btrfs: Fix -EOVERFLOW handling in btrfs_ioctl_tree_search_v2

The buffer passed to btrfs_ioctl_tree_search* functions have to be at least sizeof(struct btrfs_ioctl_search_header). If this is not the case then the ioctl should return -EOVERFLOW and set the uarg->buf_size to the minimum required size. Currently btrfs_ioctl_tree_search_v2 would return an -EOVERFLOW error with ->buf_size being set to the value passed by user space. Fix this by removing the size check and relying on search_ioctl, which already includes it and correctly sets buf_size. Signed-off-by: N Nikolay Borisov <nborisov@suse.com> Signed-off-by: N Chris Mason <clm@fb.com> Reviewed-by: N David Sterba <dsterba@suse.com> Signed-off-by: N David Sterba <dsterba@suse.com>

btrfs: Fix -EOVERFLOW handling in btrfs_ioctl_tree_search_v2
The buffer passed to btrfs_ioctl_tree_search* functions have to be at least sizeof(struct btrfs_ioctl_search_header). If this is not the case then the ioctl should return -EOVERFLOW and set the uarg->buf_size to the minimum required size. Currently btrfs_ioctl_tree_search_v2 would return an -EOVERFLOW error with ->buf_size being set to the value passed by user space. Fix this by removing the size check and relying on search_ioctl, which already includes it and correctly sets buf_size. Signed-off-by: N Nikolay Borisov <nborisov@suse.com> Signed-off-by: N Chris Mason <clm@fb.com> Reviewed-by: N David Sterba <dsterba@suse.com> Signed-off-by: N David Sterba <dsterba@suse.com>
c59efa7e · Nikolay Borisov · David Sterba · e6961cac · c59efa7e
隐藏空白更改
内联并排

Showing with 0 addition and 3 deletion

fs/btrfs/ioctl.c fs/btrfs/ioctl.c +0 -3

未找到文件。
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2169,9 +2169,6 @@ static noinline int btrfs_ioctl_tree_search_v2(struct file *file,

 	buf_size = args.buf_size;

-	if (buf_size < sizeof(struct btrfs_ioctl_search_header))
-		return -EOVERFLOW;
-
 	/* limit result size to 16MB */
 	if (buf_size > buf_limit)
 		buf_size = buf_limit;