On 12/15/2018 03:45 AM, fdman...@kernel.org wrote:
From: Filipe Manana <fdman...@suse.com>
If the call to btrfs_dev_replace_by_ioctl() failed we would overwrite the
error returned to user space with -EFAULT if the call to copy_to_user()
failed as well. Fix that by calling copy_to_user() only if no error
happened before.
Signed-off-by: Filipe Manana <fdman...@suse.com>
---
fs/btrfs/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 0b101df822e9..abe45fd97ab5 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4401,7 +4401,7 @@ static long btrfs_ioctl_dev_replace(struct btrfs_fs_info
*fs_info,
break;
}
- if (copy_to_user(arg, p, sizeof(*p)))
+ if (ret == 0 && copy_to_user(arg, p, sizeof(*p)))
Its the same thing here too.. we copy ret to args->result even
if it fails. Now with this patch, if ret is non-zero, its not
in args->result at the userland anymore. If there
is any tool which just checks args->result will be at problem,
which I think is rare, should be ok. It would have been nice
to have this design as in this patch, in the original code.
------
530 ret = btrfs_dev_replace_start(fs_info,
args->start.tgtdev_name,
531 args->start.srcdevid,
532 args->start.srcdev_name,
533
args->start.cont_reading_from_srcdev_mode);
534 args->result = ret;
--------
ret = -EFAULT;
out:
kfree(p);
