From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 20 May 2013 17:11:37 +0000 (-0700)
Subject: 3.4-stable patches
X-Git-Tag: v3.0.80~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=910e8ba0437e7c5319148252f48e8d508b454812;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	btrfs-don-t-stop-searching-after-encountering-the-wrong-item.patch
---

diff --git a/queue-3.4/btrfs-don-t-stop-searching-after-encountering-the-wrong-item.patch b/queue-3.4/btrfs-don-t-stop-searching-after-encountering-the-wrong-item.patch
new file mode 100644
index 00000000000..aabf2aa2b1b
--- /dev/null
+++ b/queue-3.4/btrfs-don-t-stop-searching-after-encountering-the-wrong-item.patch
@@ -0,0 +1,49 @@
+From 03b71c6ca6286625d8f1ed44aabab9b5bf5dac10 Mon Sep 17 00:00:00 2001
+From: Gabriel de Perthuis <g2p.code@gmail.com>
+Date: Mon, 6 May 2013 17:40:18 +0000
+Subject: btrfs: don't stop searching after encountering the wrong item
+
+From: Gabriel de Perthuis <g2p.code@gmail.com>
+
+commit 03b71c6ca6286625d8f1ed44aabab9b5bf5dac10 upstream.
+
+The search ioctl skips items that are too large for a result buffer, but
+inline items of a certain size occuring before any search result is
+found would trigger an overflow and stop the search entirely.
+
+Bug: https://bugzilla.kernel.org/show_bug.cgi?id=57641
+
+Signed-off-by: Gabriel de Perthuis <g2p.code+btrfs@gmail.com>
+Signed-off-by: Josef Bacik <jbacik@fusionio.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/ioctl.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/fs/btrfs/ioctl.c
++++ b/fs/btrfs/ioctl.c
+@@ -1653,7 +1653,11 @@ static noinline int copy_to_sk(struct bt
+ 		item_off = btrfs_item_ptr_offset(leaf, i);
+ 		item_len = btrfs_item_size_nr(leaf, i);
+ 
+-		if (item_len > BTRFS_SEARCH_ARGS_BUFSIZE)
++		btrfs_item_key_to_cpu(leaf, key, i);
++		if (!key_in_sk(key, sk))
++			continue;
++
++		if (sizeof(sh) + item_len > BTRFS_SEARCH_ARGS_BUFSIZE)
+ 			item_len = 0;
+ 
+ 		if (sizeof(sh) + item_len + *sk_offset >
+@@ -1662,10 +1666,6 @@ static noinline int copy_to_sk(struct bt
+ 			goto overflow;
+ 		}
+ 
+-		btrfs_item_key_to_cpu(leaf, key, i);
+-		if (!key_in_sk(key, sk))
+-			continue;
+-
+ 		sh.objectid = key->objectid;
+ 		sh.offset = key->offset;
+ 		sh.type = key->type;
diff --git a/queue-3.4/series b/queue-3.4/series
new file mode 100644
index 00000000000..8dcb997cd7f
--- /dev/null
+++ b/queue-3.4/series
@@ -0,0 +1 @@
+btrfs-don-t-stop-searching-after-encountering-the-wrong-item.patch