Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-3647 HSM _not only_ small fixes and to do list goes here
  3. LU-3658

No user input verification in LL_IOC_HSM_REQUEST of ll_dir_ioctl()

    XMLWordPrintable

Details

    • Technical task
    • Resolution: Fixed
    • Blocker
    • Lustre 2.5.0
    • Lustre 2.5.0
    • 9435

    Description

      the code snippet is as follows:

                      /* We don't know the true size yet; copy the fixed-size part */
                if (copy_from_user(hur, (void *)arg, sizeof(*hur))) {
                        OBD_FREE_PTR(hur);
                        RETURN(-EFAULT);
                }

                /* Compute the whole struct size */
                totalsize = hur_len(hur);
                OBD_FREE_PTR(hur);
                OBD_ALLOC_LARGE(hur, totalsize);
                if (hur == NULL)
                        RETURN(-ENOMEM);

      So if the user space program passes in a malicious data with huge hur_len, the kernel will be in trouble. We need to make sure the itemcount is reasonable.

      Attachments

        Activity

          People

            jay Jinshan Xiong (Inactive)
            jay Jinshan Xiong (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: