From patchwork Thu Jan 30 00:27:27 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerhard Heift X-Patchwork-Id: 3555391 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 1BEE6C02DC for ; Thu, 30 Jan 2014 00:28:10 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 32A4A201B9 for ; Thu, 30 Jan 2014 00:28:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8E7E82018E for ; Thu, 30 Jan 2014 00:28:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752317AbaA3A1z (ORCPT ); Wed, 29 Jan 2014 19:27:55 -0500 Received: from mail-ea0-f173.google.com ([209.85.215.173]:39875 "EHLO mail-ea0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752211AbaA3A1t (ORCPT ); Wed, 29 Jan 2014 19:27:49 -0500 Received: by mail-ea0-f173.google.com with SMTP id d10so1256626eaj.18 for ; Wed, 29 Jan 2014 16:27:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=S5webSWnA4UYrV1gUP/euRLOgQf0fU4y7EaA6eotYRM=; b=QXPQJX/j8v8HtlZhmPVRnXopBL6gPeGAf6FJoWFTKkXniM02VZoxnDty6nq4w0hLpQ sFyxJ6AABQl4+kTMBLix8mjc7l33C2DyYOIeAwCAmq4WCU+PaGedOtSr+mxKxybHd2E6 Nqp6Tx1JF58ZUX0q0hAiy3ptIHw24JHay3w5MxhzeQgszA15hA+NNb6dz2kyJG+D/Gac wqLRlb8HrF5TkC9Njsc8UZo2tI8Rv12zLgYjSfcoT/9begikdF2Xh2LxC81ZR/XSTWDa 8vWVInCidjpXH1rejVkgCr5KOVmNbJBGqAXXDxmQ9CC2ZRg1cLdusDAc4QxSYHslaZEr qPkw== X-Gm-Message-State: ALoCoQnBbQBcQwYjvpvfnreuR3r7Q+jsWW8JCRMtvilbfge8lyC+bEGjli8RzKkQOnsAXvpAyrzb X-Received: by 10.15.61.7 with SMTP id h7mr8657783eex.49.1391041668400; Wed, 29 Jan 2014 16:27:48 -0800 (PST) Received: from localhost (host-115-115.kawo1.rwth-aachen.de. [134.130.115.115]) by mx.google.com with ESMTPSA id k41sm15291668eey.0.2014.01.29.16.27.47 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Wed, 29 Jan 2014 16:27:47 -0800 (PST) From: Gerhard Heift To: linux-btrfs@vger.kernel.org Subject: [PATCH RFCv3 2/6] btrfs: copy_to_sk returns EOVERFLOW for too small buffer Date: Thu, 30 Jan 2014 01:27:27 +0100 Message-Id: <1391041651-15689-3-git-send-email-Gerhard@Heift.Name> X-Mailer: git-send-email 1.8.5.3 In-Reply-To: <1391041651-15689-1-git-send-email-Gerhard@Heift.Name> References: <1391041651-15689-1-git-send-email-Gerhard@Heift.Name> Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In copy_to_sk, if an item is too large for the given buffer, it now returns -EOVERFLOW instead of copying a search_header with len = 0. For backward compatibility for the first item it still copies such a header to the buffer, but not any other following items, which could have fitted. tree_search changes -EOVERFLOW back to 0 to behave similiar to the way it behaved before this patch. Signed-off-by: Gerhard Heift --- fs/btrfs/ioctl.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 6aa79e0..04e1a98 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1887,8 +1887,20 @@ static noinline int copy_to_sk(struct btrfs_root *root, if (!key_in_sk(key, sk)) continue; - if (sizeof(sh) + item_len > buf_size) + if (sizeof(sh) + item_len > buf_size) { + if (*num_found) { + ret = 1; + goto overflow; + } + + /* + * return one empty item back for v1, which does not + * handle -EOVERFLOW + */ + item_len = 0; + ret = -EOVERFLOW; + } if (sizeof(sh) + item_len + *sk_offset > buf_size) { ret = 1; @@ -1914,6 +1926,9 @@ static noinline int copy_to_sk(struct btrfs_root *root, } (*num_found)++; + if (ret) /* -EOVERFLOW from above */ + goto overflow; + if (*num_found >= sk->nr_items) break; } @@ -1990,7 +2005,8 @@ static noinline int search_ioctl(struct inode *inode, break; } - ret = 0; + if (ret > 0) + ret = 0; err: sk->nr_items = num_found; btrfs_free_path(path); @@ -2013,6 +2029,14 @@ static noinline int btrfs_ioctl_tree_search(struct file *file, inode = file_inode(file); ret = search_ioctl(inode, &args->key, sizeof(args->buf), args->buf); + + /* + * In the origin implementation an overflow is handled by returning a + * search header with a len of zero, so reset ret. + */ + if (ret == -EOVERFLOW) + ret = 0; + if (ret == 0 && copy_to_user(argp, args, sizeof(*args))) ret = -EFAULT; kfree(args);