redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
Fork of alistair23 Linux kernel for reMarkable from https://github.com/alistair23/linux
707,361 Commits
15 Branches
0 Tags
3.4 GiB
C 97.7%
Assembly 1.4%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Other 0.1%
 
 
 
 
 
 
Go to file
Hans de Goede 845d584f41 USB: devio: Revert "USB: devio: Don't corrupt user memory" 
Taking the uurb->buffer_length userspace passes in as a maximum for the
actual urbs transfer_buffer_length causes 2 serious issues:

1) It breaks isochronous support for all userspace apps using libusb,
   as existing libusb versions pass in 0 for uurb->buffer_length,
   relying on the kernel using the lenghts of the usbdevfs_iso_packet_desc
   descriptors passed in added together as buffer length.

   This for example causes redirection of USB audio and Webcam's into
   virtual machines using qemu-kvm to no longer work. This is a userspace
   ABI break and as such must be reverted.

   Note that the original commit does not protect other users / the
   kernels memory, it only stops the userspace process making the call
   from shooting itself in the foot.

2) It may cause the kernel to program host controllers to DMA over random
   memory. Just as the devio code used to only look at the iso_packet_desc
   lenghts, the host drivers do the same, relying on the submitter of the
   urbs to make sure the entire buffer is large enough and not checking
   transfer_buffer_length.

   But the "USB: devio: Don't corrupt user memory" commit now takes the
   userspace provided uurb->buffer_length for the buffer-size while copying
   over the user-provided iso_packet_desc lengths 1:1, allowing the user
   to specify a small buffer size while programming the host controller to
   dma a lot more data.

   (Atleast the ohci, uhci, xhci and fhci drivers do not check
    transfer_buffer_length for isoc transfers.)

This reverts commit fa1ed74eb1 ("USB: devio: Don't corrupt user memory")
fixing both these issues.

Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2017-10-17 10:53:20 +02:00
Documentation mm, swap: use page-cluster as max window of VMA based swap readahead 2017-10-13 16:18:33 -07:00
arch Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-10-14 15:26:38 -04:00
block bio_copy_user_iov(): don't ignore ->iov_offset 2017-10-10 23:55:14 -04:00
certs modsign: add markers to endif-statements in certs/Makefile 2017-07-14 11:01:37 +10:00
crypto crypto: shash - Fix zero-length shash ahash digest crash 2017-10-11 00:34:07 +08:00
drivers USB: devio: Revert "USB: devio: Don't corrupt user memory" 2017-10-17 10:53:20 +02:00
firmware firmware: Restore support for built-in firmware 2017-09-16 10:58:48 -07:00
fs fs/binfmt_misc.c: node could be NULL when evicting inode 2017-10-13 16:18:33 -07:00
include Char/Misc driver fixes for 4.14-rc5 2017-10-15 07:50:38 -04:00
init Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-09-14 18:54:01 -07:00
ipc fix a typo in put_compat_shm_info() 2017-09-25 20:41:46 -04:00
kernel Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-10-14 15:20:38 -04:00
lib Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-10-14 15:14:20 -04:00
mm mm, swap: use page-cluster as max window of VMA based swap readahead 2017-10-13 16:18:33 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-09 16:25:00 -07:00
samples media updates for v4.14-rc1 2017-09-07 12:53:14 -07:00
scripts scripts/kallsyms.c: ignore symbol type 'n' 2017-10-13 16:18:32 -07:00
security lsm: fix smack_inode_removexattr and xattr_getsecurity memleak 2017-10-04 18:03:15 +11:00
sound ALSA: caiaq: Fix stray URB at probe error path 2017-10-11 17:01:18 +02:00
tools Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-10-14 15:16:49 -04:00
usr ramfs: clarify help text that compression applies to ramfs as well as legacy ramdisk. 2017-07-06 16:24:30 -07:00
virt Revert "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD" 2017-09-19 08:37:17 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Add hch to .get_maintainer.ignore 2015-08-21 14:30:10 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support to generate LLVM assembly files 2017-04-25 08:13:52 +09:00
.mailmap Update James Hogan's email address 2017-10-04 17:11:53 -07:00
COPYING
CREDITS selinux/stable-4.14 PR 20170831 2017-09-12 13:21:00 -07:00
Kbuild kbuild: Consolidate header generation from ASM offset information 2017-04-13 05:43:37 +09:00
Kconfig kbuild: migrate all arch to the kconfig mainmenu upgrade 2010-09-19 22:54:11 -04:00
MAINTAINERS Another latent bug related to PCID, an out-of-bounds access, 2017-10-12 10:42:03 -07:00
Makefile Linux 4.14-rc5 2017-10-15 21:01:12 -04:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.