CC: [email protected] CC: [email protected] TO: Dan Carpenter <[email protected]> CC: David Sterba <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 02d5e016800d082058b3d3b7c3ede136cdc6ddcb commit: 5011c5a663b9c6d6aff3d394f11049b371199627 btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl date: 7 months ago :::::: branch date: 25 hours ago :::::: commit date: 7 months ago config: arm64-randconfig-m031-20210929 (attached as .config) compiler: aarch64-linux-gcc (GCC) 11.2.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> New smatch warnings: fs/btrfs/ioctl.c:1951 btrfs_ioctl_snap_create_v2() warn: comparison of a potentially tagged address (btrfs_ioctl_snap_create_v2, -2, inherit->num_qgroups) fs/btrfs/ioctl.c:1952 btrfs_ioctl_snap_create_v2() warn: comparison of a potentially tagged address (btrfs_ioctl_snap_create_v2, -2, inherit->num_ref_copies) fs/btrfs/ioctl.c:1953 btrfs_ioctl_snap_create_v2() warn: comparison of a potentially tagged address (btrfs_ioctl_snap_create_v2, -2, inherit->num_excl_copies) Old smatch warnings: fs/btrfs/ioctl.c:893 create_snapshot() warn: '&pending_snapshot->list' not removed from list fs/btrfs/ioctl.c:1652 btrfs_defrag_file() warn: should 'ret << 12' be a 64 bit type? fs/btrfs/ioctl.c:1941 btrfs_ioctl_snap_create_v2() warn: comparison of a potentially tagged address (btrfs_ioctl_snap_create_v2, -2, vol_args->size) vim +1951 fs/btrfs/ioctl.c fa0d2b9bd71734 Li Zefan 2010-12-20 1913 fa0d2b9bd71734 Li Zefan 2010-12-20 1914 static noinline int btrfs_ioctl_snap_create_v2(struct file *file, fa0d2b9bd71734 Li Zefan 2010-12-20 1915 void __user *arg, int subvol) fa0d2b9bd71734 Li Zefan 2010-12-20 1916 { fa0d2b9bd71734 Li Zefan 2010-12-20 1917 struct btrfs_ioctl_vol_args_v2 *vol_args; fa0d2b9bd71734 Li Zefan 2010-12-20 1918 int ret; b83cc9693f3968 Li Zefan 2010-12-20 1919 bool readonly = false; 6f72c7e20dbaea Arne Jansen 2011-09-14 1920 struct btrfs_qgroup_inherit *inherit = NULL; fdfb1e4f6c6147 Li Zefan 2010-12-10 1921 325c50e3cebb92 Jeff Mahoney 2016-09-21 1922 if (!S_ISDIR(file_inode(file)->i_mode)) 325c50e3cebb92 Jeff Mahoney 2016-09-21 1923 return -ENOTDIR; 325c50e3cebb92 Jeff Mahoney 2016-09-21 1924 fa0d2b9bd71734 Li Zefan 2010-12-20 1925 vol_args = memdup_user(arg, sizeof(*vol_args)); fa0d2b9bd71734 Li Zefan 2010-12-20 1926 if (IS_ERR(vol_args)) fa0d2b9bd71734 Li Zefan 2010-12-20 1927 return PTR_ERR(vol_args); fa0d2b9bd71734 Li Zefan 2010-12-20 1928 vol_args->name[BTRFS_SUBVOL_NAME_MAX] = '\0'; fdfb1e4f6c6147 Li Zefan 2010-12-10 1929 673990dba332d9 David Sterba 2020-02-21 1930 if (vol_args->flags & ~BTRFS_SUBVOL_CREATE_ARGS_MASK) { b83cc9693f3968 Li Zefan 2010-12-20 1931 ret = -EOPNOTSUPP; c47ca32d3aadb2 Dan Carpenter 2014-09-04 1932 goto free_args; fdfb1e4f6c6147 Li Zefan 2010-12-10 1933 } fdfb1e4f6c6147 Li Zefan 2010-12-10 1934 