diff options
| author | Alex Elder <aelder@sgi.com> | 2011-03-01 17:50:00 +0000 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-04-14 16:53:16 -0700 |
| commit | 277678c4089dc0a9b3235eb58547878dacfe336b (patch) | |
| tree | 4241a921318323cb4ce948006a251385c13592bf /net | |
| parent | b291661643c93044e6d4a228d3268649ccf30a0c (diff) | |
xfs: zero proper structure size for geometry calls
commit af24ee9ea8d532e16883251a6684dfa1be8eec29 upstream.
Commit 493f3358cb289ccf716c5a14fa5bb52ab75943e5 added this call to
xfs_fs_geometry() in order to avoid passing kernel stack data back
to user space:
+ memset(geo, 0, sizeof(*geo));
Unfortunately, one of the callers of that function passes the
address of a smaller data type, cast to fit the type that
xfs_fs_geometry() requires. As a result, this can happen:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
in: f87aca93
Pid: 262, comm: xfs_fsr Not tainted 2.6.38-rc6-493f3358cb2+ #1
Call Trace:
[<c12991ac>] ? panic+0x50/0x150
[<c102ed71>] ? __stack_chk_fail+0x10/0x18
[<f87aca93>] ? xfs_ioc_fsgeometry_v1+0x56/0x5d [xfs]
Fix this by fixing that one caller to pass the right type and then
copy out the subset it is interested in.
Note: This patch is an alternative to one originally proposed by
Eric Sandeen.
Reported-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
Signed-off-by: Alex Elder <aelder@sgi.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Tested-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions