FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 02-23-2011, 03:25 PM
Stefan Bader
 
Default Fix xfs_bulkstat_one size checks & error handling

From: sandeen@sandeen.net <sandeen@sandeen.net>

The 32-bit xfs_blkstat_one handler was failing because
a size check checked whether the remaining (32-bit)
user buffer was less than the (64-bit) bulkstat buffer,
and failed with ENOMEM if so. Move this check
into the respective handlers so that they check the
correct sizes.

Also, the formatters were returning negative errors
or positive bytes copied; this was odd in the positive
error value world of xfs, and handled wrong by at least
some of the callers, which treated the bytes returned
as an error value. Move the bytes-used assignment
into the formatters.

Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>

BugLink: http://bugs.launchpad.net/bugs/692848

(backported from commit 65fbaf2489c667bf79ae1f20403f30c66568d445 upstream)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
fs/xfs/linux-2.6/xfs_ioctl32.c | 44 +++++++++++++++++++++++----------------
fs/xfs/xfs_itable.c | 21 ++++++++++---------
fs/xfs/xfs_itable.h | 2 +
3 files changed, 39 insertions(+), 28 deletions(-)

diff --git a/fs/xfs/linux-2.6/xfs_ioctl32.c b/fs/xfs/linux-2.6/xfs_ioctl32.c
index b6564ba..dce0a24 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl32.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl32.c
@@ -204,34 +204,42 @@ typedef struct compat_xfs_bstat {
__u16 bs_aextents; /* attribute number of extents */
} _PACKED compat_xfs_bstat_t;

+/* Return 0 on success or positive error (to xfs_bulkstat()) */
STATIC int xfs_bulkstat_one_fmt_compat(
void __user *ubuffer,
+ int ubsize,
+ int *ubused,
const xfs_bstat_t *buffer)
{
compat_xfs_bstat_t __user *p32 = ubuffer;

- if (put_user(buffer->bs_ino, &p32->bs_ino) ||
- put_user(buffer->bs_mode, &p32->bs_mode) ||
- put_user(buffer->bs_nlink, &p32->bs_nlink) ||
- put_user(buffer->bs_uid, &p32->bs_uid) ||
- put_user(buffer->bs_gid, &p32->bs_gid) ||
- put_user(buffer->bs_rdev, &p32->bs_rdev) ||
- put_user(buffer->bs_blksize, &p32->bs_blksize) ||
- put_user(buffer->bs_size, &p32->bs_size) ||
+ if (ubsize < sizeof(*p32))
+ return XFS_ERROR(ENOMEM);
+
+ if (put_user(buffer->bs_ino, &p32->bs_ino) ||
+ put_user(buffer->bs_mode, &p32->bs_mode) ||
+ put_user(buffer->bs_nlink, &p32->bs_nlink) ||
+ put_user(buffer->bs_uid, &p32->bs_uid) ||
+ put_user(buffer->bs_gid, &p32->bs_gid) ||
+ put_user(buffer->bs_rdev, &p32->bs_rdev) ||
+ put_user(buffer->bs_blksize, &p32->bs_blksize) ||
+ put_user(buffer->bs_size, &p32->bs_size) ||
xfs_bstime_store_compat(&p32->bs_atime, &buffer->bs_atime) ||
xfs_bstime_store_compat(&p32->bs_mtime, &buffer->bs_mtime) ||
xfs_bstime_store_compat(&p32->bs_ctime, &buffer->bs_ctime) ||
- put_user(buffer->bs_blocks, &p32->bs_blocks) ||
- put_user(buffer->bs_xflags, &p32->bs_xflags) ||
- put_user(buffer->bs_extsize, &p32->bs_extsize) ||
- put_user(buffer->bs_extents, &p32->bs_extents) ||
- put_user(buffer->bs_gen, &p32->bs_gen) ||
- put_user(buffer->bs_projid, &p32->bs_projid) ||
- put_user(buffer->bs_dmevmask, &p32->bs_dmevmask) ||
- put_user(buffer->bs_dmstate, &p32->bs_dmstate) ||
+ put_user(buffer->bs_blocks, &p32->bs_blocks) ||
+ put_user(buffer->bs_xflags, &p32->bs_xflags) ||
+ put_user(buffer->bs_extsize, &p32->bs_extsize) ||
+ put_user(buffer->bs_extents, &p32->bs_extents) ||
+ put_user(buffer->bs_gen, &p32->bs_gen) ||
+ put_user(buffer->bs_projid, &p32->bs_projid) ||
+ put_user(buffer->bs_dmevmask, &p32->bs_dmevmask) ||
+ put_user(buffer->bs_dmstate, &p32->bs_dmstate) ||
put_user(buffer->bs_aextents, &p32->bs_aextents))
- return -EFAULT;
- return sizeof(*p32);
+ return XFS_ERROR(EFAULT);
+ if (ubused)
+ *ubused = sizeof(*p32);
+ return 0;
}


diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
index ca3db9f..ca42406 100644
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -201,14 +201,21 @@ xfs_bulkstat_one_dinode(
return 0;
}

+/* Return 0 on success or positive error */
STATIC int
xfs_bulkstat_one_fmt(
void __user *ubuffer,
+ int ubsize,
+ int *ubused,
const xfs_bstat_t *buffer)
{
+ if (ubsize < sizeof(*buffer))
+ return XFS_ERROR(ENOMEM);
if (copy_to_user(ubuffer, buffer, sizeof(*buffer)))
- return -EFAULT;
- return sizeof(*buffer);
+ return XFS_ERROR(EFAULT);
+ if (ubused)
+ *ubused = sizeof(*buffer);
+ return 0;
}

/*
@@ -235,8 +242,6 @@ xfs_bulkstat_one_int(

if (!buffer || xfs_internal_inum(mp, ino))
return XFS_ERROR(EINVAL);
- if (ubsize < sizeof(*buf))
- return XFS_ERROR(ENOMEM);

buf = kmem_alloc(sizeof(*buf), KM_SLEEP);

@@ -251,15 +256,11 @@ xfs_bulkstat_one_int(
xfs_bulkstat_one_dinode(mp, ino, dip, buf);
}

- error = formatter(buffer, buf);
- if (error < 0) {
- error = EFAULT;
+ error = formatter(buffer, ubsize, ubused, buf);
+ if (error)
goto out_free;
- }

*stat = BULKSTAT_RV_DIDONE;
- if (ubused)
- *ubused = error;

out_free:
kmem_free(buf, sizeof(*buf));
diff --git a/fs/xfs/xfs_itable.h b/fs/xfs/xfs_itable.h
index 4368d19..afa7647 100644
--- a/fs/xfs/xfs_itable.h
+++ b/fs/xfs/xfs_itable.h
@@ -70,6 +70,8 @@ xfs_bulkstat_single(

typedef int (*bulkstat_one_fmt_pf)( /* used size in bytes or negative error */
void __user *ubuffer, /* buffer to write to */
+ int ubsize, /* remaining user buffer sz */
+ int *ubused, /* bytes used by formatter */
const xfs_bstat_t *buffer); /* buffer to read from */

int
--
1.7.0.4


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 12:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org