[#LU-3658] No user input verification in LL_IOC_HSM_REQUEST of ll_dir

HSM _not only_ small fixes and to do list goes here (LU-3647) [LU-3658] No user input verification in LL_IOC_HSM_REQUEST of ll_dir_ioctl() Created: 29/Jul/13 Updated: 21/Oct/13 Resolved: 17/Aug/13
Status:	Resolved
Project:	Lustre
Component/s:	None
Affects Version/s:	Lustre 2.5.0
Fix Version/s:	Lustre 2.5.0

Type:

Technical task

Priority:

Blocker

Reporter:

Jinshan Xiong (Inactive)

Assignee:

Jinshan Xiong (Inactive)

Resolution:

Fixed

Votes:

Labels:

HSM

Rank (Obsolete):

9435

Description

the code snippet is as follows:

                /* We don't know the true size yet; copy the fixed-size part */
                if (copy_from_user(hur, (void *)arg, sizeof(*hur))) {
                        OBD_FREE_PTR(hur);
                        RETURN(-EFAULT);
                }

                /* Compute the whole struct size */
                totalsize = hur_len(hur);
                OBD_FREE_PTR(hur);
                OBD_ALLOC_LARGE(hur, totalsize);
                if (hur == NULL)
                        RETURN(-ENOMEM);

So if the user space program passes in a malicious data with huge hur_len, the kernel will be in trouble. We need to make sure the itemcount is reasonable.

Comments

Comment by Jinshan Xiong (Inactive) [ 13/Aug/13 ]

patch is at http://review.whamcloud.com/7243

Comment by Andreas Dilger [ 21/Oct/13 ]

Problem was fixed in the final version of the ~~LU-3647~~ patch that was landed.

Generated at Sat Feb 10 01:35:48 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.

[LU-3658] No user input verification in LL_IOC_HSM_REQUEST of ll_dir_ioctl() Created: 29/Jul/13 Updated: 21/Oct/13 Resolved: 17/Aug/13