[Devel,RHEL7,COMMIT] ext4: fix broken mfsync_ioctl

Submitted by Konstantin Khorenko on Aug. 9, 2016, 9:57 a.m.

Details

Message ID 201608090957.u799vMO5016368@finist_cl7.x64_64.work.ct
State New
Series "ext4: fix broken mfsync_ioctl"
Headers show

Commit Message

Konstantin Khorenko Aug. 9, 2016, 9:57 a.m.
The commit is pushed to "branch-rh7-3.10.0-327.22.2.vz7.16.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.22.2.vz7.16.3
------>
commit b4d7159537296b5c142329b1bf786009c4d6bc49
Author: Dmitry Monakhov <dmonakhov@openvz.org>
Date:   Tue Aug 9 13:57:22 2016 +0400

    ext4: fix broken mfsync_ioctl
    
    Fix obvious user->kmem memcpy typo.
    
    https://jira.sw.ru/browse/PSBM-49885
    Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
---
 fs/ext4/ioctl.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 4ef2876..7260d99 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -775,6 +775,7 @@  resize_out:
 		struct ext4_ioc_mfsync_info mfsync;
 		struct file **filpp;
 		unsigned int *flags;
+		__u32 __user *usr_fd;
 		int i, err;
 
 		if (copy_from_user(&mfsync, (struct ext4_ioc_mfsync_info *)arg,
@@ -784,6 +785,8 @@  resize_out:
 		}
 		if (mfsync.size == 0)
 			return 0;
+		usr_fd = (__u32 __user *) (arg + sizeof(__u32));
+
 		filpp = kzalloc(mfsync.size * sizeof(*filp), GFP_KERNEL);
 		if (!filpp)
 			return -ENOMEM;
@@ -797,12 +800,9 @@  resize_out:
 			int ret;
 
 			err = -EFAULT;
-			ret = get_user(fd, mfsync.fd + i);
-			if (ret) {
-				printk("%s:%d i:%d p:%p", __FUNCTION__, __LINE__,
-				       i, mfsync.fd + i);
+			ret = get_user(fd, usr_fd + i);
+			if (ret)
 				goto mfsync_fput;
-			}
 
 			/* negative fd means fdata_sync */
 			flags[i] = (fd & (1<< 31)) != 0;
@@ -810,10 +810,8 @@  resize_out:
 
 			err = -EBADF;
 			filpp[i] = fget(fd);
-			if (!filpp[i]) {
-				printk("%s:%d", __FUNCTION__, __LINE__);
+			if (!filpp[i])
 				goto mfsync_fput;
-			}
 		}
 		err = ext4_sync_files(filpp, flags, mfsync.size);
 mfsync_fput: