linux-hardened/fs/nfsd
Konstantin Khorenko 3aa6e0aa8a NFSD: memory corruption due to writing beyond the stat array
If nfsd fails to find an exported via NFS file in the readahead cache, it
should increment corresponding nfsdstats counter (ra_depth[10]), but due to a
bug it may instead write to ra_depth[11], corrupting the following field.

In a kernel with NFSDv4 compiled in the corruption takes the form of an
increment of a counter of the number of NFSv4 operation 0's received; since
there is no operation 0, this is harmless.

In a kernel with NFSDv4 disabled it corrupts whatever happens to be in the
memory beyond nfsdstats.

Signed-off-by: Konstantin Khorenko <khorenko@openvz.org>
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2011-02-14 10:35:18 -05:00
..
acl.h nfsd4: remove outdated pathname-comments 2011-01-04 18:22:10 -05:00
auth.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
auth.h nfsd: minor fs/nfsd/auth.h cleanup 2008-02-01 16:42:05 -05:00
cache.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
export.c nfsd: don't support msnfs export option 2011-01-13 21:04:07 -05:00
idmap.h nfsd4: return nfs errno from name_to_id functions 2011-01-04 18:22:11 -05:00
Kconfig lockd: push lock_flocks down 2010-10-27 21:39:39 +02:00
lockd.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
Makefile knfsd: trivial makefile cleanup 2007-05-09 12:30:54 -07:00
nfs2acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs3acl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfs3proc.c nfsd: fix offset printk's in nfsd3 read/write 2010-12-17 15:48:18 -05:00
nfs3xdr.c nfsd: Fix possible BUG_ON firing in set_change_info 2010-12-08 11:44:04 -05:00
nfs4acl.c nfsd4: move idmap and acl header files into fs/nfsd 2011-01-04 18:22:09 -05:00
nfs4callback.c NFSD: use nfserr for status after decode_cb_op_status 2011-02-14 10:35:18 -05:00
nfs4idmap.c nfsd4: return nfs errno from name_to_id functions 2011-01-04 18:22:11 -05:00
nfs4proc.c nfsd4: support BIND_CONN_TO_SESSION 2011-01-11 15:04:09 -05:00
nfs4recover.c nfsd4: fix mixed 4.0/4.1 handling, 4.1 reboot 2010-12-17 15:48:01 -05:00
nfs4state.c Merge branch 'for-2.6.38' of git://linux-nfs.org/~bfields/linux 2011-01-14 13:17:26 -08:00
nfs4xdr.c nfsd4: set sequence flag when backchannel is down 2011-01-11 15:04:10 -05:00
nfscache.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nfsctl.c nfsd4: move idmap and acl header files into fs/nfsd 2011-01-04 18:22:09 -05:00
nfsd.h nfsd4: name->id mapping should fail with BADOWNER not BADNAME 2011-01-04 18:21:36 -05:00
nfsfh.c nfsd: fix "insecure" export option 2009-12-20 20:19:51 -08:00
nfsfh.h nfsd: fix BUG at fs/nfsd/nfsfh.h:199 on unlink 2010-10-13 15:48:55 -04:00
nfsproc.c nfsd4: return nfs errno from name_to_id functions 2011-01-04 18:22:11 -05:00
nfssvc.c svcrpc: simpler request dropping 2011-01-04 16:49:22 -05:00
nfsxdr.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
state.h nfsd4: allow restarting callbacks 2011-01-11 15:04:11 -05:00
stats.c nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
vfs.c NFSD: memory corruption due to writing beyond the stat array 2011-02-14 10:35:18 -05:00
vfs.h nfsd: minor nfsd read api cleanup 2010-07-30 12:54:54 -04:00
xdr.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
xdr3.h nfsd: remove pointless paths in file headers 2009-12-15 15:01:47 -05:00
xdr4.h nfsd4: set sequence flag when backchannel is down 2011-01-11 15:04:10 -05:00