Fix obvious user->kmem memcoy typo https://jira.sw.ru/browse/PSBM-49885 Signed-off-by: Dmitry Monakhov <dmonak...@openvz.org> --- fs/ext4/ioctl.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 4ef2876..7260d99 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -775,6 +775,7 @@ resize_out: struct ext4_ioc_mfsync_info mfsync; struct file **filpp; unsigned int *flags; + __u32 __user *usr_fd; int i, err; if (copy_from_user(&mfsync, (struct ext4_ioc_mfsync_info *)arg, @@ -784,6 +785,8 @@ resize_out: } if (mfsync.size == 0) return 0; + usr_fd = (__u32 __user *) (arg + sizeof(__u32)); + filpp = kzalloc(mfsync.size * sizeof(*filp), GFP_KERNEL); if (!filpp) return -ENOMEM; @@ -797,12 +800,9 @@ resize_out: int ret; err = -EFAULT; - ret = get_user(fd, mfsync.fd + i); - if (ret) { - printk("%s:%d i:%d p:%p", __FUNCTION__, __LINE__, - i, mfsync.fd + i); + ret = get_user(fd, usr_fd + i); + if (ret) goto mfsync_fput; - } /* negative fd means fdata_sync */ flags[i] = (fd & (1<< 31)) != 0; @@ -810,10 +810,8 @@ resize_out: err = -EBADF; filpp[i] = fget(fd); - if (!filpp[i]) { - printk("%s:%d", __FUNCTION__, __LINE__); + if (!filpp[i]) goto mfsync_fput; - } } err = ext4_sync_files(filpp, flags, mfsync.size); mfsync_fput: -- 1.8.3.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel