From patchwork Tue Sep 15 14:13:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "gregkh@linuxfoundation.org" X-Patchwork-Id: 263879 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE1D0C31E40 for ; Tue, 15 Sep 2020 23:56:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5000D20739 for ; Tue, 15 Sep 2020 23:56:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600214213; bh=27M3R/dSYoatPkbBxhL8VtfdIW1LGJNKpoNt4cjjPHY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=m/KHAfCP965H1mblkUrN7/v619fyYe1IcLlcwuzf0DaErGD7P0iaU1xxICiurtq3Z TTYcDzhUHbN5cd+jV/eZeW+yK2Q8+rOYfYwJddvKf6sKzNJiIXiae0ffpI+OcaoeQv Fgh9MZBuebd7DDJDg2QRLPt1tGC0dUXLDbLXxkO8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727184AbgIOX4u (ORCPT ); Tue, 15 Sep 2020 19:56:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:42304 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727039AbgIOOb3 (ORCPT ); Tue, 15 Sep 2020 10:31:29 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BC74622B45; Tue, 15 Sep 2020 14:22:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600179768; bh=27M3R/dSYoatPkbBxhL8VtfdIW1LGJNKpoNt4cjjPHY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZrqaD1jUceTxKEz4OWqK9BA8aBm7KQ1wnu7/uGShpmsXK9e2XVz9L3U08KVsS+u4P 1rWNaYkWh0DLik9qB65uSTEENWIE4oGxCP4uTGO9WsXNTtpNv4vf8hgdEVo5TAHVAh 8iTUKiaI/9NdqzV/hI2bmkJiOwKsoRKLB+or6Jf0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, A L , Josef Bacik , Filipe Manana , David Sterba Subject: [PATCH 5.4 093/132] btrfs: fix wrong address when faulting in pages in the search ioctl Date: Tue, 15 Sep 2020 16:13:15 +0200 Message-Id: <20200915140648.799490793@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200915140644.037604909@linuxfoundation.org> References: <20200915140644.037604909@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Filipe Manana commit 1c78544eaa4660096aeb6a57ec82b42cdb3bfe5a upstream. When faulting in the pages for the user supplied buffer for the search ioctl, we are passing only the base address of the buffer to the function fault_in_pages_writeable(). This means that after the first iteration of the while loop that searches for leaves, when we have a non-zero offset, stored in 'sk_offset', we try to fault in a wrong page range. So fix this by adding the offset in 'sk_offset' to the base address of the user supplied buffer when calling fault_in_pages_writeable(). Several users have reported that the applications compsize and bees have started to operate incorrectly since commit a48b73eca4ceb9 ("btrfs: fix potential deadlock in the search ioctl") was added to stable trees, and these applications make heavy use of the search ioctls. This fixes their issues. Link: https://lore.kernel.org/linux-btrfs/632b888d-a3c3-b085-cdf5-f9bb61017d92@lechevalier.se/ Link: https://github.com/kilobyte/compsize/issues/34 Fixes: a48b73eca4ceb9 ("btrfs: fix potential deadlock in the search ioctl") CC: stable@vger.kernel.org # 4.4+ Tested-by: A L Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2215,7 +2215,8 @@ static noinline int search_ioctl(struct key.offset = sk->min_offset; while (1) { - ret = fault_in_pages_writeable(ubuf, *buf_size - sk_offset); + ret = fault_in_pages_writeable(ubuf + sk_offset, + *buf_size - sk_offset); if (ret) break;