[LU-7624] fld_proc_hash_seq_write accesses userspace pointer directly - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: Lustre 2.8.0
Affects Version/s: Lustre 2.7.0, Lustre 2.5.3, Lustre 2.8.0
Labels:
- easy

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

In lustre/fld/lproc_fld.c we have this gem:

static ssize_t
fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
                        size_t count, loff_t *off)
{
...
                if (!strncmp(fld_hash[i].fh_name, buffer, count)) {
                        hash = &fld_hash[i];
                        break;
                }
...

This is a bug and we cannot really access user pointers directly. The value first must be copied to a kernel buffer.

This was introduced in 2006 by Yury, part of cmd3 bringup.

Attachments

Issue Links

is related to

LU-7623 Clean up lustre user/kernel pointer types.

Resolved

LU-6215 Sync Lustre external tree with lustre linux kernel client

Resolved

Activity

[LU-7624] fld_proc_hash_seq_write accesses userspace pointer directly

Peter Jones made changes - 23/Sep/16 11:02 AM

Comment

[ No problem Henri. I'll delete the comments to prevent future confusion ]

Peter Jones made changes - 23/Sep/16 11:02 AM

Comment

[ The patch above was pushed with an incorrect LU reference and is absolutely not related to this ticket.
Sorry for that, please ignore. ]

Peter Jones made changes - 23/Sep/16 11:02 AM

Comment

[ Henri Doreau (henri.doreau@cea.fr) uploaded a new patch: http://review.whamcloud.com/22697
Subject: ~~LU-7624~~ mdd: refactor changelog handling for XATTR ops
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: d2db6deaa60335bee663e0a76b02f691f56d1a4b ]

Peter Jones made changes - 12/May/16 6:56 PM

Link

Original: This issue is related to LDEV-142 [ LDEV-142 ]

Peter Jones made changes - 12/May/16 6:56 PM

Link

New: This issue is related to LDEV-367 [ LDEV-367 ]

James A Simmons added a comment - 12/Jan/16 4:32 PM

Oh I have been given power. How scary!!

James A Simmons added a comment - 12/Jan/16 4:32 PM Oh I have been given power. How scary!!

Peter Jones made changes - 12/Jan/16 3:41 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Peter Jones added a comment - 12/Jan/16 3:41 PM

Do you realize that you have permissions to mark tickets as resolved James?

Peter Jones added a comment - 12/Jan/16 3:41 PM Do you realize that you have permissions to mark tickets as resolved James?

James A Simmons added a comment - 12/Jan/16 3:39 PM

Patch has landed. This ticket can be closed.

James A Simmons added a comment - 12/Jan/16 3:39 PM Patch has landed. This ticket can be closed.

Gerrit Updater added a comment - 12/Jan/16 2:48 AM

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/17797/
Subject: ~~LU-7624~~ fld: copy userspace buffer
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: ab38c3afa2747c99b766b9bbdd825ef7593bc532

Gerrit Updater added a comment - 12/Jan/16 2:48 AM Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/17797/ Subject: LU-7624 fld: copy userspace buffer Project: fs/lustre-release Branch: master Current Patch Set: Commit: ab38c3afa2747c99b766b9bbdd825ef7593bc532

People

Assignee:: Bob Glossman (Inactive)

Reporter:: Oleg Drokin

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 03/Jan/16 9:46 PM

Updated:: 23/Sep/16 11:02 AM

Resolved:: 12/Jan/16 3:41 PM