diff options
author | Nikolay Borisov <nborisov@suse.com> | 2017-08-04 14:41:18 +0300 |
---|---|---|
committer | David Sterba <dsterba@suse.com> | 2017-08-18 16:36:29 +0200 |
commit | c59efa7eb2400ae356553a8ed5e3f3ef4cc47831 (patch) | |
tree | 3db951af486430c8f022530c4a25880f4db417d2 | |
parent | e6961cac730f62d9b07efb53835c4eb5ed407bde (diff) | |
download | linux-c59efa7eb2400ae356553a8ed5e3f3ef4cc47831.tar.bz2 |
btrfs: Fix -EOVERFLOW handling in btrfs_ioctl_tree_search_v2
The buffer passed to btrfs_ioctl_tree_search* functions have to be at least
sizeof(struct btrfs_ioctl_search_header). If this is not the case then the
ioctl should return -EOVERFLOW and set the uarg->buf_size to the minimum
required size. Currently btrfs_ioctl_tree_search_v2 would return an -EOVERFLOW
error with ->buf_size being set to the value passed by user space. Fix this by
removing the size check and relying on search_ioctl, which already includes it
and correctly sets buf_size.
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
-rw-r--r-- | fs/btrfs/ioctl.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index b21558bb1294..ae8fbf9d3de2 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2169,9 +2169,6 @@ static noinline int btrfs_ioctl_tree_search_v2(struct file *file, buf_size = args.buf_size; - if (buf_size < sizeof(struct btrfs_ioctl_search_header)) - return -EOVERFLOW; - /* limit result size to 16MB */ if (buf_size > buf_limit) buf_size = buf_limit; |