> a missing check ...
ah, forget it,
On Fri, Apr 08, 2011 at 03:12:21PM +0200, David Sterba wrote:
> > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> > index 5fdb2ab..a8fbb07 100644
> > --- a/fs/btrfs/ioctl.c
> > +++ b/fs/btrfs/ioctl.c
> > @@ -2375,6 +2375,38 @@ static noinline long btrfs_ioctl_wait_sync(struct
> > file *file, void __user *argp)
> > return btrfs_wait_for_commit(root, transid);
> > }
> >
> > +/*
> > + * Return the current status of any balance operation
> > + */
> > +long btrfs_ioctl_balance_progress(
> > + struct btrfs_fs_info *fs_info,
> > + struct btrfs_ioctl_balance_progress __user *user_dest)
> > +{
> > + int ret = 0;
> > + struct btrfs_ioctl_balance_progress dest;
>
> if (!access_ok(VERIFY_WRITE, user_dest, sizeof(*user_dest)))
> return -EFAULT;
pointless of course ...
>
> > +
> > + spin_lock(&fs_info->balance_info_lock);
> > + if (!fs_info->balance_info) {
> > + ret = -EINVAL;
> > + goto error;
> > + }
> > +
> > + dest.expected = fs_info->balance_info->expected;
> > + dest.completed = fs_info->balance_info->completed;
this is _not_ the user supplied pointer
> > +
> > + spin_unlock(&fs_info->balance_info_lock);
> > +
> > + if (copy_to_user(user_dest, &dest,
> > + sizeof(struct btrfs_ioctl_balance_progress)))
> > + return -EFAULT;
> > +
> > + return 0;
> > +
> > +error:
> > + spin_unlock(&fs_info->balance_info_lock);
> > + return ret;
> > +}
> > +
> > long btrfs_ioctl(struct file *file, unsigned int
> > cmd, unsigned long arg)
> > {
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
