LU-16342 mdt: not copy pool_name to quotactl in reply

Don not copy pool_name in mdt reply to avoid out-of-bounds:
BUG: KASAN: slab-out-of-bounds in mdt_quotactl+0x13ff/0x1430 [mdt]

Lustre-change: https://review.whamcloud.com/49242
Lustre-commit: 7e5f927458544bd2681027bfc3df6136d059121f

HPE-bug-id: LUS-10579
Change-Id: I34c4cd8aaccd938c95005dca06644e02132def34
Signed-off-by: Sergey Cheremencev <sergey.cheremencev@hpe.com>
Reviewed-on: https://es-gerrit.dev.cray.com/160899
Reviewed-by: Andrew Perepechko <andrew.perepechko@hpe.com>
Reviewed-by: Andriy Skulysh <c17819@cray.com>
Tested-by: Vitaly Fertman <c17818@cray.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/49806
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Sergey Cheremencev <scherementsev@ddn.com>

diff --git a/lustre/include/uapi/linux/lustre/lustre_idl.h b/lustre/include/uapi/linux/lustre/lustre_idl.h
index 2c0e4d1..39e7538 100644 (file)
--- a/lustre/include/uapi/linux/lustre/lustre_idl.h
+++ b/lustre/include/uapi/linux/lustre/lustre_idl.h
@@ -1509,7 +1509,7 @@ struct obd_quotactl {
 
 #define Q_COPY(out, in, member) (out)->member = (in)->member
 
-#define QCTL_COPY(out, in)                             \
+#define __QCTL_COPY(out, in, need_pname)               \
 do {                                                   \
        Q_COPY(out, in, qc_cmd);                        \
        Q_COPY(out, in, qc_type);                       \
@@ -1517,12 +1517,15 @@ do {                                                    \
        Q_COPY(out, in, qc_stat);                       \
        Q_COPY(out, in, qc_dqinfo);                     \
        Q_COPY(out, in, qc_dqblk);                      \
-       if (LUSTRE_Q_CMD_IS_POOL(in->qc_cmd))           \
+       if (need_pname && LUSTRE_Q_CMD_IS_POOL(in->qc_cmd))             \
                memcpy(out->qc_poolname,                \
                       in->qc_poolname,                 \
                       LOV_MAXPOOLNAME + 1);            \
 } while (0)
 
+#define QCTL_COPY(out, in) __QCTL_COPY(out, in, true)
+#define QCTL_COPY_NO_PNAME(out, in) __QCTL_COPY(out, in, false)
+
 /* Body of quota request used for quota acquire/release RPCs between quota
  * master (aka QMT) and slaves (ak QSD). */
 struct quota_body {

diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c
index 6d7cf4d..35ca2d3 100644 (file)
--- a/lustre/mdt/mdt_handler.c
+++ b/lustre/mdt/mdt_handler.c
@@ -3318,7 +3318,7 @@ static int mdt_quotactl(struct tgt_session_info *tsi)
        if (oqctl->qc_id != id)
                swap(oqctl->qc_id, id);
 
-       QCTL_COPY(repoqc, oqctl);
+       QCTL_COPY_NO_PNAME(repoqc, oqctl);
        EXIT;
 
 out_nodemap: