aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJoern Engel <joern@logfs.org>2010-04-13 11:54:27 -0400
committerJoern Engel <joern@logfs.org>2010-04-13 11:54:27 -0400
commitd3a03f8031000f8297823b80e36db536fd020884 (patch)
treed717a209e3cf2695d1a08c104296d0bd4544ee41 /fs
parent032d8f7268444a0f5d4ee02d9513d682d5b8edfc (diff)
[LogFS] Plug 8 byte information leak
Within each journal segment, 8 bytes at offset 24 would remain uninitialized. Signed-off-by: Joern Engel <joern@logfs.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/logfs/journal.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/fs/logfs/journal.c b/fs/logfs/journal.c
index 2c22a4ad5329..2957bfc21927 100644
--- a/fs/logfs/journal.c
+++ b/fs/logfs/journal.c
@@ -388,7 +388,10 @@ static void journal_get_erase_count(struct logfs_area *area)
388static int journal_erase_segment(struct logfs_area *area) 388static int journal_erase_segment(struct logfs_area *area)
389{ 389{
390 struct super_block *sb = area->a_sb; 390 struct super_block *sb = area->a_sb;
391 struct logfs_segment_header sh; 391 union {
392 struct logfs_segment_header sh;
393 unsigned char c[ALIGN(sizeof(struct logfs_segment_header), 16)];
394 } u;
392 u64 ofs; 395 u64 ofs;
393 int err; 396 int err;
394 397
@@ -396,20 +399,21 @@ static int journal_erase_segment(struct logfs_area *area)
396 if (err) 399 if (err)
397 return err; 400 return err;
398 401
399 sh.pad = 0; 402 memset(&u, 0, sizeof(u));
400 sh.type = SEG_JOURNAL; 403 u.sh.pad = 0;
401 sh.level = 0; 404 u.sh.type = SEG_JOURNAL;
402 sh.segno = cpu_to_be32(area->a_segno); 405 u.sh.level = 0;
403 sh.ec = cpu_to_be32(area->a_erase_count); 406 u.sh.segno = cpu_to_be32(area->a_segno);
404 sh.gec = cpu_to_be64(logfs_super(sb)->s_gec); 407 u.sh.ec = cpu_to_be32(area->a_erase_count);
405 sh.crc = logfs_crc32(&sh, sizeof(sh), 4); 408 u.sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
409 u.sh.crc = logfs_crc32(&u.sh, sizeof(u.sh), 4);
406 410
407 /* This causes a bug in segment.c. Not yet. */ 411 /* This causes a bug in segment.c. Not yet. */
408 //logfs_set_segment_erased(sb, area->a_segno, area->a_erase_count, 0); 412 //logfs_set_segment_erased(sb, area->a_segno, area->a_erase_count, 0);
409 413
410 ofs = dev_ofs(sb, area->a_segno, 0); 414 ofs = dev_ofs(sb, area->a_segno, 0);
411 area->a_used_bytes = ALIGN(sizeof(sh), 16); 415 area->a_used_bytes = sizeof(u);
412 logfs_buf_write(area, ofs, &sh, sizeof(sh)); 416 logfs_buf_write(area, ofs, &u, sizeof(u));
413 return 0; 417 return 0;
414} 418}
415 419