android_kernel_xiaomi_sm8350/lib
Don Mullis f015ac3edd lib/list_sort: do not pass bad pointers to cmp callback
If the original list is a POT in length, the first callback from line 73
will pass a==b both pointing to the original list_head.  This is dangerous
because the 'list_sort()' user can use 'container_of()' and accesses the
"containing" object, which does not necessary exist for the list head.  So
the user can access RAM which does not belong to him.  If this is a write
access, we can end up with memory corruption.

Signed-off-by: Don Mullis <don.mullis@gmail.com>
Tested-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-10-01 10:50:58 -07:00
..
lzo
raid6 Move .gitignore from drivers/md to lib/raid6 2010-08-30 17:35:52 +10:00
reed_solomon
zlib_deflate
zlib_inflate
.gitignore
argv_split.c
atomic64_test.c ARM: 6213/1: atomic64_test: add ARM as supported architecture 2010-07-27 10:43:46 +01:00
atomic64.c
audit.c
bcd.c
bitmap.c
bitrev.c
btree.c
bug.c lib/bug.c: add oops end marker to WARN implementation 2010-08-11 08:59:22 -07:00
bust_spinlocks.c
check_signature.c
checksum.c
cmdline.c
cpu-notifier-error-inject.c
cpumask.c
crc7.c
crc16.c
crc32.c
crc32defs.h
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
ctype.c
debug_locks.c
debugobjects.c
dec_and_lock.c
decompress_bunzip2.c lib/decompress_bunzip2.c: fix checkstack warning 2010-08-11 08:59:23 -07:00
decompress_inflate.c
decompress_unlzma.c
decompress_unlzo.c
decompress.c
devres.c lib/devres.c: fix comment typo 2010-07-11 22:16:32 +02:00
div64.c
dma-debug.c
dump_stack.c
dynamic_debug.c module: initialize module dynamic debug later 2010-07-04 20:17:22 -07:00
extable.c
fault-inject.c
find_last_bit.c
find_next_bit.c
flex_array.c flex_array: add helpers to get and put to make pointers easy to use 2010-08-09 20:45:09 -07:00
gcd.c
gen_crc32table.c
genalloc.c genalloc: fix allocation from end of pool 2010-06-29 15:29:30 -07:00
halfmd4.c
hexdump.c
hweight.c
idr.c idr: fix RCU lockdep splat in idr_get_next() 2010-06-23 06:50:45 -07:00
inflate.c MN10300: Don't try and #include <linux/slab.h> in lib/inflate.c from bootloader 2010-08-12 09:51:35 -07:00
int_sqrt.c
iomap_copy.c
iomap.c
iommu-helper.c iommu: inline iommu_num_pages 2010-08-09 20:45:05 -07:00
ioremap.c x86, ioremap: Fix incorrect physical address handling in PAE mode 2010-07-09 11:42:03 -07:00
irq_regs.c
is_single_threaded.c
kasprintf.c
Kconfig Merge branch 'async' of macbook:git/btrfs-unstable 2010-08-09 10:36:44 +01:00
Kconfig.debug latencytop: Fix kconfig dependency warnings 2010-08-17 09:09:03 +02:00
Kconfig.kgdb
Kconfig.kmemcheck
kernel_lock.c
klist.c
kobject_uevent.c kobject_uevent: fix typo in comments 2010-08-23 18:12:46 -07:00
kobject.c
kref.c
lcm.c
libcrc32c.c
list_debug.c list debugging: warn when deleting a deleted entry 2010-08-09 20:45:08 -07:00
list_sort.c lib/list_sort: do not pass bad pointers to cmp callback 2010-10-01 10:50:58 -07:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
lru_cache.c
Makefile Merge branch 'async' of macbook:git/btrfs-unstable 2010-08-09 10:36:44 +01:00
nlattr.c
parser.c
percpu_counter.c tmpfs: add accurate compare function to percpu_counter library 2010-08-09 20:44:58 -07:00
plist.c
prio_heap.c
prio_tree.c
proportions.c
radix-tree.c Merge branch 'radix-tree' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/xfsdev 2010-08-22 19:55:14 -07:00
random32.c Merge branch 'master' into for-next 2010-06-16 18:08:13 +02:00
ratelimit.c
rational.c
rbtree.c rbtree: Undo augmented trees performance damage and regression 2010-07-05 14:43:50 +02:00
reciprocal_div.c
rwsem-spinlock.c
rwsem.c rwsem: smaller wrappers around rwsem_down_failed_common 2010-08-09 20:45:11 -07:00
scatterlist.c scatterlist: prevent invalid free when alloc fails 2010-08-30 19:55:09 +02:00
sha1.c
show_mem.c
smp_processor_id.c
sort.c
spinlock_debug.c
string_helpers.c
string.c
swiotlb.c swiotlb: Make swiotlb bookkeeping functions visible in the header file. 2010-06-07 11:59:27 -04:00
syscall.c
textsearch.c
ts_bm.c
ts_fsm.c
ts_kmp.c
uuid.c
vsprintf.c lib: vsprintf: useless strlen() removed 2010-08-09 20:45:09 -07:00