projects / linux-2.6-block.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vfs: cap dedupe request structure size at PAGE_SIZE
[linux-2.6-block.git] / fs / ioctl.c
diff --git a/fs/ioctl.c b/fs/ioctl.c
index 0f56deb24ce6547c1aaa13e6a731779c09047077..c415668c86d4cc727460ae0f0eb5a6d1f5840f61 100644 (file)
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -568,7 +568,7 @@ static int ioctl_fsthaw(struct file *filp)
        return thaw_super(sb);
 }
 
-static long ioctl_file_dedupe_range(struct file *file, void __user *arg)
+static int ioctl_file_dedupe_range(struct file *file, void __user *arg)
 {
        struct file_dedupe_range __user *argp = arg;
        struct file_dedupe_range *same = NULL;
@@ -582,6 +582,10 @@ static long ioctl_file_dedupe_range(struct file *file, void __user *arg)
        }
 
        size = offsetof(struct file_dedupe_range __user, info[count]);
+       if (size > PAGE_SIZE) {
+               ret = -ENOMEM;
+               goto out;
+       }
 
        same = memdup_user(argp, size);
        if (IS_ERR(same)) {
Linux 6.x block layer and io_uring tree(s)