Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-7625

gss_proc_write_secinit clobbers user buffer

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      This is a long standing issue that I am not sure how it got through.

      gss_proc_write_secinit is a write function for /proc/fs/lustre/sptlrpc/gss/init_channel

      It calls gss_do_ctx_init_rpc() that proceeds to read some data from the buffer passed (as designed) and then proceeds to write a reply back into that same buffer - HUH?!

      So after some digging it looks like this really was supposed to be ioctl, see this fragment in lgss_keyring.c::do_nego_rpc():

              fd = open(INIT_CHANNEL, O_WRONLY);
        if (fd < 0) {
                logmsg(LL_ERR, "can't open " INIT_CHANNEL "\n");
                return -EACCES;
        }

        logmsg(LL_TRACE, "to down-write\n");

        ret = write(fd, &param, sizeof(param));
        if (ret != sizeof(param)) {
                logmsg(LL_ERR, "lustre ioctl err: %s\n", strerror(errno));
                close(fd);
                return -EACCES;
        }
        close(fd);

      We really need to update this bit to become proper ioctl for it all to make sense.

      Attachments

        Activity

          People

            wc-triage WC Triage
            green Oleg Drokin
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: