Details
-
Bug
-
Resolution: Won't Fix
-
Major
-
None
-
Lustre 2.4.0
-
3
-
8123
Description
In ll_dir_ioctl() LL_IOC_LMV_SETSTRIPE: we pass lmv_user_md * lum to ll_dir_setdirstripe() but not lumlen. Hence no validation of lmm_stripe_count vs lumlen. (Future issue.)
In ll_dir_ioctl() IOC_LOV_GETINFO: an OOB array access/swab if lum_stripe_count (from US) does not agree with lmmsize.
In ll_lov_getstripe_ea_info() we should verify that lmmsize (from wire) agrees with lmm_stripe_count.
Style: In ll_lov_getstripe_ea_info() there are vars named lmmsize and lmm_size.
ll_dir_setstripe() checks senselessly for LMV_USER_MAGIC.
In mdt_setattr_unpack() we should check that ma_lmm_size (from RMF) agrees with sizeof(*lmm)/lmm_stripe_count.
In ll_setxattr() need to verity that passed size is at least sizeof(...).
lov_setstripe() is never called.
Why do we have LOV_USER_MAGIC_V1 and LOV_MAGIC_V1? Why isn't one defined to be the other? And similarly for the other LOV/LMV defines.
Should the MDT reint unpackers check for BE lmm_magic and swab accordingly?
In ll_lov_setstripe() what is the purpose of put_user(0, &lumv1p->lmm_stripe_count)? I cannot see that llapi checks this afterwards.
Attachments
Issue Links
- is related to
-
-
- Closed
-