linux/net/sunrpc
Sasha Levin 212ba90696 SUNRPC: Prevent kernel stack corruption on long values of flush
The buffer size in read_flush() is too small for the longest possible values
for it. This can lead to a kernel stack corruption:

[   43.047329] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff833e64b4
[   43.047329]
[   43.049030] Pid: 6015, comm: trinity-child18 Tainted: G        W    3.5.0-rc7-next-20120716-sasha #221
[   43.050038] Call Trace:
[   43.050435]  [<ffffffff836c60c2>] panic+0xcd/0x1f4
[   43.050931]  [<ffffffff833e64b4>] ? read_flush.isra.7+0xe4/0x100
[   43.051602]  [<ffffffff810e94e6>] __stack_chk_fail+0x16/0x20
[   43.052206]  [<ffffffff833e64b4>] read_flush.isra.7+0xe4/0x100
[   43.052951]  [<ffffffff833e6500>] ? read_flush_pipefs+0x30/0x30
[   43.053594]  [<ffffffff833e652c>] read_flush_procfs+0x2c/0x30
[   43.053596]  [<ffffffff812b9a8c>] proc_reg_read+0x9c/0xd0
[   43.053596]  [<ffffffff812b99f0>] ? proc_reg_write+0xd0/0xd0
[   43.053596]  [<ffffffff81250d5b>] do_loop_readv_writev+0x4b/0x90
[   43.053596]  [<ffffffff81250fd6>] do_readv_writev+0xf6/0x1d0
[   43.053596]  [<ffffffff812510ee>] vfs_readv+0x3e/0x60
[   43.053596]  [<ffffffff812511b8>] sys_readv+0x48/0xb0
[   43.053596]  [<ffffffff8378167d>] system_call_fastpath+0x1a/0x1f

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2012-10-17 14:59:10 -04:00
..
auth_gss SUNRPC: Use __func__ in dprintk() in auth_gss.c 2012-10-01 15:32:02 -07:00
xprtrdma Merge branch 'for-3.7' of git://linux-nfs.org/~bfields/linux 2012-10-13 10:53:54 +09:00
addr.c SUNRPC: parametrize rpc_uaddr2sockaddr() by network context 2012-01-31 19:28:12 -05:00
auth_generic.c userns: Convert group_info values from gid_t to kgid_t. 2012-05-03 03:27:21 -07:00
auth_null.c
auth_unix.c userns: Convert group_info values from gid_t to kgid_t. 2012-05-03 03:27:21 -07:00
auth.c SUNRPC: Add rpcauth_list_flavors() 2012-07-16 15:12:15 -04:00
backchannel_rqst.c net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
bc_svc.c SUNRPC: sunrpc should not explicitly depend on NFS config options 2011-07-15 09:12:23 -04:00
cache.c SUNRPC: Prevent kernel stack corruption on long values of flush 2012-10-17 14:59:10 -04:00
clnt.c SUNRPC: Introduce rpc_clone_client_set_auth() 2012-10-01 15:33:33 -07:00
Kconfig nfs: enable swap on NFS 2012-07-31 18:42:48 -07:00
Makefile SUNRPC: sunrpc should not explicitly depend on NFS config options 2011-07-15 09:12:23 -04:00
netns.h SUNRPC: create GSS auth cache per network namespace 2012-01-31 19:28:15 -05:00
rpc_pipe.c SUNRPC: Clean up dprintk messages in rpc_pipe.c 2012-10-01 15:31:57 -07:00
rpcb_clnt.c SUNRPC: return negative value in case rpcbind client creation error 2012-07-30 20:39:05 -04:00
sched.c SUNRPC: Limit the rpciod workqueue concurrency 2012-09-28 20:24:16 -04:00
socklib.c sunrpc: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:28 +08:00
stats.c SUNRPC: Use RCU to dereference the rpc_clnt.cl_xprt field 2012-03-02 15:36:38 -05:00
sunrpc_syms.c SUNRPC: register PipeFS file system after pernet sybsystem 2012-04-18 11:05:48 -04:00
sunrpc.h SUNRPC: subscribe RPC clients to pipefs notifications 2012-01-31 18:20:25 -05:00
svc_xprt.c svcrpc: split up svc_handle_xprt 2012-08-21 17:42:02 -04:00
svc.c NFS client bugfixes for Linux 3.5 2012-06-15 17:37:23 -07:00
svcauth_unix.c ipv6: add ipv6_addr_hash() helper 2012-07-18 11:28:46 -07:00
svcauth.c net: sunrpc: kill unused macros 2010-12-17 15:48:21 -05:00
svcsock.c nfsd: remove unused listener-removal interfaces 2012-09-10 10:55:19 -04:00
sysctl.c SUNRPC: make SUNPRC clients list per network namespace context 2012-01-31 18:20:25 -05:00
timer.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
xdr.c SUNRPC: Optimise away unnecessary data moves in xdr_align_pages 2012-09-28 15:58:42 -04:00
xprt.c SUNRPC: Get rid of the redundant xprt->shutdown bit field 2012-09-28 16:03:05 -04:00
xprtsock.c SUNRPC: Get rid of the redundant xprt->shutdown bit field 2012-09-28 16:03:05 -04:00