aboutsummaryrefslogtreecommitdiff
path: root/fs/locks.c
diff options
context:
space:
mode:
authorAlex Elder <aelder@sgi.com>2011-03-01 17:50:00 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2011-04-14 16:53:16 -0700
commit277678c4089dc0a9b3235eb58547878dacfe336b (patch)
tree4241a921318323cb4ce948006a251385c13592bf /fs/locks.c
parentb291661643c93044e6d4a228d3268649ccf30a0c (diff)
xfs: zero proper structure size for geometry calls
commit af24ee9ea8d532e16883251a6684dfa1be8eec29 upstream. Commit 493f3358cb289ccf716c5a14fa5bb52ab75943e5 added this call to xfs_fs_geometry() in order to avoid passing kernel stack data back to user space: + memset(geo, 0, sizeof(*geo)); Unfortunately, one of the callers of that function passes the address of a smaller data type, cast to fit the type that xfs_fs_geometry() requires. As a result, this can happen: Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: f87aca93 Pid: 262, comm: xfs_fsr Not tainted 2.6.38-rc6-493f3358cb2+ #1 Call Trace: [<c12991ac>] ? panic+0x50/0x150 [<c102ed71>] ? __stack_chk_fail+0x10/0x18 [<f87aca93>] ? xfs_ioc_fsgeometry_v1+0x56/0x5d [xfs] Fix this by fixing that one caller to pass the right type and then copy out the subset it is interested in. Note: This patch is an alternative to one originally proposed by Eric Sandeen. Reported-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu> Signed-off-by: Alex Elder <aelder@sgi.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Tested-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs/locks.c')
0 files changed, 0 insertions, 0 deletions