On 2020/1/16 下午7:29, fdmanana@kernel.org wrote: > From: Filipe Manana > > If scrub returns an error we are not copying back the scrub arguments > structure to user space. This prevents user space to know how much progress > scrub has done if an error happened - this includes -ECANCELED which is > returned when users ask for scrub to stop. A particular use case, which is > used in btrfs-progs, is to resume scrub after it is canceled, in that case > it relies on checking the progress from the scrub arguments structure and > then use that progress in a call to resume scrub. > > So fix this by always copying the scrub arguments structure to user space, > overwriting the value returned to user space with -EFAULT only if copying > the structure failed to let user space know that either that copying did > not happen, and therefore the structure is stale, or it happened partially > and the structure is probably not valid and corrupt due to the partial > copy. > > Reported-by: Graham Cobb > Link: https://lore.kernel.org/linux-btrfs/d0a97688-78be-08de-ca7d-bcb4c7fb397e@cobb.uk.net/ > Fixes: 06fe39ab15a6a4 ("Btrfs: do not overwrite scrub error with fault error in scrub ioctl") > Signed-off-by: Filipe Manana Reviewed-by: Qu Wenruo Thanks, Qu > --- > fs/btrfs/ioctl.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > > diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c > index 3a4bd5cd67fa..173758d86feb 100644 > --- a/fs/btrfs/ioctl.c > +++ b/fs/btrfs/ioctl.c > @@ -4253,7 +4253,19 @@ static long btrfs_ioctl_scrub(struct file *file, void __user *arg) > &sa->progress, sa->flags & BTRFS_SCRUB_READONLY, > 0); > > - if (ret == 0 && copy_to_user(arg, sa, sizeof(*sa))) > + /* > + * Copy scrub args to user space even if btrfs_scrub_dev() returned an > + * error. This is important as it allows user space to know how much > + * progress scrub has done. For example, if scrub is canceled we get > + * -ECANCELED from btrfs_scrub_dev() and return that error back to user > + * space. Later user space can inspect the progress from the structure > + * btrfs_ioctl_scrub_args and resume scrub from where it left off > + * previously (btrfs-progs does this). > + * If we fail to copy the btrfs_ioctl_scrub_args structure to user space > + * then return -EFAULT to signal the structure was not copied or it may > + * be corrupt and unreliable due to a partial copy. > + */ > + if (copy_to_user(arg, sa, sizeof(*sa))) > ret = -EFAULT; > > if (!(sa->flags & BTRFS_SCRUB_READONLY)) >