mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-13 16:50:05 +00:00
[LogFS] Plug 8 byte information leak
Within each journal segment, 8 bytes at offset 24 would remain uninitialized. Signed-off-by: Joern Engel <joern@logfs.org>
This commit is contained in:
parent
032d8f7268
commit
d3a03f8031
@ -388,7 +388,10 @@ static void journal_get_erase_count(struct logfs_area *area)
|
||||
static int journal_erase_segment(struct logfs_area *area)
|
||||
{
|
||||
struct super_block *sb = area->a_sb;
|
||||
struct logfs_segment_header sh;
|
||||
union {
|
||||
struct logfs_segment_header sh;
|
||||
unsigned char c[ALIGN(sizeof(struct logfs_segment_header), 16)];
|
||||
} u;
|
||||
u64 ofs;
|
||||
int err;
|
||||
|
||||
@ -396,20 +399,21 @@ static int journal_erase_segment(struct logfs_area *area)
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
sh.pad = 0;
|
||||
sh.type = SEG_JOURNAL;
|
||||
sh.level = 0;
|
||||
sh.segno = cpu_to_be32(area->a_segno);
|
||||
sh.ec = cpu_to_be32(area->a_erase_count);
|
||||
sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
|
||||
sh.crc = logfs_crc32(&sh, sizeof(sh), 4);
|
||||
memset(&u, 0, sizeof(u));
|
||||
u.sh.pad = 0;
|
||||
u.sh.type = SEG_JOURNAL;
|
||||
u.sh.level = 0;
|
||||
u.sh.segno = cpu_to_be32(area->a_segno);
|
||||
u.sh.ec = cpu_to_be32(area->a_erase_count);
|
||||
u.sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
|
||||
u.sh.crc = logfs_crc32(&u.sh, sizeof(u.sh), 4);
|
||||
|
||||
/* This causes a bug in segment.c. Not yet. */
|
||||
//logfs_set_segment_erased(sb, area->a_segno, area->a_erase_count, 0);
|
||||
|
||||
ofs = dev_ofs(sb, area->a_segno, 0);
|
||||
area->a_used_bytes = ALIGN(sizeof(sh), 16);
|
||||
logfs_buf_write(area, ofs, &sh, sizeof(sh));
|
||||
area->a_used_bytes = sizeof(u);
|
||||
logfs_buf_write(area, ofs, &u, sizeof(u));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user