HSM _not only_ small fixes and to do list goes here
(LU-3647)
|
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.5.0 |
| Fix Version/s: | Lustre 2.5.0 |
| Type: | Technical task | Priority: | Blocker |
| Reporter: | Jinshan Xiong (Inactive) | Assignee: | Jinshan Xiong (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | HSM | ||
| Rank (Obsolete): | 9435 |
| Description |
|
the code snippet is as follows: /* We don't know the true size yet; copy the fixed-size part */ if (copy_from_user(hur, (void *)arg, sizeof(*hur))) { OBD_FREE_PTR(hur); RETURN(-EFAULT); } /* Compute the whole struct size */ totalsize = hur_len(hur); OBD_FREE_PTR(hur); OBD_ALLOC_LARGE(hur, totalsize); if (hur == NULL) RETURN(-ENOMEM); So if the user space program passes in a malicious data with huge hur_len, the kernel will be in trouble. We need to make sure the itemcount is reasonable. |
| Comments |
| Comment by Jinshan Xiong (Inactive) [ 13/Aug/13 ] |
|
patch is at http://review.whamcloud.com/7243 |
| Comment by Andreas Dilger [ 21/Oct/13 ] |
|
Problem was fixed in the final version of the |