[patch 05/12] Fix oops in ufs_fill_super at mount time

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
	Zwane Mwaikambo <zwane@arm.linux.org.uk>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Randy Dunlap <rdunlap@xenotime.net>,
	Dave Jones <davej@redhat.com>,
	Chuck Wolber <chuckw@quantumlinux.com>,
	torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
	dushistov@mail.ru, adobriyan@gmail.com
Subject: [patch 05/12] Fix oops in ufs_fill_super at mount time
Date: Fri, 27 Jan 2006 18:20:57 -0800	[thread overview]
Message-ID: <20060128022057.GF17001@kroah.com> (raw)
In-Reply-To: <20060128022023.GA17001@kroah.com>

[-- Attachment #1: fix-oops-in-ufs_fill_super-at-mount-time.patch --]
[-- Type: text/plain, Size: 1355 bytes --]

2.6.15.2 -stable review patch.  If anyone has any objections, please let 
us know.

------------------

From: Evgeniy <dushistov@mail.ru>

There's a lack of parenthesis in fs/ufs/utils.h, so instead of the 512th
byte of buffer, the usb2 pointer will point to the nth structure of type
ufs_super_block_second.

This can cause a mount-time oops if you're unlucky (especially with
DEBUG_PAGEALLOC, which is how Alexey Dobriyan saw this problem)

Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru>
Acked-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 fs/ufs/util.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- linux-2.6.15.1.orig/fs/ufs/util.h
+++ linux-2.6.15.1/fs/ufs/util.h
@@ -255,8 +255,8 @@ extern void _ubh_memcpyubh_(struct ufs_s
 	((struct ufs_super_block_first *)((ubh)->bh[0]->b_data))
 
 #define ubh_get_usb_second(ubh) \
-	((struct ufs_super_block_second *)(ubh)-> \
-	bh[UFS_SECTOR_SIZE >> uspi->s_fshift]->b_data + (UFS_SECTOR_SIZE & ~uspi->s_fmask))
+	((struct ufs_super_block_second *)((ubh)->\
+	bh[UFS_SECTOR_SIZE >> uspi->s_fshift]->b_data + (UFS_SECTOR_SIZE & ~uspi->s_fmask)))
 
 #define ubh_get_usb_third(ubh) \
 	((struct ufs_super_block_third *)((ubh)-> \

--

next prev parent reply	other threads:[~2006-01-28  2:22 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20060128020629.908825000@press.kroah.org>
2006-01-28  2:20 ` [patch 00/12] 2.6.15.2 -stable review Greg KH
2006-01-28  2:20   ` [patch 01/12] usb-audio: don't use empty packets at start of playback Greg KH
2006-01-28  2:20   ` [patch 02/12] [BLOCK] Kill blk_attempt_remerge() Greg KH
2006-01-28  2:20   ` [patch 03/12] Input: HID - fix an oops in PID initialization code Greg KH
2006-01-28  2:20   ` [patch 04/12] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open (CVE-2005-3356) Greg KH
2006-01-28  2:20   ` Greg KH [this message]
2006-01-28  2:21   ` [patch 06/12] elevator=as back-compatibility Greg KH
2006-01-28 19:19     ` Jens Axboe
2006-01-31  7:09       ` [stable] " Greg KH
2006-01-28  2:21   ` [patch 07/12] Fix timekeeping on sparc64 ultra-IIe machines Greg KH
2006-01-28  2:21   ` [patch 08/12] [NET]: Make second arg to skb_reserved() signed Greg KH
2006-01-28  2:21   ` [patch 09/12] Mask off GFP flags before swiotlb_alloc_coherent Greg KH
2006-01-28  2:33     ` Andi Kleen
2006-01-28  3:49       ` Andrew Morton
2006-01-28  6:04         ` Andi Kleen
2006-01-28  2:21   ` [patch 10/12] Someone broke reiserfs v3 mount options and this fixes it Greg KH
2006-01-28  2:21   ` [patch 11/12] Fix i2o_scsi oops on abort Greg KH
2006-01-28  2:21   ` [patch 12/12] Fix mkiss locking bug Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060128022057.GF17001@kroah.com \
    --to=gregkh@suse.de \
    --cc=adobriyan@gmail.com \
    --cc=akpm@osdl.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=chuckw@quantumlinux.com \
    --cc=davej@redhat.com \
    --cc=dushistov@mail.ru \
    --cc=jmforbes@linuxtx.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rdunlap@xenotime.net \
    --cc=stable@kernel.org \
    --cc=torvalds@osdl.org \
    --cc=tytso@mit.edu \
    --cc=zwane@arm.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.