On Mon, Nov 23, 2020 at 06:08:31PM +0100, David Sterba wrote:
> On Wed, Nov 18, 2020 at 11:18:11AM -0800, Omar Sandoval wrote:
> > From: Omar Sandoval <osandov@xxxxxx>
> >
> > btrfs_write_check() has two related bugs:
> >
> > 1. It gets the iov_iter count before calling generic_write_checks(), but
> > generic_write_checks() may truncate the iov_iter.
> > 2. It returns the count or negative errno as a size_t, which the callers
> > cast to an int. If the count is greater than INT_MAX, this overflows.
> >
> > To fix both of these, pull the call to generic_write_checks() out of
> > btrfs_write_check(), use the new iov_iter count returned from
> > generic_write_checks(), and have btrfs_write_check() return 0 or a
> > negative errno as an int instead of the count. This rearrangement also
> > paves the way for RWF_ENCODED write support.
> >
> > Fixes: f945968ff64c ("btrfs: introduce btrfs_write_check()")
>
> This patch is still in misc-next and the commit id is unstable, so this
> would rather be folded to the patch.
Looks like you folded this in on misc-next, thanks!
