[LU-8258] Unsafe userspace address access from proc handler in nodemap code - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: Lustre 2.9.0
Affects Version/s: None
Labels:
None

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

Patch http://review.whamcloud.com/18783 added this bit of code:

nodemap_fileset_seq_write(struct file *file,
                                      const char __user *buffer,
                                      size_t count, loff_t *off)
{
        struct seq_file *m = file->private_data;
        int rc = 0;

        if (count > 0)
                rc = nodemap_set_fileset(m->private, buffer);

        if (rc != 0)
                return -EINVAL;

        return count;
}

Now the problem is - buffer is in userspace, so we cannot just pass it like this to nodemap_set_fileset where it would get dereferenced.
We need to properly copy it to kernelspace first.

Attachments

Activity

People

Assignee:: Kit Westneat (Inactive)

Reporter:: Oleg Drokin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Jun/16 2:28 AM

Updated:: 18/Aug/16 5:24 PM

Resolved:: 18/Aug/16 5:24 PM