When 'struct lov_user_md' is passed in via setxattr, it comes with
a size. If thatt size is too small, some function that check exactly
what version is present might access beyond the end of allocation
memory, which can have undesirable effects, such as triggering
a KASAN warning (and possibly worse).
So check that the size is sane before looking inside the structure
at all.
Lustre-change: https://review.whamcloud.com/36589
Lustre-commit
f2d06d3c76a1d69447e7bd6fd29d8165be558d73
Signed-off-by: Mr NeilBrown <neilb@suse.de>
Change-Id: Ib3f071a3ff77a039fdfa38c903d87999108b3322
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Reviewed-on: https://review.whamcloud.com/38433
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
if (!size && lump)
lump = NULL;
+ if (size && size < sizeof(*lump)) {
+ /* ll_adjust_lum() or ll_lov_user_md_size() might access
+ * before size - just give up now.
+ */
+ return -ERANGE;
+ }
rc = ll_adjust_lum(inode, lump);
if (rc)
return rc;