releases/2.6.15.2/fix-oops-in-ufs_fill_super-at-mount-time.patch

   1 From nobody Mon Sep 17 00:00:00 2001
   2 Subject: [PATCH] Fix oops in ufs_fill_super at mount time
   3 From: Evgeniy <dushistov@mail.ru>
   4 Date: 1137165135 +0300
   5
   6 There's a lack of parenthesis in fs/ufs/utils.h, so instead of the 512th
   7 byte of buffer, the usb2 pointer will point to the nth structure of type
   8 ufs_super_block_second.
   9
  10 This can cause a mount-time oops if you're unlucky (especially with
  11 DEBUG_PAGEALLOC, which is how Alexey Dobriyan saw this problem)
  12
  13 Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru>
  14 Acked-by: Alexey Dobriyan <adobriyan@gmail.com>
  15 Signed-off-by: Linus Torvalds <torvalds@osdl.org>
  16 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
  17 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  18 ---
  19  fs/ufs/util.h |    4 ++--
  20  1 file changed, 2 insertions(+), 2 deletions(-)
  21
  22 --- linux-2.6.15.1.orig/fs/ufs/util.h
  23 +++ linux-2.6.15.1/fs/ufs/util.h
  24 @@ -255,8 +255,8 @@ extern void _ubh_memcpyubh_(struct ufs_s
  25         ((struct ufs_super_block_first *)((ubh)->bh[0]->b_data))
  26
  27  #define ubh_get_usb_second(ubh) \
  28 -       ((struct ufs_super_block_second *)(ubh)-> \
  29 -       bh[UFS_SECTOR_SIZE >> uspi->s_fshift]->b_data + (UFS_SECTOR_SIZE & ~uspi->s_fmask))
  30 +       ((struct ufs_super_block_second *)((ubh)->\
  31 +       bh[UFS_SECTOR_SIZE >> uspi->s_fshift]->b_data + (UFS_SECTOR_SIZE & ~uspi->s_fmask)))
  32
  33  #define ubh_get_usb_third(ubh) \
  34         ((struct ufs_super_block_third *)((ubh)-> \