Details
-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
None
-
3
-
9223372036854775807
Description
Patch http://review.whamcloud.com/18783 added this bit of code:
nodemap_fileset_seq_write(struct file *file,
const char __user *buffer,
size_t count, loff_t *off)
{
struct seq_file *m = file->private_data;
int rc = 0;
if (count > 0)
rc = nodemap_set_fileset(m->private, buffer);
if (rc != 0)
return -EINVAL;
return count;
}
Now the problem is - buffer is in userspace, so we cannot just pass it like this to nodemap_set_fileset where it would get dereferenced.
We need to properly copy it to kernelspace first.