original_kernel/drivers/s390/cio
Sebastian Ott 878c495644 [S390] cio: fix potential overflow in chpid descriptor
The length filed in the chsc response block (if valid)
has a value of n*(sizeof(chp_desc))+8 (for the response
block header). When we memcopied from the response block
to the actual descriptor we copied 8 bytes too much.
The bug was not revealed since the descriptor is embedded
in struct channel_path.
Since we only write one descriptor at a time ignore the
length value and use sizeof(*desc).

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2010-07-19 09:22:50 +02:00
..
Makefile
airq.c
blacklist.c
blacklist.h
ccwgroup.c
ccwreq.c
chp.c
chp.h
chsc.c [S390] cio: fix potential overflow in chpid descriptor 2010-07-19 09:22:50 +02:00
chsc.h
chsc_sch.c
chsc_sch.h
cio.c
cio.h
cio_debug.h
cmf.c
crw.c
css.c
css.h
device.c
device.h
device_fsm.c
device_id.c
device_ops.c
device_pgid.c
device_status.c
fcx.c
idset.c
idset.h
io_sch.h
ioasm.h
isc.c
itcw.c
qdio.h
qdio_debug.c
qdio_debug.h
qdio_main.c
qdio_setup.c
qdio_thinint.c