diff options
author | Li Zefan <lizf@cn.fujitsu.com> | 2011-06-08 04:27:56 -0400 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2011-06-10 18:57:10 -0400 |
commit | 027ed2f0044e95a97ed34db2d55a9ca95ba84385 (patch) | |
tree | 7bcdb6d542e5adbbe8cfd59c9ddc36be868f1238 | |
parent | 9eb9104c665aae2401a1723c044669eb10240072 (diff) |
Btrfs: avoid stack bloat in btrfs_ioctl_fs_info()
The size of struct btrfs_ioctl_fs_info_args is as big as 1KB, so
don't declare the variable on stack.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Reviewed-by: Josef Bacik <josef@redhat.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
-rw-r--r-- | fs/btrfs/ioctl.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index ac37040e426a..b793d112d1f6 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c | |||
@@ -2054,29 +2054,34 @@ static long btrfs_ioctl_rm_dev(struct btrfs_root *root, void __user *arg) | |||
2054 | 2054 | ||
2055 | static long btrfs_ioctl_fs_info(struct btrfs_root *root, void __user *arg) | 2055 | static long btrfs_ioctl_fs_info(struct btrfs_root *root, void __user *arg) |
2056 | { | 2056 | { |
2057 | struct btrfs_ioctl_fs_info_args fi_args; | 2057 | struct btrfs_ioctl_fs_info_args *fi_args; |
2058 | struct btrfs_device *device; | 2058 | struct btrfs_device *device; |
2059 | struct btrfs_device *next; | 2059 | struct btrfs_device *next; |
2060 | struct btrfs_fs_devices *fs_devices = root->fs_info->fs_devices; | 2060 | struct btrfs_fs_devices *fs_devices = root->fs_info->fs_devices; |
2061 | int ret = 0; | ||
2061 | 2062 | ||
2062 | if (!capable(CAP_SYS_ADMIN)) | 2063 | if (!capable(CAP_SYS_ADMIN)) |
2063 | return -EPERM; | 2064 | return -EPERM; |
2064 | 2065 | ||
2065 | fi_args.num_devices = fs_devices->num_devices; | 2066 | fi_args = kzalloc(sizeof(*fi_args), GFP_KERNEL); |
2066 | fi_args.max_id = 0; | 2067 | if (!fi_args) |
2067 | memcpy(&fi_args.fsid, root->fs_info->fsid, sizeof(fi_args.fsid)); | 2068 | return -ENOMEM; |
2069 | |||
2070 | fi_args->num_devices = fs_devices->num_devices; | ||
2071 | memcpy(&fi_args->fsid, root->fs_info->fsid, sizeof(fi_args->fsid)); | ||
2068 | 2072 | ||
2069 | mutex_lock(&fs_devices->device_list_mutex); | 2073 | mutex_lock(&fs_devices->device_list_mutex); |
2070 | list_for_each_entry_safe(device, next, &fs_devices->devices, dev_list) { | 2074 | list_for_each_entry_safe(device, next, &fs_devices->devices, dev_list) { |
2071 | if (device->devid > fi_args.max_id) | 2075 | if (device->devid > fi_args->max_id) |
2072 | fi_args.max_id = device->devid; | 2076 | fi_args->max_id = device->devid; |
2073 | } | 2077 | } |
2074 | mutex_unlock(&fs_devices->device_list_mutex); | 2078 | mutex_unlock(&fs_devices->device_list_mutex); |
2075 | 2079 | ||
2076 | if (copy_to_user(arg, &fi_args, sizeof(fi_args))) | 2080 | if (copy_to_user(arg, fi_args, sizeof(*fi_args))) |
2077 | return -EFAULT; | 2081 | ret = -EFAULT; |
2078 | 2082 | ||
2079 | return 0; | 2083 | kfree(fi_args); |
2084 | return ret; | ||
2080 | } | 2085 | } |
2081 | 2086 | ||
2082 | static long btrfs_ioctl_dev_info(struct btrfs_root *root, void __user *arg) | 2087 | static long btrfs_ioctl_dev_info(struct btrfs_root *root, void __user *arg) |