diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-04 18:34:55 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-04 18:34:55 -0700 |
| commit | 60f5a21736322c25b297b022aa48aeb28fd56f9e (patch) | |
| tree | aa9e89380ef0810ba25de912aa7253513c1cf635 /fs/jfs/jfs_incore.h | |
| parent | f639bef55d2bf4847d98f45087e1a5874e2320e8 (diff) | |
| parent | 961b33c244e5ba1543ae26270a1ba29f29c2db83 (diff) | |
| download | lwn-60f5a21736322c25b297b022aa48aeb28fd56f9e.tar.gz lwn-60f5a21736322c25b297b022aa48aeb28fd56f9e.zip | |
Merge tag 'usercopy-fix-v4.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull usercopy whitelisting fix from Kees Cook:
"Bart Massey discovered that the usercopy whitelist for JFS was
incomplete: the inline inode data may intentionally "overflow" into
the neighboring "extended area", so the size of the whitelist needed
to be raised to include the neighboring field"
* tag 'usercopy-fix-v4.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
jfs: Fix usercopy whitelist for inline inode data
Diffstat (limited to 'fs/jfs/jfs_incore.h')
| -rw-r--r-- | fs/jfs/jfs_incore.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/jfs/jfs_incore.h b/fs/jfs/jfs_incore.h index 1f26d1910409..9940a1e04cbf 100644 --- a/fs/jfs/jfs_incore.h +++ b/fs/jfs/jfs_incore.h @@ -87,6 +87,7 @@ struct jfs_inode_info { struct { unchar _unused[16]; /* 16: */ dxd_t _dxd; /* 16: */ + /* _inline may overflow into _inline_ea when needed */ unchar _inline[128]; /* 128: inline symlink */ /* _inline_ea may overlay the last part of * file._xtroot if maxentry = XTROOTINITSLOT |