wonderful-mobile/exynos-linux-stable
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exynos-linux-stable/fs/btrfs
History
Dan Carpenter 9c1433b5dd Btrfs: fix an integer overflow check 
[ Upstream commit 457ae7268b29c33dee1c0feb143a15f6029d177b ]

This isn't super serious because you need CAP_ADMIN to run this code.

I added this integer overflow check last year but apparently I am
rubbish at writing integer overflow checks...  There are two issues.
First, access_ok() works on unsigned long type and not u64 so on 32 bit
systems the access_ok() could be checking a truncated size.  The other
issue is that we should be using a stricter limit so we don't overflow
the kzalloc() setting ctx->clone_roots later in the function after the
access_ok():

	alloc_size = sizeof(struct clone_root) * (arg->clone_sources_count + 1);
	sctx->clone_roots = kzalloc(alloc_size, GFP_KERNEL | __GFP_NOWARN);

Fixes: f5ecec3ce2 ("btrfs: send: silence an integer overflow warning")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ added comment ]
Signed-off-by: David Sterba <dsterba@suse.com>

Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-25 14:23:43 +01:00
..
tests btrfs: tests: Fix a memory leak in error handling path in 'run_test()' 2017-12-20 10:07:31 +01:00
acl.c btrfs: Don't clear SGID when inheriting ACLs 2017-07-27 15:07:58 -07:00
async-thread.c btrfs: fix crash when tracepoint arguments are freed by wq callbacks 2017-01-19 20:18:02 +01:00
async-thread.h btrfs: limit async_work allocation and worker func duration 2017-01-06 10:40:10 +01:00
backref.c btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
backref.h btrfs: cleanup, remove inode_item_info helper 2015-01-14 19:23:47 +01:00
btrfs_inode.h Btrfs: add a flags field to btrfs_fs_info 2016-09-26 17:59:49 +02:00
check-integrity.c btrfs: convert printk(KERN_* to use pr_* calls 2016-09-26 18:08:44 +02:00
check-integrity.h fs: have submit_bh users pass in op and flags separately 2016-06-07 13:41:38 -06:00
compression.c btrfs: assign error values to the correct bio structs 2016-10-17 14:16:14 -07:00
compression.h btrfs: move btrfs_compression_type to compression.h 2016-03-11 17:12:46 +01:00
ctree.c Btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf 2016-09-26 19:50:44 +02:00
ctree.h btrfs: store and load values of stripes_min/stripes_max in balance status item 2017-01-06 10:40:10 +01:00
dedupe.h btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize 2016-07-26 13:52:25 +02:00
delayed-inode.c btrfs: limit async_work allocation and worker func duration 2017-01-06 10:40:10 +01:00
delayed-inode.h Btrfs: fix ->iterate_shared() by upgrading i_rwsem for delayed nodes 2016-06-25 06:20:10 -07:00
delayed-ref.c btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
delayed-ref.h Btrfs: remove unused function btrfs_add_delayed_qgroup_reserve() 2016-08-03 11:02:51 +01:00
dev-replace.c btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
dev-replace.h btrfs: refactor btrfs_dev_replace_start for reuse 2016-04-28 10:59:13 +02:00
dir-item.c btrfs: unsplit printed strings 2016-09-26 18:08:44 +02:00
disk-io.c Btrfs: fix emptiness check for dirtied extent buffers at check_leaf() 2017-01-06 10:40:10 +01:00
disk-io.h Btrfs: fix memory leak of block group cache 2016-09-26 17:59:49 +02:00
export.c BTRFS: support NFSv2 export 2015-10-06 06:55:23 -07:00
export.h
extent-tree.c btrfs: fix missing error return in btrfs_drop_snapshot 2017-12-14 09:28:12 +01:00
extent_io.c Btrfs: remove some no-op casts 2016-10-24 18:20:29 +02:00
extent_io.h Merge branch 'fst-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.9 2016-10-12 13:16:00 -07:00
extent_map.c btrfs: Fix slab accounting flags 2016-07-26 13:52:25 +02:00
extent_map.h btrfs: cleanup, stop casting for extent_map->lookup everywhere 2016-01-15 19:22:28 +01:00
file-item.c Btrfs: fix __MAX_CSUM_ITEMS 2016-08-03 14:08:37 -07:00
file.c fs: add i_blocksize() 2017-06-14 15:06:00 +02:00
free-space-cache.c btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
free-space-cache.h btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
