Skip to content

Commit

Permalink
s390/compat: fix compat_sys_statfs() memory corruption
Browse files Browse the repository at this point in the history 
The f_spare field within struct compat_statfs is four bytes larger
than within the native 31 bit struct statfs.
compat_sys_statfs() clears the f_spare field in user space which
means that in compat mode four bytes that are behind the user space
supplied struct compat_statfs will be corrupted (zeroed).

According to Thomas Gleixner's Linux 2.6 history tree this bug is
present since v2.5.74 87880da "[PATCH] s390: 31 bit compat.".
So it get's fixed shortly before its 10th anniversary. Tough luck.

Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
  • Loading branch information
@heicarst
heicarst authored and Martin Schwidefsky committed Apr 23, 2013
1 parent 241fd9b commit a2aec0d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion arch/s390/include/asm/compat.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ struct compat_statfs {
s32 f_namelen;
s32 f_frsize;
s32 f_flags;
s32 f_spare[5];
s32 f_spare[4];
};

#define COMPAT_RLIM_OLD_INFINITY 0x7fffffff
Expand Down

0 comments on commit a2aec0d

Please sign in to comment.