From 9d17e14cc052ecebb572d4546c7deeddc0c6e040 Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Fri, 21 Apr 2017 11:24:41 -0700
Subject: xfs: fix __user annotations for xfs_ioc_getfsmap

By passing the whole fsmap_head structure and an index we can get the
user point annotations right for the embedded variable sized array
in struct fsmap_head.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
[darrick: change idx to unsigned int]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 fs/xfs/xfs_ioctl.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'fs/xfs/xfs_ioctl.c')

diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index 0f8bed9a7e4c..eee8b0f22d75 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -1614,7 +1614,8 @@ xfs_ioc_getbmapx(
 
 struct getfsmap_info {
 	struct xfs_mount	*mp;
-	struct fsmap __user	*data;
+	struct fsmap_head __user *data;
+	unsigned int		idx;
 	__u32			last_flags;
 };
 
@@ -1628,17 +1629,17 @@ xfs_getfsmap_format(struct xfs_fsmap *xfm, void *priv)
 
 	info->last_flags = xfm->fmr_flags;
 	xfs_fsmap_from_internal(&fm, xfm);
-	if (copy_to_user(info->data, &fm, sizeof(struct fsmap)))
+	if (copy_to_user(&info->data->fmh_recs[info->idx++], &fm,
+			sizeof(struct fsmap)))
 		return -EFAULT;
 
-	info->data++;
 	return 0;
 }
 
 STATIC int
 xfs_ioc_getfsmap(
 	struct xfs_inode	*ip,
-	void			__user *arg)
+	struct fsmap_head	__user *arg)
 {
 	struct getfsmap_info	info = { NULL };
 	struct xfs_fsmap_head	xhead = {0};
@@ -1664,7 +1665,7 @@ xfs_ioc_getfsmap(
 	trace_xfs_getfsmap_high_key(ip->i_mount, &xhead.fmh_keys[1]);
 
 	info.mp = ip->i_mount;
-	info.data = ((__force struct fsmap_head *)arg)->fmh_recs;
+	info.data = arg;
 	error = xfs_getfsmap(ip->i_mount, &xhead, xfs_getfsmap_format, &info);
 	if (error == XFS_BTREE_QUERY_RANGE_ABORT) {
 		error = 0;
@@ -1674,10 +1675,9 @@ xfs_ioc_getfsmap(
 
 	/* If we didn't abort, set the "last" flag in the last fmx */
 	if (!aborted && xhead.fmh_entries) {
-		info.data--;
 		info.last_flags |= FMR_OF_LAST;
-		if (copy_to_user(&info.data->fmr_flags, &info.last_flags,
-				sizeof(info.last_flags)))
+		if (copy_to_user(&info.data->fmh_recs[info.idx - 1].fmr_flags,
+				&info.last_flags, sizeof(info.last_flags)))
 			return -EFAULT;
 	}
 
-- 
cgit v1.2.3