From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Dan Carpenter <dan.carpenter@linaro.org>,
Filipe Manana <fdmanana@suse.com>,
David Sterba <dsterba@suse.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 45/45] btrfs: use u64 for buffer sizes in the tree search ioctls
Date: Wed, 15 Nov 2023 14:33:22 -0500 [thread overview]
Message-ID: <20231115191422.210566150@linuxfoundation.org> (raw)
In-Reply-To: <20231115191419.641552204@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit dec96fc2dcb59723e041416b8dc53e011b4bfc2e ]
In the tree search v2 ioctl we use the type size_t, which is an unsigned
long, to track the buffer size in the local variable 'buf_size'. An
unsigned long is 32 bits wide on a 32 bits architecture. The buffer size
defined in struct btrfs_ioctl_search_args_v2 is a u64, so when we later
try to copy the local variable 'buf_size' to the argument struct, when
the search returns -EOVERFLOW, we copy only 32 bits which will be a
problem on big endian systems.
Fix this by using a u64 type for the buffer sizes, not only at
btrfs_ioctl_tree_search_v2(), but also everywhere down the call chain
so that we can use the u64 at btrfs_ioctl_tree_search_v2().
Fixes: cc68a8a5a433 ("btrfs: new ioctl TREE_SEARCH_V2")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/linux-btrfs/ce6f4bd6-9453-4ffe-ba00-cee35495e10f@moroto.mountain/
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ioctl.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index d8255bd33d50a..93b83dc298ac9 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1988,7 +1988,7 @@ static noinline int key_in_sk(struct btrfs_key *key,
static noinline int copy_to_sk(struct btrfs_path *path,
struct btrfs_key *key,
struct btrfs_ioctl_search_key *sk,
- size_t *buf_size,
+ u64 *buf_size,
char __user *ubuf,
unsigned long *sk_offset,
int *num_found)
@@ -2120,7 +2120,7 @@ static noinline int copy_to_sk(struct btrfs_path *path,
static noinline int search_ioctl(struct inode *inode,
struct btrfs_ioctl_search_key *sk,
- size_t *buf_size,
+ u64 *buf_size,
char __user *ubuf)
{
struct btrfs_fs_info *info = btrfs_sb(inode->i_sb);
@@ -2192,7 +2192,7 @@ static noinline int btrfs_ioctl_tree_search(struct file *file,
struct btrfs_ioctl_search_key sk;
struct inode *inode;
int ret;
- size_t buf_size;
+ u64 buf_size;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -2226,8 +2226,8 @@ static noinline int btrfs_ioctl_tree_search_v2(struct file *file,
struct btrfs_ioctl_search_args_v2 args;
struct inode *inode;
int ret;
- size_t buf_size;
- const size_t buf_limit = SZ_16M;
+ u64 buf_size;
+ const u64 buf_limit = SZ_16M;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
--
2.42.0
next prev parent reply other threads:[~2023-11-15 20:04 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-15 19:32 [PATCH 4.14 00/45] 4.14.330-rc1 review Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 01/45] i40e: fix potential memory leaks in i40e_remove() Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 02/45] tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 03/45] tcp_metrics: do not create an entry from tcp_init_metrics() Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 04/45] wifi: rtlwifi: fix EDCA limit set by BT coexistence Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 05/45] thermal: core: prevent potential string overflow Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 06/45] ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 07/45] ipv6: avoid atomic fragment on GSO packets Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 08/45] clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 09/45] clk: keystone: pll: fix a couple NULL vs IS_ERR() checks Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 10/45] clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 11/45] clk: mediatek: clk-mt2701: " Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 12/45] platform/x86: wmi: Fix probe failure when failing to register WMI devices Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 13/45] drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 14/45] drm/radeon: possible buffer overflow Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 15/45] drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 16/45] ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 17/45] firmware: ti_sci: Mark driver as non removable Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 18/45] hwrng: geode - fix accessing registers Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 19/45] ARM: 9321/1: memset: cast the constant byte to unsigned char Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 20/45] ext4: move ix sanity check to corrent position Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 21/45] RDMA/hfi1: Workaround truncation compilation error Greg Kroah-Hartman
2023-11-15 19:32 ` [PATCH 4.14 22/45] sh: bios: Revive earlyprintk support Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 23/45] ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 24/45] mfd: dln2: Fix double put in dln2_probe Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 25/45] tty: tty_jobctrl: fix pid memleak in disassociate_ctty() Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 26/45] usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 27/45] dmaengine: ti: edma: handle irq_of_parse_and_map() errors Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 28/45] misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 29/45] USB: usbip: fix stub_dev hub disconnect Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 30/45] dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 31/45] pcmcia: cs: fix possible hung task and memory leak pccardd() Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 32/45] pcmcia: ds: fix refcount leak in pcmcia_device_add() Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 33/45] pcmcia: ds: fix possible name leak in error path " Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 34/45] media: s3c-camif: Avoid inappropriate kfree() Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 35/45] media: dvb-usb-v2: af9035: fix missing unlock Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 36/45] pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 37/45] llc: verify mac len before reading mac header Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 38/45] tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 39/45] dccp: Call security_inet_conn_request() after setting IPv4 addresses Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 40/45] dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 41/45] tg3: power down device only on SYSTEM_POWER_OFF Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 42/45] netfilter: xt_recent: fix (increase) ipv6 literal buffer length Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 43/45] fbdev: fsl-diu-fb: mark wr_reg_wa() static Greg Kroah-Hartman
2023-11-15 19:33 ` [PATCH 4.14 44/45] Revert "mmc: core: Capture correct oemid-bits for eMMC cards" Greg Kroah-Hartman
2023-11-15 19:33 ` Greg Kroah-Hartman [this message]
2023-11-16 11:29 ` [PATCH 4.14 00/45] 4.14.330-rc1 review Naresh Kamboju
2023-11-16 20:08 ` Harshit Mogalapalli
2023-11-17 4:10 ` Guenter Roeck
2023-11-17 17:00 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231115191422.210566150@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@linaro.org \
--cc=dsterba@suse.com \
--cc=fdmanana@suse.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).