Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-7624

fld_proc_hash_seq_write accesses userspace pointer directly

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • Lustre 2.8.0
    • Lustre 2.7.0, Lustre 2.5.3, Lustre 2.8.0
    • 3
    • 9223372036854775807

    Description

      In lustre/fld/lproc_fld.c we have this gem:

      static ssize_t
fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
                        size_t count, loff_t *off)
{
...
                if (!strncmp(fld_hash[i].fh_name, buffer, count)) {
                        hash = &fld_hash[i];
                        break;
                }
...

      This is a bug and we cannot really access user pointers directly. The value first must be copied to a kernel buffer.

      This was introduced in 2006 by Yury, part of cmd3 bringup.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-7623 Clean up lustre user/kernel pointer types.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. LU-6215 Sync Lustre external tree with lustre linux kernel client

          • Major - Major loss of function.
          • Resolved

          Activity

            [LU-7624] fld_proc_hash_seq_write accesses userspace pointer directly
            simmonsja James A Simmons added a comment -

            Oh I have been given power. How scary!!

            simmonsja James A Simmons added a comment - Oh I have been given power. How scary!!
            pjones Peter Jones added a comment -

            Do you realize that you have permissions to mark tickets as resolved James?

            pjones Peter Jones added a comment - Do you realize that you have permissions to mark tickets as resolved James?
            simmonsja James A Simmons added a comment -

            Patch has landed. This ticket can be closed.

            simmonsja James A Simmons added a comment - Patch has landed. This ticket can be closed.
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/17797/
            Subject: LU-7624 fld: copy userspace buffer
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: ab38c3afa2747c99b766b9bbdd825ef7593bc532

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/17797/ Subject: LU-7624 fld: copy userspace buffer Project: fs/lustre-release Branch: master Current Patch Set: Commit: ab38c3afa2747c99b766b9bbdd825ef7593bc532
            gerrit Gerrit Updater added a comment -

            Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/17797
            Subject: LU-7624 fld: copy userspace buffer
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 0ad4257e9873502971ce322f7590310e8cd42e33

            gerrit Gerrit Updater added a comment - Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/17797 Subject: LU-7624 fld: copy userspace buffer Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 0ad4257e9873502971ce322f7590310e8cd42e33
            pjones Peter Jones added a comment -

            Bob

            Could you please fix this one?

            Thanks

            Peter

            pjones Peter Jones added a comment - Bob Could you please fix this one? Thanks Peter

            People

              bogl Bob Glossman (Inactive)
              green Oleg Drokin
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: