diff options
| -rw-r--r-- | fs/nilfs2/ioctl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c index 49489f68eabe..50ff3f2cdf24 100644 --- a/fs/nilfs2/ioctl.c +++ b/fs/nilfs2/ioctl.c | |||
| @@ -254,6 +254,9 @@ static int nilfs_ioctl_get_bdescs(struct inode *inode, struct file *filp, | |||
| 254 | if (copy_from_user(&argv, argp, sizeof(argv))) | 254 | if (copy_from_user(&argv, argp, sizeof(argv))) |
| 255 | return -EFAULT; | 255 | return -EFAULT; |
| 256 | 256 | ||
| 257 | if (argv.v_size != sizeof(struct nilfs_bdesc)) | ||
| 258 | return -EINVAL; | ||
| 259 | |||
| 257 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), | 260 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), |
| 258 | nilfs_ioctl_do_get_bdescs); | 261 | nilfs_ioctl_do_get_bdescs); |
| 259 | if (ret < 0) | 262 | if (ret < 0) |
| @@ -599,6 +602,7 @@ static int nilfs_ioctl_sync(struct inode *inode, struct file *filp, | |||
| 599 | 602 | ||
| 600 | static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp, | 603 | static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp, |
| 601 | unsigned int cmd, void __user *argp, | 604 | unsigned int cmd, void __user *argp, |
| 605 | size_t membsz, | ||
| 602 | ssize_t (*dofunc)(struct the_nilfs *, | 606 | ssize_t (*dofunc)(struct the_nilfs *, |
| 603 | __u64 *, int, | 607 | __u64 *, int, |
| 604 | void *, size_t, size_t)) | 608 | void *, size_t, size_t)) |
| @@ -611,6 +615,9 @@ static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp, | |||
| 611 | if (copy_from_user(&argv, argp, sizeof(argv))) | 615 | if (copy_from_user(&argv, argp, sizeof(argv))) |
| 612 | return -EFAULT; | 616 | return -EFAULT; |
| 613 | 617 | ||
| 618 | if (argv.v_size != membsz) | ||
| 619 | return -EINVAL; | ||
| 620 | |||
| 614 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), dofunc); | 621 | ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), dofunc); |
| 615 | if (ret < 0) | 622 | if (ret < 0) |
| 616 | return ret; | 623 | return ret; |
| @@ -632,16 +639,19 @@ long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) | |||
| 632 | return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp); | 639 | return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp); |
| 633 | case NILFS_IOCTL_GET_CPINFO: | 640 | case NILFS_IOCTL_GET_CPINFO: |
| 634 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, | 641 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, |
| 642 | sizeof(struct nilfs_cpinfo), | ||
| 635 | nilfs_ioctl_do_get_cpinfo); | 643 | nilfs_ioctl_do_get_cpinfo); |
| 636 | case NILFS_IOCTL_GET_CPSTAT: | 644 | case NILFS_IOCTL_GET_CPSTAT: |
| 637 | return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp); | 645 | return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp); |
| 638 | case NILFS_IOCTL_GET_SUINFO: | 646 | case NILFS_IOCTL_GET_SUINFO: |
| 639 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, | 647 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, |
| 648 | sizeof(struct nilfs_suinfo), | ||
| 640 | nilfs_ioctl_do_get_suinfo); | 649 | nilfs_ioctl_do_get_suinfo); |
| 641 | case NILFS_IOCTL_GET_SUSTAT: | 650 | case NILFS_IOCTL_GET_SUSTAT: |
| 642 | return nilfs_ioctl_get_sustat(inode, filp, cmd, argp); | 651 | return nilfs_ioctl_get_sustat(inode, filp, cmd, argp); |
| 643 | case NILFS_IOCTL_GET_VINFO: | 652 | case NILFS_IOCTL_GET_VINFO: |
| 644 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, | 653 | return nilfs_ioctl_get_info(inode, filp, cmd, argp, |
| 654 | sizeof(struct nilfs_vinfo), | ||
| 645 | nilfs_ioctl_do_get_vinfo); | 655 | nilfs_ioctl_do_get_vinfo); |
| 646 | case NILFS_IOCTL_GET_BDESCS: | 656 | case NILFS_IOCTL_GET_BDESCS: |
| 647 | return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp); | 657 | return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp); |