** CID 458335: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 458335: (TAINTED_SCALAR)
/lustre/mdt/mdt_reint.c: 1915 in mdt_migrate_links_lock()
1909 CWARN("%s: cannot find obj "DFID": %ld\n",
1910 mdt_obd_name(mdt), PFID(&fid), PTR_ERR(lnkp));
1911 continue;
1912 }
1913
1914 if (!mdt_object_exists(lnkp)) {
>>> CID 458335: (TAINTED_SCALAR)
>>> Passing tainted expression "lname->ln_namelen" to "encode_fn_len", which uses it as a loop boundary.
1915 CDEBUG(D_INFO, DFID" doesn't exist, skip "DNAME"\n",
1916 PFID(&fid), encode_fn_luname(lname));
1917 mdt_object_put(info->mti_env, lnkp);
1918 continue;
1919 }
1920 relock:
/lustre/mdt/mdt_reint.c: 1901 in mdt_migrate_links_lock()
1895 PFID(&fid), encode_fn_luname(lname));
1896 continue;
1897 }
1898
1899 /* check if link parent is target parent too */
1900 if (tpobj != spobj && lu_fid_eq(mdt_object_fid(tpobj), &fid)) {
>>> CID 458335: (TAINTED_SCALAR)
>>> Passing tainted expression "lname->ln_namelen" to "encode_fn_len", which uses it as a loop boundary.
1901 CDEBUG(D_INFO,
1902 "skip lock on target parent "DFID"/"DNAME"\n",
1903 PFID(&fid), encode_fn_luname(lname));
1904 continue;
1905 }
1906
/lustre/mdt/mdt_reint.c: 1893 in mdt_migrate_links_lock()
1887 linkea_next_entry(&ldata)) {
1888 linkea_entry_unpack(ldata.ld_lee, &ldata.ld_reclen, lname,
1889 &fid);
1890
1891 /* check if link parent is source parent too */
1892 if (lu_fid_eq(mdt_object_fid(spobj), &fid)) {
>>> CID 458335: (TAINTED_SCALAR)
>>> Passing tainted expression "lname->ln_namelen" to "encode_fn_len", which uses it as a loop boundary.
1893 CDEBUG(D_INFO,
1894 "skip lock on source parent "DFID"/"DNAME"\n",
1895 PFID(&fid), encode_fn_luname(lname));
1896 continue;
1897 }
1898 ** CID 458334: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 458334: Insecure data handling (TAINTED_SCALAR)
/lustre/mdd/mdd_dir.c: 4139 in mdd_iterate_linkea()
4133
4134 /* Note: lname might miss \0 at the end */
4135 snprintf(filename, sizeof(info->mdi_name), DNAME,
4136 lname.ln_namelen, lname.ln_name);
4137 lname.ln_name = filename;
4138
>>> CID 458334: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "lname.ln_namelen" to "encode_fn_len", which uses it as a loop boundary.
4139 CDEBUG(D_INFO, DFID"/"DNAME"\n",
4140 PFID(&fid), encode_fn_luname(&lname));
4141
4142 rc = cb(env, sobj, tobj, tname, tpfid, &lname, &fid, opaque,
4143 handle);
4144 }
________________________________________________________________________________________________________
*** CID 458329: Insecure data handling (TAINTED_SCALAR)
/lustre/obdclass/linkea.c: 260 in linkea_overflow_shrink()
254 leh->leh_len += ldata->ld_reclen;
255 ldata->ld_lee = (struct link_ea_entry *)((char *)ldata->ld_lee +
256 ldata->ld_reclen);
257 }
258
259 linkea_entry_unpack(ldata->ld_lee, &ldata->ld_reclen, &tname, &tfid);
>>> CID 458329: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "tname.ln_namelen" to "encode_fn_len", which uses it as a loop boundary.
260 CDEBUG(D_INODE, "No enough space to hold the last linkea entry '"
261 DFID": "DNAME"', shrink it, left %d linkea entries, size %llu\n",
262 PFID(&tfid), encode_fn_luname(&tname), leh->leh_reccount,
263 leh->leh_len);
264
265 return leh->leh_len;
Bug
Major
LU-18810 add tunable option to disable filename logging
