Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp47608pxk; Tue, 15 Sep 2020 17:23:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzc8bybzJ8pw7ARvbWpE8io2TOwQczNPs/1OOxJhBzjA6EfuEPOwqKWCfVmdmIqGpGF1CSo X-Received: by 2002:a17:906:1b04:: with SMTP id o4mr23639557ejg.332.1600215810401; Tue, 15 Sep 2020 17:23:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600215810; cv=none; d=google.com; s=arc-20160816; b=oIWjFT3CMnJIovFfz0zBO6O10L+4p5uvPRjQxxkhoh7zFlZNP4cL4GbH8MA3qZ6DDp orgbm2C55tQru28XFTpa9YkgUP/tDCT4CJA4PKdnjF8iH45JZclK6VY8NBawpG/zfJjT rDR3sJ4CtsK378uEm8soJmS/eouPv6LbWhDkuRmB4Ajv4IcPM4zVdIl0vXZ5BC6uUKJk tXHUbC9sc+6YFyTWYdFJTiDI9Rv8IeP6iSNhXErq9+6NblWVOEvP7/+XUApQrRtne1wm 1ci5ZfrJe2vPDl9cxb4+SZjEj56++nKq91mhpOYJT3U7Im+h+hyR9BFYgJPtNzybdbcS V4FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RpzEW49CDl2Xh9bFX4+lt5gIXXuNfBSra2j2ZoXoelU=; b=jEfzwBWMhXXLLLQ5htNC4L6ZCd2Kpvn0ZYbOlU1wXsUa9fVvSz5E+mbzjgV85Fhcil ObPeNlwSYa5qduFwtKO8aJhWY7Ndb5U0Z6lQeDNmlNF/y5HU/wyIWAZtTnH/EHjErKnZ VlGTJL68vrnceFbGlZBLosT9aLk6RB12ORQvx1WLSr0NU0vVU83T6sET5hRymQqvC1Qf 1ZyAFfHfq1wjlsRu+a4nXqTa9rQLirvnrqUFW6ZcifTDuzF6oXBp+rp6qOG6A0I3DNSR 8iioQfTFG2sOZgN9NK9maaPz/bYAfjd48zQ4/h2qDNBL38rpBcLr3X1nPwLhW0ccK5uq jt1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KCoipoUe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f7si10616905edt.172.2020.09.15.17.23.07; Tue, 15 Sep 2020 17:23:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KCoipoUe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727183AbgIPAWH (ORCPT + 99 others); Tue, 15 Sep 2020 20:22:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:32778 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726868AbgIOOVf (ORCPT ); Tue, 15 Sep 2020 10:21:35 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 03D7522263; Tue, 15 Sep 2020 14:17:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600179433; bh=J3On+R0O92+fiQRvTNd/SC5NlpGsWmmHcG6vNXf5p00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KCoipoUeU0HMyr3dvAp9puteh7Eud5ugIJSsq9m5b3xLvbgtFy6/hD1VTFcnA1A4W vQ7UIVgp14anlQjOj23J5PcPF5DDofMJC49cpLVZxqnrCWNBqGEx/S91NjsFcDZjwR dEXVCTvC+19W1eSu3jxyPnD5DlGlTQtCjA+e2Npo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, A L , Josef Bacik , Filipe Manana , David Sterba Subject: [PATCH 4.19 57/78] btrfs: fix wrong address when faulting in pages in the search ioctl Date: Tue, 15 Sep 2020 16:13:22 +0200 Message-Id: <20200915140636.427526853@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200915140633.552502750@linuxfoundation.org> References: <20200915140633.552502750@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Filipe Manana commit 1c78544eaa4660096aeb6a57ec82b42cdb3bfe5a upstream. When faulting in the pages for the user supplied buffer for the search ioctl, we are passing only the base address of the buffer to the function fault_in_pages_writeable(). This means that after the first iteration of the while loop that searches for leaves, when we have a non-zero offset, stored in 'sk_offset', we try to fault in a wrong page range. So fix this by adding the offset in 'sk_offset' to the base address of the user supplied buffer when calling fault_in_pages_writeable(). Several users have reported that the applications compsize and bees have started to operate incorrectly since commit a48b73eca4ceb9 ("btrfs: fix potential deadlock in the search ioctl") was added to stable trees, and these applications make heavy use of the search ioctls. This fixes their issues. Link: https://lore.kernel.org/linux-btrfs/632b888d-a3c3-b085-cdf5-f9bb61017d92@lechevalier.se/ Link: https://github.com/kilobyte/compsize/issues/34 Fixes: a48b73eca4ceb9 ("btrfs: fix potential deadlock in the search ioctl") CC: stable@vger.kernel.org # 4.4+ Tested-by: A L Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2189,7 +2189,8 @@ static noinline int search_ioctl(struct key.offset = sk->min_offset; while (1) { - ret = fault_in_pages_writeable(ubuf, *buf_size - sk_offset); + ret = fault_in_pages_writeable(ubuf + sk_offset, + *buf_size - sk_offset); if (ret) break;