If an item in tree_search is too large to be stored in the given buffer, return
the needed size (including the header).
Signed-off-by: Gerhard Heift <gerh...@heift.name>
---
fs/btrfs/ioctl.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 04e1a98..10b9931 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1854,7 +1854,7 @@ static noinline int copy_to_sk(struct btrfs_root *root,
struct btrfs_path *path,
struct btrfs_key *key,
struct btrfs_ioctl_search_key *sk,
- size_t buf_size,
+ size_t *buf_size,
char *buf,
unsigned long *sk_offset,
int *num_found)
@@ -1887,7 +1887,7 @@ static noinline int copy_to_sk(struct btrfs_root *root,
if (!key_in_sk(key, sk))
continue;
- if (sizeof(sh) + item_len > buf_size) {
+ if (sizeof(sh) + item_len > *buf_size) {
if (*num_found) {
ret = 1;
goto overflow;
@@ -1898,11 +1898,12 @@ static noinline int copy_to_sk(struct btrfs_root *root,
* handle -EOVERFLOW
*/
+ *buf_size = sizeof(sh) + item_len;
item_len = 0;
ret = -EOVERFLOW;
}
- if (sizeof(sh) + item_len + *sk_offset > buf_size) {
+ if (sizeof(sh) + item_len + *sk_offset > *buf_size) {
ret = 1;
goto overflow;
}
@@ -1951,7 +1952,7 @@ overflow:
static noinline int search_ioctl(struct inode *inode,
struct btrfs_ioctl_search_key *sk,
- size_t buf_size,
+ size_t *buf_size,
char *buf)
{
struct btrfs_root *root;
@@ -1962,8 +1963,10 @@ static noinline int search_ioctl(struct inode *inode,
int num_found = 0;
unsigned long sk_offset = 0;
- if (buf_size < sizeof(struct btrfs_ioctl_search_header))
+ if (*buf_size < sizeof(struct btrfs_ioctl_search_header)) {
+ *buf_size = sizeof(struct btrfs_ioctl_search_header);
return -EOVERFLOW;
+ }
path = btrfs_alloc_path();
if (!path)
@@ -2016,9 +2019,10 @@ err:
static noinline int btrfs_ioctl_tree_search(struct file *file,
void __user *argp)
{
- struct btrfs_ioctl_search_args *args;
- struct inode *inode;
- int ret;
+ struct btrfs_ioctl_search_args *args;
+ struct inode *inode;
+ int ret;
+ size_t buf_size;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -2027,8 +2031,10 @@ static noinline int btrfs_ioctl_tree_search(struct file
*file,
if (IS_ERR(args))
return PTR_ERR(args);
+ buf_size = sizeof(args->buf);
+
inode = file_inode(file);
- ret = search_ioctl(inode, &args->key, sizeof(args->buf), args->buf);
+ ret = search_ioctl(inode, &args->key, &buf_size, args->buf);
/*
* In the origin implementation an overflow is handled by returning a
--
1.8.5.3
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
