summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHeiko Carstens <heiko.carstens@de.ibm.com>2013-04-20 13:01:19 +0200
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2013-04-23 10:18:09 +0200
commita2aec0d3e22f3f940a165181ef339ac16deefa7c (patch)
tree5f34dc6588089c41ade585302f6c53e5f303f862
parent241fd9bcbc10c144531e88b5e3a62bc11090e5e4 (diff)
downloadop-kernel-dev-a2aec0d3e22f3f940a165181ef339ac16deefa7c.zip
op-kernel-dev-a2aec0d3e22f3f940a165181ef339ac16deefa7c.tar.gz
s390/compat: fix compat_sys_statfs() memory corruption
The f_spare field within struct compat_statfs is four bytes larger than within the native 31 bit struct statfs. compat_sys_statfs() clears the f_spare field in user space which means that in compat mode four bytes that are behind the user space supplied struct compat_statfs will be corrupted (zeroed). According to Thomas Gleixner's Linux 2.6 history tree this bug is present since v2.5.74 87880da124 "[PATCH] s390: 31 bit compat.". So it get's fixed shortly before its 10th anniversary. Tough luck. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--arch/s390/include/asm/compat.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index f8c6df6..d967ac8 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -135,7 +135,7 @@ struct compat_statfs {
s32 f_namelen;
s32 f_frsize;
s32 f_flags;
- s32 f_spare[5];
+ s32 f_spare[4];
};
#define COMPAT_RLIM_OLD_INFINITY 0x7fffffff
OpenPOWER on IntegriCloud