|
@@ -1073,14 +1073,10 @@ static noinline int btrfs_ioctl_tree_search(struct file *file,
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
return -EPERM;
|
|
return -EPERM;
|
|
|
|
|
|
|
|
- args = kmalloc(sizeof(*args), GFP_KERNEL);
|
|
|
|
|
- if (!args)
|
|
|
|
|
- return -ENOMEM;
|
|
|
|
|
|
|
+ args = memdup_user(argp, sizeof(*args));
|
|
|
|
|
+ if (IS_ERR(args))
|
|
|
|
|
+ return PTR_ERR(args);
|
|
|
|
|
|
|
|
- if (copy_from_user(args, argp, sizeof(*args))) {
|
|
|
|
|
- kfree(args);
|
|
|
|
|
- return -EFAULT;
|
|
|
|
|
- }
|
|
|
|
|
inode = fdentry(file)->d_inode;
|
|
inode = fdentry(file)->d_inode;
|
|
|
ret = search_ioctl(inode, args);
|
|
ret = search_ioctl(inode, args);
|
|
|
if (ret == 0 && copy_to_user(argp, args, sizeof(*args)))
|
|
if (ret == 0 && copy_to_user(argp, args, sizeof(*args)))
|
|
@@ -1188,14 +1184,10 @@ static noinline int btrfs_ioctl_ino_lookup(struct file *file,
|
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
|
return -EPERM;
|
|
return -EPERM;
|
|
|
|
|
|
|
|
- args = kmalloc(sizeof(*args), GFP_KERNEL);
|
|
|
|
|
- if (!args)
|
|
|
|
|
- return -ENOMEM;
|
|
|
|
|
|
|
+ args = memdup_user(argp, sizeof(*args));
|
|
|
|
|
+ if (IS_ERR(args))
|
|
|
|
|
+ return PTR_ERR(args);
|
|
|
|
|
|
|
|
- if (copy_from_user(args, argp, sizeof(*args))) {
|
|
|
|
|
- kfree(args);
|
|
|
|
|
- return -EFAULT;
|
|
|
|
|
- }
|
|
|
|
|
inode = fdentry(file)->d_inode;
|
|
inode = fdentry(file)->d_inode;
|
|
|
|
|
|
|
|
if (args->treeid == 0)
|
|
if (args->treeid == 0)
|
Julia Lawall