b83cc9693f3968 Li Zefan 2010-12-20 1935 if (vol_args->flags & BTRFS_SUBVOL_RDONLY) b83cc9693f3968 Li Zefan 2010-12-20 1936 readonly = true; 6f72c7e20dbaea Arne Jansen 2011-09-14 1937 if (vol_args->flags & BTRFS_SUBVOL_QGROUP_INHERIT) { 5011c5a663b9c6 Dan Carpenter 2021-02-17 1938 u64 nums; 5011c5a663b9c6 Dan Carpenter 2021-02-17 1939 5011c5a663b9c6 Dan Carpenter 2021-02-17 1940 if (vol_args->size < sizeof(*inherit) || 5011c5a663b9c6 Dan Carpenter 2021-02-17 1941 vol_args->size > PAGE_SIZE) { 6f72c7e20dbaea Arne Jansen 2011-09-14 1942 ret = -EINVAL; c47ca32d3aadb2 Dan Carpenter 2014-09-04 1943 goto free_args; 6f72c7e20dbaea Arne Jansen 2011-09-14 1944 } 6f72c7e20dbaea Arne Jansen 2011-09-14 1945 inherit = memdup_user(vol_args->qgroup_inherit, vol_args->size); 6f72c7e20dbaea Arne Jansen 2011-09-14 1946 if (IS_ERR(inherit)) { 6f72c7e20dbaea Arne Jansen 2011-09-14 1947 ret = PTR_ERR(inherit); c47ca32d3aadb2 Dan Carpenter 2014-09-04 1948 goto free_args; 6f72c7e20dbaea Arne Jansen 2011-09-14 1949 } 5011c5a663b9c6 Dan Carpenter 2021-02-17 1950 5011c5a663b9c6 Dan Carpenter 2021-02-17 @1951 if (inherit->num_qgroups > PAGE_SIZE || 5011c5a663b9c6 Dan Carpenter 2021-02-17 @1952 inherit->num_ref_copies > PAGE_SIZE || 5011c5a663b9c6 Dan Carpenter 2021-02-17 @1953 inherit->num_excl_copies > PAGE_SIZE) { 5011c5a663b9c6 Dan Carpenter 2021-02-17 1954 ret = -EINVAL; 5011c5a663b9c6 Dan Carpenter 2021-02-17 1955 goto free_inherit; 5011c5a663b9c6 Dan Carpenter 2021-02-17 1956 } 5011c5a663b9c6 Dan Carpenter 2021-02-17 1957 5011c5a663b9c6 Dan Carpenter 2021-02-17 1958 nums = inherit->num_qgroups + 2 * inherit->num_ref_copies + 5011c5a663b9c6 Dan Carpenter 2021-02-17 1959 2 * inherit->num_excl_copies; 5011c5a663b9c6 Dan Carpenter 2021-02-17 1960 if (vol_args->size != struct_size(inherit, qgroups, nums)) { 5011c5a663b9c6 Dan Carpenter 2021-02-17 1961 ret = -EINVAL; 5011c5a663b9c6 Dan Carpenter 2021-02-17 1962 goto free_inherit; 5011c5a663b9c6 Dan Carpenter 2021-02-17 1963 } 6f72c7e20dbaea Arne Jansen 2011-09-14 1964 } 75eaa0e22c055e Sage Weil 2010-12-10 1965 5d54c67eccb489 Nikolay Borisov 2020-03-13 1966 ret = __btrfs_ioctl_snap_create(file, vol_args->name, vol_args->fd, 5d54c67eccb489 Nikolay Borisov 2020-03-13 1967 subvol, readonly, inherit); c47ca32d3aadb2 Dan Carpenter 2014-09-04 1968 if (ret) c47ca32d3aadb2 Dan Carpenter 2014-09-04 1969 goto free_inherit; c47ca32d3aadb2 Dan Carpenter 2014-09-04 1970 free_inherit: 6f72c7e20dbaea Arne Jansen 2011-09-14 1971 kfree(inherit); c47ca32d3aadb2 Dan Carpenter 2014-09-04 1972 free_args: c47ca32d3aadb2 Dan Carpenter 2014-09-04 1973 kfree(vol_args); f46b5a66b3316e Christoph Hellwig 2008-06-11 1974 return ret; f46b5a66b3316e Christoph Hellwig 2008-06-11 1975 } f46b5a66b3316e Christoph Hellwig 2008-06-11 1976 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