free-space-tree.c Merge branch 'fst-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.9 2016-10-12 13:16:00 -07:00
free-space-tree.h Btrfs: implement the free space B-tree 2015-12-17 12:16:47 -08:00
hash.c crypto: Work around deallocated stack frame reference gcc bug on sparc. 2017-06-24 07:11:17 +02:00
hash.h btrfs: advertise which crc32c implementation is being used at module load 2016-06-06 14:08:28 +02:00
inode-item.c btrfs: rename btrfs_std_error to btrfs_handle_fs_error 2016-04-28 10:36:54 +02:00
inode-map.c btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
inode-map.h Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and subvolume roots 2016-01-15 19:25:02 +01:00
inode.c btrfs: add missing memset while reading compressed inline extents 2017-12-20 10:07:26 +01:00
ioctl.c btrfs: prevent to set invalid default subvolid 2017-10-05 09:44:04 +02:00
Kconfig rcu: Make SRCU optional by using CONFIG_SRCU 2015-01-06 11:04:29 -08:00
locking.c btrfs: cleanup, remove stray return statements 2016-01-07 14:30:52 +01:00
locking.h btrfs: fix lockups from btrfs_clear_path_blocking 2014-11-19 10:34:35 -08:00
lzo.c btrfs: convert printk(KERN_* to use pr_* calls 2016-09-26 18:08:44 +02:00
Makefile Btrfs: add free space tree sanity tests 2015-12-17 12:16:47 -08:00
math.h btrfs: cleanup 64bit/32bit divs, compile time constants 2015-03-03 17:23:57 +01:00
ordered-data.c btrfs: unsplit printed strings 2016-09-26 18:08:44 +02:00
ordered-data.h Btrfs: fix race setting block group readonly during device replace 2016-05-30 12:58:21 +01:00
orphan.c btrfs: kill the key type accessor helpers 2014-09-17 13:37:12 -07:00
print-tree.c btrfs: convert printk(KERN_* to use pr_* calls 2016-09-26 18:08:44 +02:00
print-tree.h
props.c btrfs: simpilify btrfs_subvol_inherit_props 2016-07-26 13:54:22 +02:00
props.h Btrfs: add support for inode properties 2014-01-28 13:20:24 -08:00
qgroup.c Btrfs: fix qgroup rescan worker initialization 2017-01-06 10:40:10 +01:00
qgroup.h btrfs: qgroup: Refactor btrfs_qgroup_insert_dirty_extent() 2016-08-25 03:58:21 -07:00
raid56.c Btrfs: remove BUG() in raid56 2016-09-26 17:59:49 +02:00
raid56.h Btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation 2015-08-09 07:34:26 -07:00
rcu-string.h
reada.c btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
relocation.c btrfs: fix NULL pointer dereference from free_reloc_roots() 2017-10-05 09:44:03 +02:00
root-tree.c btrfs: unsplit printed strings 2016-09-26 18:08:44 +02:00
scrub.c btrfs: unsplit printed strings 2016-09-26 18:08:44 +02:00
send.c Btrfs: fix an integer overflow check 2017-12-25 14:23:43 +01:00
send.h Btrfs: use linux/sizes.h to represent constants 2016-01-07 14:38:02 +01:00
struct-funcs.c btrfs: fix string and comment grammatical issues and typos 2016-05-25 22:35:14 +02:00
super.c btrfs: resume qgroup rescan on rw remount 2017-09-13 14:13:36 -07:00
sysfs.c btrfs: convert printk(KERN_* to use pr_* calls 2016-09-26 18:08:44 +02:00
sysfs.h btrfs: sysfs: introduce helper for syncing bits with sysfs files 2016-01-21 18:50:40 +01:00
transaction.c Merge branch 'for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2016-10-11 11:23:06 -07:00
transaction.h btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
tree-defrag.c Btrfs: fix locking bugs when defragging leaves 2015-12-18 02:51:32 +00:00
tree-log.c Btrfs: fix lockdep warning about log_mutex 2017-08-06 18:59:47 -07:00
tree-log.h Btrfs: fix lockdep warning on deadlock against an inode's log mutex 2016-08-25 03:58:32 -07:00
ulist.c btrfs: fix string and comment grammatical issues and typos 2016-05-25 22:35:14 +02:00
ulist.h btrfs: ulist: Add ulist_del() function. 2015-06-10 09:26:17 -07:00
uuid-tree.c btrfs: return the actual error value from from btrfs_uuid_tree_iterate 2017-11-30 08:39:14 +00:00
volumes.c Btrfs: fix potential use-after-free for cloned bio 2017-10-08 10:26:08 +02:00
volumes.h btrfs: convert pr_* to btrfs_* where possible 2016-09-26 19:37:04 +02:00
xattr.c fs: Replace current_fs_time() with current_time() 2016-09-27 21:06:22 -04:00
xattr.h btrfs: Switch to generic xattr handlers 2016-05-17 19:17:09 -04:00
zlib.c btrfs: convert printk(KERN_* to use pr_* calls 2016-09-26 18:08:44 +02:00