linux/drivers/s390/cio
Sebastian Ott 878c495644 [S390] cio: fix potential overflow in chpid descriptor
The length filed in the chsc response block (if valid)
has a value of n*(sizeof(chp_desc))+8 (for the response
block header). When we memcopied from the response block
to the actual descriptor we copied 8 bytes too much.
The bug was not revealed since the descriptor is embedded
in struct channel_path.
Since we only write one descriptor at a time ignore the
length value and use sizeof(*desc).

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2010-07-19 09:22:50 +02:00
..
airq.c [S390] cio: airq - fix array boundary 2009-03-26 15:24:14 +01:00
blacklist.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
blacklist.h [PATCH] s390: multiple subchannel sets support 2006-01-06 08:33:52 -08:00
ccwgroup.c [S390] ccwgroup: add locking around drvdata access 2010-05-26 23:27:09 +02:00
ccwreq.c [S390] cio: unit check handling during internal I/O 2010-05-26 23:27:09 +02:00
chp.c sysfs: add struct file* to bin_attr callbacks 2010-05-21 09:37:31 -07:00
chp.h [S390] cio: Repair chpid event handling. 2008-07-14 10:02:11 +02:00
chsc_sch.c [S390] avoid default_llseek in s390 drivers 2010-05-17 10:00:16 +02:00
chsc_sch.h [S390] cio: Add chsc subchannel driver. 2008-07-14 10:02:12 +02:00
chsc.c [S390] cio: fix potential overflow in chpid descriptor 2010-07-19 09:22:50 +02:00
chsc.h [S390] cio: move scsw helper functions to header file 2009-09-11 10:29:36 +02:00
cio_debug.h [S390] cio: Remove cio_msg kernel parameter. 2008-05-07 09:23:01 +02:00
cio.c [S390] idle time accounting vs. machine checks 2010-05-17 10:00:15 +02:00
cio.h [S390] cio: introduce subchannel todos 2009-12-07 12:51:30 +01:00
cmf.c tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
crw.c [S390] cio: wait for channel report 2010-02-26 22:37:29 +01:00
css.c [S390] avoid default_llseek in s390 drivers 2010-05-17 10:00:16 +02:00
css.h [S390] cio: trigger subchannel event at resume time 2010-02-26 22:37:30 +01:00
device_fsm.c [S390] cio: use exception-save stsch 2010-04-22 17:17:19 +02:00
device_id.c [S390] cio: improve error recovery for internal I/Os 2009-12-07 12:51:33 +01:00
device_ops.c [S390] cio: make steal lock procedure more robust 2009-12-07 12:51:32 +01:00
device_pgid.c [S390] cio: fix channel path vary 2009-12-18 17:43:32 +01:00
device_status.c [S390] cio: remove intretry flag 2009-12-07 12:51:31 +01:00
device.c [S390] cio: fix init_count in case of recognition after steal lock 2010-03-08 12:25:30 +01:00
device.h [S390] ccw_device_notify: improve return codes 2010-02-26 22:37:29 +01:00
fcx.c [S390] drivers: Correct size given to memset 2009-12-18 17:43:32 +01:00
idset.c [S390] cio: introduce consistent subchannel scanning 2009-09-22 22:58:42 +02:00
idset.h [S390] cio: introduce consistent subchannel scanning 2009-09-22 22:58:42 +02:00
io_sch.h [S390] cio: fix channel path vary 2009-12-18 17:43:32 +01:00
ioasm.h [S390] cio: remove stsch 2010-05-26 23:27:09 +02:00
isc.c [S390] cio: introduce isc_(un)register functions. 2008-07-14 10:02:11 +02:00
itcw.c [S390] appldata/extmem/kvm: add missing GFP_KERNEL flag 2010-06-08 18:58:23 +02:00
Makefile [S390] qdio: convert global statistics to per-device stats 2010-01-04 09:05:58 +01:00
qdio_debug.c [S390] remove unused qdio flags in zfcp and qeth 2010-03-08 12:25:30 +01:00
qdio_debug.h [S390] qdio: rework debug feature logging 2008-12-25 13:38:59 +01:00
qdio_main.c [S390] qdio: remove API wrappers 2010-05-17 10:00:17 +02:00
qdio_setup.c [S390] qdio: remove memset hack 2010-05-17 10:00:17 +02:00
qdio_thinint.c [S390] qdio: set correct bit in dsci 2010-05-17 10:00:17 +02:00
qdio.h [S390] qdio: dont convert timestamps to microseconds 2010-05-17 10:00:17 +02:00