1
linux/fs/xfs
Alex Elder eeb2036b8a xfs: zero proper structure size for geometry calls
Commit 493f3358cb added this call to
xfs_fs_geometry() in order to avoid passing kernel stack data back
to user space:

+       memset(geo, 0, sizeof(*geo));

Unfortunately, one of the callers of that function passes the
address of a smaller data type, cast to fit the type that
xfs_fs_geometry() requires.  As a result, this can happen:

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
in: f87aca93

Pid: 262, comm: xfs_fsr Not tainted 2.6.38-rc6-493f3358cb2+ #1
Call Trace:

[<c12991ac>] ? panic+0x50/0x150
[<c102ed71>] ? __stack_chk_fail+0x10/0x18
[<f87aca93>] ? xfs_ioc_fsgeometry_v1+0x56/0x5d [xfs]

Fix this by fixing that one caller to pass the right type and then
copy out the subset it is interested in.

Note: This patch is an alternative to one originally proposed by
Eric Sandeen.

Reported-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
Signed-off-by: Alex Elder <aelder@sgi.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Tested-by: Jeffrey Hundstad <jeffrey.hundstad@mnsu.edu>
2011-03-01 21:19:59 -06:00
..
linux-2.6 xfs: zero proper structure size for geometry calls 2011-03-01 21:19:59 -06:00
quota xfs: more sensible inode refcounting for ialloc 2011-02-22 20:32:28 -06:00
support xfs: Do not name variables "panic" 2011-01-17 12:39:07 -08:00
Kconfig
Makefile xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_acl.h fs: provide rcu-walk aware permission i_ops 2011-01-07 17:50:29 +11:00
xfs_ag.h xfs: convert pag_ici_lock to a spin lock 2010-12-16 17:08:41 +11:00
xfs_alloc_btree.c xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_alloc_btree.h
xfs_alloc.c xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_alloc.h xfs: limit extent length for allocation to AG size 2011-01-28 09:05:35 -06:00
xfs_arch.h
xfs_attr_leaf.c xfs: use KM_NOFS for allocations during attribute list operations 2010-12-23 11:57:37 +11:00
xfs_attr_leaf.h
xfs_attr_sf.h
xfs_attr.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_attr.h
xfs_bit.c
xfs_bit.h
xfs_bmap_btree.c
xfs_bmap_btree.h
xfs_bmap.c xfs: stop using xfs_trans_iget in the RT allocator 2011-02-22 20:30:21 -06:00
xfs_bmap.h xfs: fix failed write truncation handling. 2010-12-01 07:40:19 -06:00
xfs_btree_trace.c
xfs_btree_trace.h
xfs_btree.c xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_btree.h xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_buf_item.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_buf_item.h xfs: use struct list_head for the buf cancel table 2010-12-16 16:05:22 -06:00
xfs_da_btree.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_da_btree.h
xfs_dfrag.c xfs: delayed alloc blocks beyond EOF are valid after writeback 2010-12-01 07:40:20 -06:00
xfs_dfrag.h
xfs_dinode.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_dir2_block.c
xfs_dir2_block.h
xfs_dir2_data.c
xfs_dir2_data.h
xfs_dir2_leaf.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_dir2_leaf.h
xfs_dir2_node.c
xfs_dir2_node.h
xfs_dir2_sf.c
xfs_dir2_sf.h
xfs_dir2.c
xfs_dir2.h
xfs_error.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_error.h xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_extfree_item.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_extfree_item.h xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_filestream.c xfs: tell lockdep about parent iolock usage in filestreams 2010-11-10 12:00:48 -06:00
xfs_filestream.h
xfs_fs.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_fsops.c xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 2011-02-21 19:55:47 -06:00
xfs_fsops.h xfs: ensure log covering transactions are synchronous 2011-01-11 20:28:17 -06:00
xfs_ialloc_btree.c xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_ialloc_btree.h
xfs_ialloc.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_ialloc.h
xfs_iget.c Merge branch 'master' into for-linus-merged 2011-01-10 21:35:55 -06:00
xfs_inode_item.c xfs: remove all the inodes on a buffer from the AIL in bulk 2010-12-20 12:03:17 +11:00
xfs_inode_item.h
xfs_inode.c xfs: more sensible inode refcounting for ialloc 2011-02-22 20:32:28 -06:00
xfs_inode.h xfs: add lockdep annotations for the rt inodes 2011-02-07 13:29:18 -06:00
xfs_inum.h
xfs_iomap.c xfs: speculative delayed allocation uses rounddown_power_of_2 badly 2011-01-28 09:05:35 -06:00
xfs_iomap.h xfs: kill xfs_iomap 2010-12-16 16:05:51 -06:00
xfs_itable.c xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_itable.h
xfs_log_cil.c xfs: handle CIl transaction commit failures correctly 2011-01-28 09:05:36 -06:00
xfs_log_priv.h xfs: convert grant head manipulations to lockless algorithm 2010-12-21 12:29:14 +11:00
xfs_log_recover.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_log_recover.h
xfs_log.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_log.h xfs: handle CIl transaction commit failures correctly 2011-01-28 09:05:36 -06:00
xfs_mount.c xfs: convert pag_ici_lock to a spin lock 2010-12-16 17:08:41 +11:00
xfs_mount.h xfs: dynamic speculative EOF preallocation 2011-01-04 11:35:03 +11:00
xfs_mru_cache.c workqueue: convert cancel_rearming_delayed_work[queue]() users to cancel_delayed_work_sync() 2010-12-15 10:56:11 +01:00
xfs_mru_cache.h
xfs_quota.h xfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n 2010-11-10 12:00:48 -06:00
xfs_rename.c xfs: log timestamp changes to the source inode in rename 2010-12-09 17:07:02 -06:00
xfs_rtalloc.c xfs: stop using xfs_trans_iget in the RT allocator 2011-02-22 20:30:21 -06:00
xfs_rtalloc.h
xfs_rw.c xfs: fix xfs_get_extsz_hint for a zero extent size hint 2011-02-07 13:29:14 -06:00
xfs_rw.h
xfs_sb.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_trans_ail.c xfs: use AIL bulk delete function to implement single delete 2010-12-20 12:36:15 +11:00
xfs_trans_buf.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_trans_extfree.c xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_trans_inode.c xfs: more sensible inode refcounting for ialloc 2011-02-22 20:32:28 -06:00
xfs_trans_priv.h xfs: use AIL bulk delete function to implement single delete 2010-12-20 12:36:15 +11:00
xfs_trans_space.h
xfs_trans.c xfs: handle CIl transaction commit failures correctly 2011-01-28 09:05:36 -06:00
xfs_trans.h xfs: more sensible inode refcounting for ialloc 2011-02-22 20:32:28 -06:00
xfs_types.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_utils.c xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs_utils.h xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs_vnodeops.c xfs: more sensible inode refcounting for ialloc 2011-02-22 20:32:28 -06:00
xfs_vnodeops.h xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs.h