Commit d062d90c authored by Eric Sandeen's avatar Eric Sandeen Committed by Greg Kroah-Hartman

xfs: don't wrap ID in xfs_dq_get_next_id

commit 657bdfb7 upstream.

The GETNEXTQOTA ioctl takes whatever ID is sent in,
and looks for the next active quota for an user
equal or higher to that ID.

But if we are at the maximum ID and then ask for the "next"
one, we may wrap back to zero.  In this case, userspace
may loop forever, because it will start querying again
at zero.

We'll fix this in userspace as well, but for the kernel,
return -ENOENT if we ask for the next quota ID
past UINT_MAX so the caller knows to stop.
Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent d3201a14
...@@ -710,6 +710,10 @@ xfs_dq_get_next_id( ...@@ -710,6 +710,10 @@ xfs_dq_get_next_id(
/* Simple advance */ /* Simple advance */
next_id = *id + 1; next_id = *id + 1;
/* If we'd wrap past the max ID, stop */
if (next_id < *id)
return -ENOENT;
/* If new ID is within the current chunk, advancing it sufficed */ /* If new ID is within the current chunk, advancing it sufficed */
if (next_id % mp->m_quotainfo->qi_dqperchunk) { if (next_id % mp->m_quotainfo->qi_dqperchunk) {
*id = next_id; *id = next_id;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment