diff options
| author | Alex Elder <aelder@sgi.com> | 2011-03-01 18:50:00 +0100 |
|---|---|---|
| committer | Alex Elder <aelder@sgi.com> | 2011-03-02 04:21:13 +0100 |
| commit | af24ee9ea8d532e16883251a6684dfa1be8eec29 (patch) | |
| tree | 0c6da066dd656121c077ba6b595503e0b6a41180 /fs/hfsplus | |
| parent | Linux 2.6.38-rc7 (diff) | |
| download | linux-af24ee9ea8d532e16883251a6684dfa1be8eec29.tar.xz linux-af24ee9ea8d532e16883251a6684dfa1be8eec29.zip | |
xfs: zero proper structure size for geometry calls
Commit 493f3358cb289ccf716c5a14fa5bb52ab75943e5 added this call to
xfs_fs_geometry() in order to avoid passing kernel stack data back
to user space:
+ memset(geo, 0, sizeof(*geo));
Unfortunately, one of the callers of that function passes the
address of a smaller data type, cast to fit the type that
xfs_fs_geometry() requires. As a result, this can happen:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
in: f87aca93
Pid: 262, comm: xfs_fsr Not tainted 2.6.38-rc6-493f3358cb2+ #1
Call Trace:
[<c12991ac>] ? panic+0x50/0x150
[<c102ed71>] ? __stack_chk_fail+0x10/0x18
[<f87aca93>] ? xfs_ioc_fsgeometry_v1+0x56/0x5d [xfs]
Fix this by fixing that one caller to pass the right type and then
copy out the subset it is interested in.
Note: This patch is an alternative to one originally proposed by
Eric Sandeen.
Reported-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
Signed-off-by: Alex Elder <aelder@sgi.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Tested-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
Diffstat (limited to 'fs/hfsplus')
0 files changed, 0 insertions, 0 deletions