1
linux/fs/xfs
Alex Elder af24ee9ea8 xfs: zero proper structure size for geometry calls
Commit 493f3358cb added this call to
xfs_fs_geometry() in order to avoid passing kernel stack data back
to user space:

+       memset(geo, 0, sizeof(*geo));

Unfortunately, one of the callers of that function passes the
address of a smaller data type, cast to fit the type that
xfs_fs_geometry() requires.  As a result, this can happen:

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
in: f87aca93

Pid: 262, comm: xfs_fsr Not tainted 2.6.38-rc6-493f3358cb2+ #1
Call Trace:

[<c12991ac>] ? panic+0x50/0x150
[<c102ed71>] ? __stack_chk_fail+0x10/0x18
[<f87aca93>] ? xfs_ioc_fsgeometry_v1+0x56/0x5d [xfs]

Fix this by fixing that one caller to pass the right type and then
copy out the subset it is interested in.

Note: This patch is an alternative to one originally proposed by
Eric Sandeen.

Reported-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
Signed-off-by: Alex Elder <aelder@sgi.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Tested-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
2011-03-01 21:21:13 -06:00
..
linux-2.6 xfs: zero proper structure size for geometry calls 2011-03-01 21:21:13 -06:00
quota xfs: fix dquot shaker deadlock 2011-01-28 09:05:36 -06:00
support xfs: Do not name variables "panic" 2011-01-17 12:39:07 -08:00
Kconfig quota: Make QUOTACTL config be selected by its users 2010-10-05 12:16:37 +02:00
Makefile xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_acl.h fs: provide rcu-walk aware permission i_ops 2011-01-07 17:50:29 +11:00
xfs_ag.h xfs: convert pag_ici_lock to a spin lock 2010-12-16 17:08:41 +11:00
xfs_alloc_btree.c xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_alloc_btree.h
xfs_alloc.c xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_alloc.h xfs: limit extent length for allocation to AG size 2011-01-28 09:05:35 -06:00
xfs_arch.h
xfs_attr_leaf.c xfs: use KM_NOFS for allocations during attribute list operations 2010-12-23 11:57:37 +11:00
xfs_attr_leaf.h
xfs_attr_sf.h xfs: convert attr to use unsigned names 2010-01-20 10:47:48 +11:00
xfs_attr.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_attr.h xfs: convert attr to use unsigned names 2010-01-20 10:47:48 +11:00
xfs_bit.c
xfs_bit.h
xfs_bmap_btree.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_bmap_btree.h xfs: make several more functions static 2010-01-15 15:31:38 -06:00
xfs_bmap.c xfs: xfs_bmap_add_extent_delay_real should init br_startblock 2011-01-28 09:13:29 -06:00
xfs_bmap.h xfs: fix failed write truncation handling. 2010-12-01 07:40:19 -06:00
xfs_btree_trace.c
xfs_btree_trace.h xfs: event tracing support 2009-12-14 23:08:16 -06:00
xfs_btree.c xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_btree.h xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_buf_item.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_buf_item.h xfs: use struct list_head for the buf cancel table 2010-12-16 16:05:22 -06:00
xfs_da_btree.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_da_btree.h xfs: convert dirnameops to unsigned char names 2010-01-20 10:47:17 +11:00
xfs_dfrag.c xfs: delayed alloc blocks beyond EOF are valid after writeback 2010-12-01 07:40:20 -06:00
xfs_dfrag.h xfs: clean up inconsistent variable naming in xfs_swap_extent 2010-01-15 15:31:23 -06:00
xfs_dinode.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_dir2_block.c xfs: fix gcc 4.6 set but not read and unused statement warnings 2010-07-26 13:16:51 -05:00
xfs_dir2_block.h
xfs_dir2_data.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_dir2_data.h
xfs_dir2_leaf.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_dir2_leaf.h
xfs_dir2_node.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_dir2_node.h xfs: make several more functions static 2010-01-15 15:31:38 -06:00
xfs_dir2_sf.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_dir2_sf.h
xfs_dir2.c xfs: split xfs_itrace_entry 2010-07-26 13:16:44 -05:00
xfs_dir2.h xfs: make xfs_dir_cilookup_result use unsigned char 2010-01-20 10:47:25 +11:00
