From a2aec0d3e22f3f940a165181ef339ac16deefa7c Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Sat, 20 Apr 2013 13:01:19 +0200 Subject: [PATCH] s390/compat: fix compat_sys_statfs() memory corruption The f_spare field within struct compat_statfs is four bytes larger than within the native 31 bit struct statfs. compat_sys_statfs() clears the f_spare field in user space which means that in compat mode four bytes that are behind the user space supplied struct compat_statfs will be corrupted (zeroed). According to Thomas Gleixner's Linux 2.6 history tree this bug is present since v2.5.74 87880da124 "[PATCH] s390: 31 bit compat.". So it get's fixed shortly before its 10th anniversary. Tough luck. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- arch/s390/include/asm/compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h index f8c6df6..d967ac8 100644 --- a/arch/s390/include/asm/compat.h +++ b/arch/s390/include/asm/compat.h @@ -135,7 +135,7 @@ struct compat_statfs { s32 f_namelen; s32 f_frsize; s32 f_flags; - s32 f_spare[5]; + s32 f_spare[4]; }; #define COMPAT_RLIM_OLD_INFINITY 0x7fffffff -- 2.7.4