diff options
| author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2013-04-20 07:01:19 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2013-04-23 04:18:09 -0400 |
| commit | a2aec0d3e22f3f940a165181ef339ac16deefa7c (patch) | |
| tree | 5f34dc6588089c41ade585302f6c53e5f303f862 /arch | |
| parent | 241fd9bcbc10c144531e88b5e3a62bc11090e5e4 (diff) | |
s390/compat: fix compat_sys_statfs() memory corruption
The f_spare field within struct compat_statfs is four bytes larger
than within the native 31 bit struct statfs.
compat_sys_statfs() clears the f_spare field in user space which
means that in compat mode four bytes that are behind the user space
supplied struct compat_statfs will be corrupted (zeroed).
According to Thomas Gleixner's Linux 2.6 history tree this bug is
present since v2.5.74 87880da124 "[PATCH] s390: 31 bit compat.".
So it get's fixed shortly before its 10th anniversary. Tough luck.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/s390/include/asm/compat.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h index f8c6df6cd1f0..d967ac8d55d0 100644 --- a/arch/s390/include/asm/compat.h +++ b/arch/s390/include/asm/compat.h | |||
| @@ -135,7 +135,7 @@ struct compat_statfs { | |||
| 135 | s32 f_namelen; | 135 | s32 f_namelen; |
| 136 | s32 f_frsize; | 136 | s32 f_frsize; |
| 137 | s32 f_flags; | 137 | s32 f_flags; |
| 138 | s32 f_spare[5]; | 138 | s32 f_spare[4]; |
| 139 | }; | 139 | }; |
| 140 | 140 | ||
| 141 | #define COMPAT_RLIM_OLD_INFINITY 0x7fffffff | 141 | #define COMPAT_RLIM_OLD_INFINITY 0x7fffffff |