s390/compat: fix compat_sys_statfs() memory corruption

The f_spare field within struct compat_statfs is four bytes larger than within the native 31 bit struct statfs. compat_sys_statfs() clears the f_spare field in user space which means that in compat mode four bytes that are behind the user space supplied struct compat_statfs will be corrupted (zeroed). According to Thomas Gleixner's Linux 2.6 history tree this bug is present since v2.5.74 87880da124 "[PATCH] s390: 31 bit compat.". So it get's fixed shortly before its 10th anniversary. Tough luck. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-04-20 13:01:19 +02:00 · 2013-04-20 13:01:19 +02:00 · a2aec0d3e2
commit a2aec0d3e2
parent 241fd9bcbc
1 changed files with 1 additions and 1 deletions
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@ -135,7 +135,7 @@ struct compat_statfs {
 	s32		f_namelen;
 	s32		f_frsize;
 	s32		f_flags;
-	s32		f_spare[5];
+	s32		f_spare[4];
 };

 #define COMPAT_RLIM_OLD_INFINITY	0x7fffffff