提交 a2aec0d3 编写于 作者: H Heiko Carstens 提交者: Martin Schwidefsky

s390/compat: fix compat_sys_statfs() memory corruption

The f_spare field within struct compat_statfs is four bytes larger
than within the native 31 bit struct statfs.
compat_sys_statfs() clears the f_spare field in user space which
means that in compat mode four bytes that are behind the user space
supplied struct compat_statfs will be corrupted (zeroed).

According to Thomas Gleixner's Linux 2.6 history tree this bug is
present since v2.5.74 87880da124 "[PATCH] s390: 31 bit compat.".
So it get's fixed shortly before its 10th anniversary. Tough luck.
Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
上级 241fd9bc
......@@ -135,7 +135,7 @@ struct compat_statfs {
s32 f_namelen;
s32 f_frsize;
s32 f_flags;
s32 f_spare[5];
s32 f_spare[4];
};
#define COMPAT_RLIM_OLD_INFINITY 0x7fffffff
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册