Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-7624] fld_proc_hash_seq_write accesses userspace pointer directly https://jira.whamcloud.com/browse/LU-7624 Lustre <p>In lustre/fld/lproc_fld.c we have this gem:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"><span class="code-keyword">static</span> ssize_t fld_proc_hash_seq_write(struct file *file, <span class="code-keyword">const</span> <span class="code-object">char</span> __user *buffer, size_t count, loff_t *off) { ... <span class="code-keyword">if</span> (!strncmp(fld_hash[i].fh_name, buffer, count)) { hash = &amp;fld_hash[i]; <span class="code-keyword">break</span>; } ... </pre> </div></div> <p>This is a bug and we cannot really access user pointers directly. The value first must be copied to a kernel buffer.</p> <p>This was introduced in 2006 by Yury, part of cmd3 bringup.</p> LU-7624 fld_proc_hash_seq_write accesses userspace pointer directly Bug Critical Resolved Fixed Bob Glossman Oleg Drokin Sun, 3 Jan 2016 21:46:34 +0000 Fri, 23 Sep 2016 11:02:28 +0000 Tue, 12 Jan 2016 15:41:00 +0000 Lustre 2.7.0 Lustre 2.5.3 Lustre 2.8.0 Lustre 2.8.0 0 7 <p>Bob</p> <p>Could you please fix this one?</p> <p>Thanks</p> <p>Peter</p> <p>Bob Glossman (bob.glossman@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/17797" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/17797</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7624" title="fld_proc_hash_seq_write accesses userspace pointer directly" class="issue-link" data-issue-key="LU-7624"><del>LU-7624</del></a> fld: copy userspace buffer<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 0ad4257e9873502971ce322f7590310e8cd42e33</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/17797/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/17797/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7624" title="fld_proc_hash_seq_write accesses userspace pointer directly" class="issue-link" data-issue-key="LU-7624"><del>LU-7624</del></a> fld: copy userspace buffer<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: ab38c3afa2747c99b766b9bbdd825ef7593bc532</p> <p>Patch has landed. This ticket can be closed.</p> <p>Do you realize that you have permissions to mark tickets as resolved James? <img class="emoticon" src="https://jira.whamcloud.com/images/icons/emoticons/smile.png" height="16" width="16" align="absmiddle" alt="" border="0"/></p> <p>Oh I have been given power. How scary!!</p> Related LU-7623 LU-6215 Development Rank 1|hzxx3r: Rank (Obsolete) 9223372036854775807 Severity