iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/sunrpc
History
Sasha Levin 212ba90696 SUNRPC: Prevent kernel stack corruption on long values of flush 
The buffer size in read_flush() is too small for the longest possible values
for it. This can lead to a kernel stack corruption:

[   43.047329] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff833e64b4
[   43.047329]
[   43.049030] Pid: 6015, comm: trinity-child18 Tainted: G        W    3.5.0-rc7-next-20120716-sasha #221
[   43.050038] Call Trace:
[   43.050435]  [<ffffffff836c60c2>] panic+0xcd/0x1f4
[   43.050931]  [<ffffffff833e64b4>] ? read_flush.isra.7+0xe4/0x100
[   43.051602]  [<ffffffff810e94e6>] __stack_chk_fail+0x16/0x20
[   43.052206]  [<ffffffff833e64b4>] read_flush.isra.7+0xe4/0x100
[   43.052951]  [<ffffffff833e6500>] ? read_flush_pipefs+0x30/0x30
[   43.053594]  [<ffffffff833e652c>] read_flush_procfs+0x2c/0x30
[   43.053596]  [<ffffffff812b9a8c>] proc_reg_read+0x9c/0xd0
[   43.053596]  [<ffffffff812b99f0>] ? proc_reg_write+0xd0/0xd0
[   43.053596]  [<ffffffff81250d5b>] do_loop_readv_writev+0x4b/0x90
[   43.053596]  [<ffffffff81250fd6>] do_readv_writev+0xf6/0x1d0
[   43.053596]  [<ffffffff812510ee>] vfs_readv+0x3e/0x60
[   43.053596]  [<ffffffff812511b8>] sys_readv+0x48/0xb0
[   43.053596]  [<ffffffff8378167d>] system_call_fastpath+0x1a/0x1f

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-10-17 14:59:10 -04:00
..
auth_gss
SUNRPC: Use __func__ in dprintk() in auth_gss.c
2012-10-01 15:32:02 -07:00
xprtrdma
Merge branch 'for-3.7' of git://linux-nfs.org/~bfields/linux
2012-10-13 10:53:54 +09:00
addr.c
SUNRPC: parametrize rpc_uaddr2sockaddr() by network context
2012-01-31 19:28:12 -05:00
auth_generic.c
userns: Convert group_info values from gid_t to kgid_t.
2012-05-03 03:27:21 -07:00
auth_null.c
SUNRPC: Move the bound cred to struct rpc_rqst
2010-08-04 08:54:09 -04:00
auth_unix.c
userns: Convert group_info values from gid_t to kgid_t.
2012-05-03 03:27:21 -07:00
auth.c
SUNRPC: Add rpcauth_list_flavors()
2012-07-16 15:12:15 -04:00
backchannel_rqst.c
net: Fix (nearly-)kernel-doc comments for various functions
2012-07-10 23:13:45 -07:00
bc_svc.c
SUNRPC: sunrpc should not explicitly depend on NFS config options
2011-07-15 09:12:23 -04:00
cache.c
SUNRPC: Prevent kernel stack corruption on long values of flush
2012-10-17 14:59:10 -04:00
clnt.c
SUNRPC: Introduce rpc_clone_client_set_auth()
2012-10-01 15:33:33 -07:00
Kconfig
nfs: enable swap on NFS
2012-07-31 18:42:48 -07:00
Makefile
SUNRPC: sunrpc should not explicitly depend on NFS config options
2011-07-15 09:12:23 -04:00
netns.h
SUNRPC: create GSS auth cache per network namespace
2012-01-31 19:28:15 -05:00
rpc_pipe.c
SUNRPC: Clean up dprintk messages in rpc_pipe.c
2012-10-01 15:31:57 -07:00
rpcb_clnt.c
SUNRPC: return negative value in case rpcbind client creation error
2012-07-30 20:39:05 -04:00
sched.c
SUNRPC: Limit the rpciod workqueue concurrency
2012-09-28 20:24:16 -04:00
socklib.c
sunrpc: remove the second argument of k[un]map_atomic()
2012-03-20 21:48:28 +08:00
stats.c
SUNRPC: Use RCU to dereference the rpc_clnt.cl_xprt field
2012-03-02 15:36:38 -05:00
sunrpc_syms.c
SUNRPC: register PipeFS file system after pernet sybsystem
2012-04-18 11:05:48 -04:00
sunrpc.h
SUNRPC: subscribe RPC clients to pipefs notifications
2012-01-31 18:20:25 -05:00
svc_xprt.c
svcrpc: split up svc_handle_xprt
2012-08-21 17:42:02 -04:00
svc.c
NFS client bugfixes for Linux 3.5
2012-06-15 17:37:23 -07:00
svcauth_unix.c
ipv6: add ipv6_addr_hash() helper
2012-07-18 11:28:46 -07:00
svcauth.c
net: sunrpc: kill unused macros
2010-12-17 15:48:21 -05:00
svcsock.c
nfsd: remove unused listener-removal interfaces
2012-09-10 10:55:19 -04:00
sysctl.c
SUNRPC: make SUNPRC clients list per network namespace context
2012-01-31 18:20:25 -05:00
timer.c
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
xdr.c
SUNRPC: Optimise away unnecessary data moves in xdr_align_pages
2012-09-28 15:58:42 -04:00
xprt.c
SUNRPC: Get rid of the redundant xprt->shutdown bit field
2012-09-28 16:03:05 -04:00
xprtsock.c
SUNRPC: Get rid of the redundant xprt->shutdown bit field
2012-09-28 16:03:05 -04:00