| Message ID | 20181214194532.21841-1-fdmanana@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Btrfs: do not overwrite error return value in the device replace ioctl | expand |
On 12/15/2018 03:45 AM, fdmanana@kernel.org wrote: > From: Filipe Manana <fdmanana@suse.com> > > If the call to btrfs_dev_replace_by_ioctl() failed we would overwrite the > error returned to user space with -EFAULT if the call to copy_to_user() > failed as well. Fix that by calling copy_to_user() only if no error > happened before. > > Signed-off-by: Filipe Manana <fdmanana@suse.com> > --- > fs/btrfs/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c > index 0b101df822e9..abe45fd97ab5 100644 > --- a/fs/btrfs/ioctl.c > +++ b/fs/btrfs/ioctl.c > @@ -4401,7 +4401,7 @@ static long btrfs_ioctl_dev_replace(struct btrfs_fs_info *fs_info, > break; > } > > - if (copy_to_user(arg, p, sizeof(*p))) > + if (ret == 0 && copy_to_user(arg, p, sizeof(*p))) Its the same thing here too.. we copy ret to args->result even if it fails. Now with this patch, if ret is non-zero, its not in args->result at the userland anymore. If there is any tool which just checks args->result will be at problem, which I think is rare, should be ok. It would have been nice to have this design as in this patch, in the original code. ------ 530 ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name, 531 args->start.srcdevid, 532 args->start.srcdev_name, 533 args->start.cont_reading_from_srcdev_mode); 534 args->result = ret; -------- > ret = -EFAULT; > out: > kfree(p); >
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 0b101df822e9..abe45fd97ab5 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -4401,7 +4401,7 @@ static long btrfs_ioctl_dev_replace(struct btrfs_fs_info *fs_info, break; } - if (copy_to_user(arg, p, sizeof(*p))) + if (ret == 0 && copy_to_user(arg, p, sizeof(*p))) ret = -EFAULT; out: kfree(p);