> a missing check ... ah, forget it, On Fri, Apr 08, 2011 at 03:12:21PM +0200, David Sterba wrote: > > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c > > index 5fdb2ab..a8fbb07 100644 > > --- a/fs/btrfs/ioctl.c > > +++ b/fs/btrfs/ioctl.c > > @@ -2375,6 +2375,38 @@ static noinline long btrfs_ioctl_wait_sync(struct > > file *file, void __user *argp) > > return btrfs_wait_for_commit(root, transid); > > } > > > > +/* > > + * Return the current status of any balance operation > > + */ > > +long btrfs_ioctl_balance_progress( > > + struct btrfs_fs_info *fs_info, > > + struct btrfs_ioctl_balance_progress __user *user_dest) > > +{ > > + int ret = 0; > > + struct btrfs_ioctl_balance_progress dest; > > if (!access_ok(VERIFY_WRITE, user_dest, sizeof(*user_dest))) > return -EFAULT; pointless of course ...
> > > + > > + spin_lock(&fs_info->balance_info_lock); > > + if (!fs_info->balance_info) { > > + ret = -EINVAL; > > + goto error; > > + } > > + > > + dest.expected = fs_info->balance_info->expected; > > + dest.completed = fs_info->balance_info->completed; this is _not_ the user supplied pointer > > + > > + spin_unlock(&fs_info->balance_info_lock); > > + > > + if (copy_to_user(user_dest, &dest, > > + sizeof(struct btrfs_ioctl_balance_progress))) > > + return -EFAULT; > > + > > + return 0; > > + > > +error: > > + spin_unlock(&fs_info->balance_info_lock); > > + return ret; > > +} > > + > > long btrfs_ioctl(struct file *file, unsigned int > > cmd, unsigned long arg) > > { -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html