提交 ed40866e 编写于 作者: I Ilya Leoshkevich 提交者: Alexander Gordeev

statfs: enforce statfs[64] structure initialization

s390's struct statfs and struct statfs64 contain padding, which
field-by-field copying does not set. Initialize the respective structs
with zeros before filling them and copying them to userspace, like it's
already done for the compat versions of these structs.

Found by KMSAN.

[agordeev@linux.ibm.com: fixed typo in patch description]
Acked-by: NHeiko Carstens <hca@linux.ibm.com>
Cc: stable@vger.kernel.org # v4.14+
Signed-off-by: NIlya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: NAndrew Morton <akpm@linux-foundation.org>
Link: https://lore.kernel.org/r/20230504144021.808932-2-iii@linux.ibm.comSigned-off-by: NAlexander Gordeev <agordeev@linux.ibm.com>
上级 2862a2fd
...@@ -130,6 +130,7 @@ static int do_statfs_native(struct kstatfs *st, struct statfs __user *p) ...@@ -130,6 +130,7 @@ static int do_statfs_native(struct kstatfs *st, struct statfs __user *p)
if (sizeof(buf) == sizeof(*st)) if (sizeof(buf) == sizeof(*st))
memcpy(&buf, st, sizeof(*st)); memcpy(&buf, st, sizeof(*st));
else { else {
memset(&buf, 0, sizeof(buf));
if (sizeof buf.f_blocks == 4) { if (sizeof buf.f_blocks == 4) {
if ((st->f_blocks | st->f_bfree | st->f_bavail | if ((st->f_blocks | st->f_bfree | st->f_bavail |
st->f_bsize | st->f_frsize) & st->f_bsize | st->f_frsize) &
...@@ -158,7 +159,6 @@ static int do_statfs_native(struct kstatfs *st, struct statfs __user *p) ...@@ -158,7 +159,6 @@ static int do_statfs_native(struct kstatfs *st, struct statfs __user *p)
buf.f_namelen = st->f_namelen; buf.f_namelen = st->f_namelen;
buf.f_frsize = st->f_frsize; buf.f_frsize = st->f_frsize;
buf.f_flags = st->f_flags; buf.f_flags = st->f_flags;
memset(buf.f_spare, 0, sizeof(buf.f_spare));
} }
if (copy_to_user(p, &buf, sizeof(buf))) if (copy_to_user(p, &buf, sizeof(buf)))
return -EFAULT; return -EFAULT;
...@@ -171,6 +171,7 @@ static int do_statfs64(struct kstatfs *st, struct statfs64 __user *p) ...@@ -171,6 +171,7 @@ static int do_statfs64(struct kstatfs *st, struct statfs64 __user *p)
if (sizeof(buf) == sizeof(*st)) if (sizeof(buf) == sizeof(*st))
memcpy(&buf, st, sizeof(*st)); memcpy(&buf, st, sizeof(*st));
else { else {
memset(&buf, 0, sizeof(buf));
buf.f_type = st->f_type; buf.f_type = st->f_type;
buf.f_bsize = st->f_bsize; buf.f_bsize = st->f_bsize;
buf.f_blocks = st->f_blocks; buf.f_blocks = st->f_blocks;
...@@ -182,7 +183,6 @@ static int do_statfs64(struct kstatfs *st, struct statfs64 __user *p) ...@@ -182,7 +183,6 @@ static int do_statfs64(struct kstatfs *st, struct statfs64 __user *p)
buf.f_namelen = st->f_namelen; buf.f_namelen = st->f_namelen;
buf.f_frsize = st->f_frsize; buf.f_frsize = st->f_frsize;
buf.f_flags = st->f_flags; buf.f_flags = st->f_flags;
memset(buf.f_spare, 0, sizeof(buf.f_spare));
} }
if (copy_to_user(p, &buf, sizeof(buf))) if (copy_to_user(p, &buf, sizeof(buf)))
return -EFAULT; return -EFAULT;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册