Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3284702pxk; Mon, 21 Sep 2020 09:40:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz95dWpvNmei+8b+0xfJjBxvCTLnGrVZrchuJkJr35gPokel45VImuKLAIz132gruZgIop6 X-Received: by 2002:aa7:c347:: with SMTP id j7mr529877edr.185.1600706433052; Mon, 21 Sep 2020 09:40:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600706433; cv=none; d=google.com; s=arc-20160816; b=vFBzijBR/uTvIKZHh8FAnuZ4dF/8xfAS5SUWju5UFVjjWAl57KRkOT91UAkcNStgsG YAz+07gkXJ93G0Ph1ZyhFW6mfB319N3GhFEuCxPWke+8MiuUxD6/mEYs1bxiF7dC0Kc3 Ugh0cqAKUVhOX52N9iMQGTQXTJpeOTljGkyI1ylz8USB2gzw4eTy72mZ6ZCWA0tw5psD Ym+JMqtdjyjK1C5VLAUqRCXTbJU9xH2NaG3/WDxklsbQ3UTlMI+HaO29TXedoGAmLMoq nR3tV3GmKjXGdx1nVi4y0WZHC7/2wCU+wbdF63o14lporyQnLkBh3taOgit/R4ABU6MR j8Eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=HtA2eIylaYd7yEo/dvmjclUma2vBzZmWjeTWAnZh9C4=; b=KjokYhJ1n3HCHDyo1HiBGGRKwURUa4GRpz4OlVULVlwL6/UySy7WVntYBpVkY3/aVc sxy81bL7PrAl/tLApfS8VuK9BNWf87AaUUX4GrIo6q9t0LjH2rbj4FU3t9/MvC0PZY7t Er3NOoYBsk3+0TQteNFei3L66AlUld4xNMRe985U5Nr85HZD45JiR+yGTa8IRmqnfQ+G XwM0T46eyMzM7wQHDVfCqZm4CYmzK44xQga6Z8HGQJ4diXGRQCEEydH186TlGSFwHIz/ b1vc10IKhYmHs4ngoXftGLctthjdniSrT71Mut6bh882BSsdqG6JPp1I9g0J/xUZ7kGl TQVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=r9IQPkoK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n23si8283424edv.598.2020.09.21.09.40.09; Mon, 21 Sep 2020 09:40:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=r9IQPkoK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728836AbgIUQiQ (ORCPT + 99 others); Mon, 21 Sep 2020 12:38:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:39086 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729144AbgIUQiM (ORCPT ); Mon, 21 Sep 2020 12:38:12 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1D432206DC; Mon, 21 Sep 2020 16:38:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600706291; bh=AtSKgIXevIGoA9Rvn5IC/3qieKUzMIZU0LUfvgOLBFU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r9IQPkoKuVA0WiojUQhgXv/yBfLIsgGGLKObEMIiNsaTOHeEmoWZj3+L9RM5JmAJM KIQRtq7KximqhMzQ5mvyO/p0BvVo0CrbtW0InonIc/YF5NDFYeACTzQk5py9c+fG2z kNuI8nwNU0FnWZzo1FocYxF/xNU1IX/5z2s71O6A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, A L , Josef Bacik , Filipe Manana , David Sterba Subject: [PATCH 4.14 41/94] btrfs: fix wrong address when faulting in pages in the search ioctl Date: Mon, 21 Sep 2020 18:27:28 +0200 Message-Id: <20200921162037.426981844@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200921162035.541285330@linuxfoundation.org> References: <20200921162035.541285330@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Filipe Manana commit 1c78544eaa4660096aeb6a57ec82b42cdb3bfe5a upstream. When faulting in the pages for the user supplied buffer for the search ioctl, we are passing only the base address of the buffer to the function fault_in_pages_writeable(). This means that after the first iteration of the while loop that searches for leaves, when we have a non-zero offset, stored in 'sk_offset', we try to fault in a wrong page range. So fix this by adding the offset in 'sk_offset' to the base address of the user supplied buffer when calling fault_in_pages_writeable(). Several users have reported that the applications compsize and bees have started to operate incorrectly since commit a48b73eca4ceb9 ("btrfs: fix potential deadlock in the search ioctl") was added to stable trees, and these applications make heavy use of the search ioctls. This fixes their issues. Link: https://lore.kernel.org/linux-btrfs/632b888d-a3c3-b085-cdf5-f9bb61017d92@lechevalier.se/ Link: https://github.com/kilobyte/compsize/issues/34 Fixes: a48b73eca4ceb9 ("btrfs: fix potential deadlock in the search ioctl") CC: stable@vger.kernel.org # 4.4+ Tested-by: A L Reviewed-by: Josef Bacik Signed-off-by: Filipe Manana Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2131,7 +2131,8 @@ static noinline int search_ioctl(struct key.offset = sk->min_offset; while (1) { - ret = fault_in_pages_writeable(ubuf, *buf_size - sk_offset); + ret = fault_in_pages_writeable(ubuf + sk_offset, + *buf_size - sk_offset); if (ret) break;