[LogFS] Plug 8 byte information leak

Within each journal segment, 8 bytes at offset 24 would remain uninitialized. Signed-off-by: Joern Engel <joern@logfs.org>

[LogFS] Plug 8 byte information leak
Within each journal segment, 8 bytes at offset 24 would remain uninitialized. Signed-off-by: Joern Engel <joern@logfs.org>
Joern Engel
1 parent 032d8f7268
Showing 1 changed file with 14 additions and 10 deletions Side-by-side Diff
fs/logfs/journal.c
@@ -388,7 +388,10 @@
 static int journal_erase_segment(struct logfs_area *area)
 {
 	struct super_block *sb = area->a_sb;
-	struct logfs_segment_header sh;
+	union {
+		struct logfs_segment_header sh;
+		unsigned char c[ALIGN(sizeof(struct logfs_segment_header), 16)];
+	} u;
 	u64 ofs;
 	int err;
  
  
@@ -396,20 +399,21 @@
 	if (err)
 		return err;
  
-	sh.pad = 0;
-	sh.type = SEG_JOURNAL;
-	sh.level = 0;
-	sh.segno = cpu_to_be32(area->a_segno);
-	sh.ec = cpu_to_be32(area->a_erase_count);
-	sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
-	sh.crc = logfs_crc32(&sh, sizeof(sh), 4);
+	memset(&u, 0, sizeof(u));
+	u.sh.pad = 0;
+	u.sh.type = SEG_JOURNAL;
+	u.sh.level = 0;
+	u.sh.segno = cpu_to_be32(area->a_segno);
+	u.sh.ec = cpu_to_be32(area->a_erase_count);
+	u.sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
+	u.sh.crc = logfs_crc32(&u.sh, sizeof(u.sh), 4);
  
 	/* This causes a bug in segment.c.  Not yet. */
 	//logfs_set_segment_erased(sb, area->a_segno, area->a_erase_count, 0);
  
 	ofs = dev_ofs(sb, area->a_segno, 0);
-	area->a_used_bytes = ALIGN(sizeof(sh), 16);
-	logfs_buf_write(area, ofs, &sh, sizeof(sh));
+	area->a_used_bytes = sizeof(u);
+	logfs_buf_write(area, ofs, &u, sizeof(u));
 	return 0;
 }
...	...	@@ -388,7 +388,10 @@
388	388	static int journal_erase_segment(struct logfs_area *area)
389	389	{
390	390	struct super_block *sb = area->a_sb;
391		- struct logfs_segment_header sh;
	391	+ union {
	392	+ struct logfs_segment_header sh;
	393	+ unsigned char c[ALIGN(sizeof(struct logfs_segment_header), 16)];
	394	+ } u;
392	395	u64 ofs;
393	396	int err;
394	397
395	398
...	...	@@ -396,20 +399,21 @@
396	399	if (err)
397	400	return err;
398	401
399		- sh.pad = 0;
400		- sh.type = SEG_JOURNAL;
401		- sh.level = 0;
402		- sh.segno = cpu_to_be32(area->a_segno);
403		- sh.ec = cpu_to_be32(area->a_erase_count);
404		- sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
405		- sh.crc = logfs_crc32(&sh, sizeof(sh), 4);
	402	+ memset(&u, 0, sizeof(u));
	403	+ u.sh.pad = 0;
	404	+ u.sh.type = SEG_JOURNAL;
	405	+ u.sh.level = 0;
	406	+ u.sh.segno = cpu_to_be32(area->a_segno);
	407	+ u.sh.ec = cpu_to_be32(area->a_erase_count);
	408	+ u.sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);
	409	+ u.sh.crc = logfs_crc32(&u.sh, sizeof(u.sh), 4);
406	410
407	411	/* This causes a bug in segment.c. Not yet. */
408	412	//logfs_set_segment_erased(sb, area->a_segno, area->a_erase_count, 0);
409	413
410	414	ofs = dev_ofs(sb, area->a_segno, 0);
411		- area->a_used_bytes = ALIGN(sizeof(sh), 16);
412		- logfs_buf_write(area, ofs, &sh, sizeof(sh));
	415	+ area->a_used_bytes = sizeof(u);
	416	+ logfs_buf_write(area, ofs, &u, sizeof(u));
413	417	return 0;
414	418	}
415	419