struct btrfs_path *path,
struct btrfs_key *key,
struct btrfs_ioctl_search_key *sk,
+ size_t buf_size,
char *buf,
unsigned long *sk_offset,
int *num_found)
if (!key_in_sk(key, sk))
continue;
- if (sizeof(sh) + item_len > BTRFS_SEARCH_ARGS_BUFSIZE)
+ if (sizeof(sh) + item_len > buf_size)
item_len = 0;
- if (sizeof(sh) + item_len + *sk_offset >
- BTRFS_SEARCH_ARGS_BUFSIZE) {
+ if (sizeof(sh) + item_len + *sk_offset > buf_size) {
ret = 1;
goto out;
}
}
static noinline int search_ioctl(struct inode *inode,
- struct btrfs_ioctl_search_args *args)
+ struct btrfs_ioctl_search_key *sk,
+ size_t buf_size,
+ char *buf)
{
struct btrfs_root *root;
struct btrfs_key key;
struct btrfs_path *path;
- struct btrfs_ioctl_search_key *sk = &args->key;
struct btrfs_fs_info *info = BTRFS_I(inode)->root->fs_info;
int ret;
int num_found = 0;
unsigned long sk_offset = 0;
+ if (buf_size < sizeof(struct btrfs_ioctl_search_header))
+ return -EOVERFLOW;
+
path = btrfs_alloc_path();
if (!path)
return -ENOMEM;
ret = 0;
goto err;
}
- ret = copy_to_sk(root, path, &key, sk, args->buf,
+ ret = copy_to_sk(root, path, &key, sk, buf_size, buf,
&sk_offset, &num_found);
btrfs_release_path(path);
if (ret)
return PTR_ERR(args);
inode = file_inode(file);
- ret = search_ioctl(inode, args);
+ ret = search_ioctl(inode, &args->key, sizeof(args->buf), args->buf);
if (ret == 0 && copy_to_user(argp, args, sizeof(*args)))
ret = -EFAULT;
kfree(args);
projects / cascardo / linux.git / commitdiff