Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-7624

fld_proc_hash_seq_write accesses userspace pointer directly

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • Lustre 2.8.0
    • Lustre 2.7.0, Lustre 2.5.3, Lustre 2.8.0
    • 3
    • 9223372036854775807

    Description

      In lustre/fld/lproc_fld.c we have this gem:

      static ssize_t
fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
                        size_t count, loff_t *off)
{
...
                if (!strncmp(fld_hash[i].fh_name, buffer, count)) {
                        hash = &fld_hash[i];
                        break;
                }
...

      This is a bug and we cannot really access user pointers directly. The value first must be copied to a kernel buffer.

      This was introduced in 2006 by Yury, part of cmd3 bringup.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-7623 Clean up lustre user/kernel pointer types.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. LU-6215 Sync Lustre external tree with lustre linux kernel client

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              bogl Bob Glossman (Inactive)
              green Oleg Drokin
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: