21:29 -06:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS libata: maintainership update 2018-08-25 12:35:45 -07:00
Makefile Updates for v4.19: 2018-08-20 18:32:00 -07:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.