xfs_error.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_error.h xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_extfree_item.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_extfree_item.h xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_filestream.c xfs: tell lockdep about parent iolock usage in filestreams 2010-11-10 12:00:48 -06:00
xfs_filestream.h xfs: clean up filestreams helpers 2010-07-26 13:16:51 -05:00
xfs_fs.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_fsops.c xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 2011-02-22 15:06:47 -06:00
xfs_fsops.h xfs: ensure log covering transactions are synchronous 2011-01-11 20:28:17 -06:00
xfs_ialloc_btree.c xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_ialloc_btree.h
xfs_ialloc.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_ialloc.h xfs: rationalize xfs_inobt_lookup* 2009-09-01 12:45:39 -05:00
xfs_iget.c Merge branch 'master' into for-linus-merged 2011-01-10 21:35:55 -06:00
xfs_inode_item.c xfs: remove all the inodes on a buffer from the AIL in bulk 2010-12-20 12:03:17 +11:00
xfs_inode_item.h xfs: simplify inode to transaction joining 2010-07-26 13:16:36 -05:00
xfs_inode.c xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_inode.h xfs: don't truncate prealloc from frequently accessed inodes 2010-12-23 12:02:31 +11:00
xfs_inum.h xfs: remove XFS_INO64_OFFSET 2009-08-31 14:46:22 -05:00
xfs_iomap.c xfs: speculative delayed allocation uses rounddown_power_of_2 badly 2011-01-28 09:05:35 -06:00
xfs_iomap.h xfs: kill xfs_iomap 2010-12-16 16:05:51 -06:00
xfs_itable.c xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_itable.h xfs: remove block number from inode lookup code 2010-06-24 11:35:17 +10:00
xfs_log_cil.c xfs: handle CIl transaction commit failures correctly 2011-01-28 09:05:36 -06:00
xfs_log_priv.h xfs: convert grant head manipulations to lockless algorithm 2010-12-21 12:29:14 +11:00
xfs_log_recover.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_log_recover.h xfs: Clean up XFS_BLI_* flag namespace 2010-05-24 10:33:39 -05:00
xfs_log.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_log.h xfs: handle CIl transaction commit failures correctly 2011-01-28 09:05:36 -06:00
xfs_mount.c xfs: convert pag_ici_lock to a spin lock 2010-12-16 17:08:41 +11:00
xfs_mount.h xfs: dynamic speculative EOF preallocation 2011-01-04 11:35:03 +11:00
xfs_mru_cache.c workqueue: convert cancel_rearming_delayed_work[queue]() users to cancel_delayed_work_sync() 2010-12-15 10:56:11 +01:00
xfs_mru_cache.h xfs: Kill filestreams cache flush 2010-01-15 15:34:22 -06:00
xfs_quota.h xfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n 2010-11-10 12:00:48 -06:00
xfs_rename.c xfs: log timestamp changes to the source inode in rename 2010-12-09 17:07:02 -06:00
xfs_rtalloc.c xfs: use unhashed buffers for size checks 2010-10-18 15:07:50 -05:00
xfs_rtalloc.h xfs: be more explicit if RT mount fails due to config 2010-05-28 14:58:24 -05:00
xfs_rw.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_rw.h xfs: only clear the suid bit once in xfs_write 2010-02-12 13:43:57 -06:00
xfs_sb.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_trans_ail.c xfs: use AIL bulk delete function to implement single delete 2010-12-20 12:36:15 +11:00
xfs_trans_buf.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_trans_extfree.c xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_trans_inode.c xfs: don't use vfs writeback for pure metadata modifications 2010-10-18 15:07:45 -05:00
xfs_trans_priv.h xfs: use AIL bulk delete function to implement single delete 2010-12-20 12:36:15 +11:00
xfs_trans_space.h
xfs_trans.c xfs: handle CIl transaction commit failures correctly 2011-01-28 09:05:36 -06:00
xfs_trans.h xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_types.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_utils.c xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs_utils.h xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs_vnodeops.c xfs: don't truncate prealloc from frequently accessed inodes 2010-12-23 12:02:31 +11:00
xfs_vnodeops.h xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs.h xfs: event tracing support 2009-12-14 23:08:16 -06:00