diff options
| author | Greg Kroah-Hartman <gregkh@google.com> | 2020-09-12 12:06:23 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@google.com> | 2020-09-12 12:06:23 +0200 |
| commit | 5fd2d19eeb9767339e1338eb6789495d1812065b (patch) | |
| tree | 175a258093131acb0832d165dd403ab296440a27 /fs/btrfs/ioctl.c | |
| parent | 709199f38bc2a38879e7b9fd3a79ceb9311305ef (diff) | |
| parent | 42b5f72fbe6b5f9c63207f3f6152673c6c9af451 (diff) | |
Merge 4.4.236 into android-4.4-p
Changes in 4.4.236
HID: core: Correctly handle ReportSize being zero
HID: core: Sanitize event code and type when mapping input
perf record/stat: Explicitly call out event modifiers in the documentation
mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
hwmon: (applesmc) check status earlier.
ceph: don't allow setlease on cephfs
s390: don't trace preemption in percpu macros
xen/xenbus: Fix granting of vmalloc'd memory
dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
batman-adv: Avoid uninitialized chaddr when handling DHCP
batman-adv: bla: use netif_rx_ni when not in interrupt context
dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate()
netfilter: nf_tables: incorrect enum nft_list_attributes definition
netfilter: nf_tables: fix destination register zeroing
dmaengine: pl330: Fix burst length if burst size is smaller than bus width
bnxt_en: Check for zero dir entries in NVRAM.
fix regression in "epoll: Keep a reference on files added to the check list"
tg3: Fix soft lockup when tg3_reset_task() fails.
iommu/vt-d: Serialize IOMMU GCMD register modifications
thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
include/linux/log2.h: add missing () around n in roundup_pow_of_two()
btrfs: drop path before adding new uuid tree entry
btrfs: Remove redundant extent_buffer_get in get_old_root
btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
btrfs: set the lockdep class for log tree extent buffers
uaccess: Add non-pagefault user-space read functions
uaccess: Add non-pagefault user-space write function
btrfs: fix potential deadlock in the search ioctl
net: qmi_wwan: MDM9x30 specific power management
net: qmi_wwan: support "raw IP" mode
net: qmi_wwan: should hold RTNL while changing netdev type
net: qmi_wwan: ignore bogus CDC Union descriptors
Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to qmi_wwan
qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
qmi_wwan: add support for Quectel EC21 and EC25
NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
usb: qmi_wwan: add D-Link DWM-222 A2 device ID
net: usb: qmi_wwan: add Telit ME910 support
net: usb: qmi_wwan: add Telit 0x1050 composition
ALSA: ca0106: fix error code handling
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
dm cache metadata: Avoid returning cmd->bm wild pointer on error
dm thin metadata: Avoid returning cmd->bm wild pointer on error
net: refactor bind_bucket fastreuse into helper
net: initialize fastreuse on inet_inherit_port
checkpatch: fix the usage of capture group ( ... )
mm/hugetlb: fix a race between hugetlb sysctl handlers
cfg80211: regulatory: reject invalid hints
net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
ALSA: firewire-digi00x: add support for console models of Digi00x series
ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
ALSA; firewire-tascam: exclude Tascam FE-8 from detection
fs/affs: use octal for permissions
affs: fix basic permission bits to actually work
ravb: Fixed to be able to unload modules
net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
bnxt_en: Failure to update PHY is not fatal condition.
bnxt: don't enable NAPI until rings are ready
net: usb: dm9601: Add USB ID of Keenetic Plus DSL
sctp: not disable bh in the whole sctp_get_port_local()
net: disable netpoll on fresh napis
Linux 4.4.236
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I45da24ccdf864c8774a1265a5d81685e04add060
Diffstat (limited to 'fs/btrfs/ioctl.c')
| -rw-r--r-- | fs/btrfs/ioctl.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 245a50f490f6..91a45ef69152 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2017,9 +2017,14 @@ static noinline int copy_to_sk(struct btrfs_root *root, sh.len = item_len; sh.transid = found_transid; - /* copy search result header */ - if (copy_to_user(ubuf + *sk_offset, &sh, sizeof(sh))) { - ret = -EFAULT; + /* + * Copy search result header. If we fault then loop again so we + * can fault in the pages and -EFAULT there if there's a + * problem. Otherwise we'll fault and then copy the buffer in + * properly this next time through + */ + if (probe_user_write(ubuf + *sk_offset, &sh, sizeof(sh))) { + ret = 0; goto out; } @@ -2027,10 +2032,14 @@ static noinline int copy_to_sk(struct btrfs_root *root, if (item_len) { char __user *up = ubuf + *sk_offset; - /* copy the item */ - if (read_extent_buffer_to_user(leaf, up, - item_off, item_len)) { - ret = -EFAULT; + /* + * Copy the item, same behavior as above, but reset the + * * sk_offset so we copy the full thing again. + */ + if (read_extent_buffer_to_user_nofault(leaf, up, + item_off, item_len)) { + ret = 0; + *sk_offset -= sizeof(sh); goto out; } @@ -2120,6 +2129,10 @@ static noinline int search_ioctl(struct inode *inode, key.offset = sk->min_offset; while (1) { + ret = fault_in_pages_writeable(ubuf, *buf_size - sk_offset); + if (ret) + break; + ret = btrfs_search_forward(root, &key, path, sk->min_transid); if (ret != 0) { if (ret > 0) |