From: Sergey Cheremencev <sergey.cheremencev@hpe.com>
Date: Wed, 8 Mar 2023 19:55:06 +0000 (-0800)
Subject: LU-16342 mdt: not copy pool_name to quotactl in reply
X-Git-Tag: 2.15.3-RC1~66
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=101080a430f0aaceb4c1ca546390a85600fa9d0c;p=fs%2Flustre-release.git

LU-16342 mdt: not copy pool_name to quotactl in reply

Don not copy pool_name in mdt reply to avoid out-of-bounds:
BUG: KASAN: slab-out-of-bounds in mdt_quotactl+0x13ff/0x1430 [mdt]

Lustre-change: https://review.whamcloud.com/49242
Lustre-commit: 7e5f927458544bd2681027bfc3df6136d059121f

HPE-bug-id: LUS-10579
Change-Id: I34c4cd8aaccd938c95005dca06644e02132def34
Signed-off-by: Sergey Cheremencev <sergey.cheremencev@hpe.com>
Reviewed-on: https://es-gerrit.dev.cray.com/160899
Reviewed-by: Andrew Perepechko <andrew.perepechko@hpe.com>
Reviewed-by: Andriy Skulysh <c17819@cray.com>
Tested-by: Vitaly Fertman <c17818@cray.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/49806
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Sergey Cheremencev <scherementsev@ddn.com>
---

diff --git a/lustre/include/uapi/linux/lustre/lustre_idl.h b/lustre/include/uapi/linux/lustre/lustre_idl.h
index 2c0e4d1..39e7538 100644
--- a/lustre/include/uapi/linux/lustre/lustre_idl.h
+++ b/lustre/include/uapi/linux/lustre/lustre_idl.h
@@ -1509,7 +1509,7 @@ struct obd_quotactl {
 
 #define Q_COPY(out, in, member) (out)->member = (in)->member
 
-#define QCTL_COPY(out, in)				\
+#define __QCTL_COPY(out, in, need_pname)		\
 do {							\
 	Q_COPY(out, in, qc_cmd);			\
 	Q_COPY(out, in, qc_type);			\
@@ -1517,12 +1517,15 @@ do {							\
 	Q_COPY(out, in, qc_stat);			\
 	Q_COPY(out, in, qc_dqinfo);			\
 	Q_COPY(out, in, qc_dqblk);			\
-	if (LUSTRE_Q_CMD_IS_POOL(in->qc_cmd))		\
+	if (need_pname && LUSTRE_Q_CMD_IS_POOL(in->qc_cmd))		\
 		memcpy(out->qc_poolname,		\
 		       in->qc_poolname,			\
 		       LOV_MAXPOOLNAME + 1);		\
 } while (0)
 
+#define QCTL_COPY(out, in) __QCTL_COPY(out, in, true)
+#define QCTL_COPY_NO_PNAME(out, in) __QCTL_COPY(out, in, false)
+
 /* Body of quota request used for quota acquire/release RPCs between quota
  * master (aka QMT) and slaves (ak QSD). */
 struct quota_body {
diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c
index 6d7cf4d..35ca2d3 100644
--- a/lustre/mdt/mdt_handler.c
+++ b/lustre/mdt/mdt_handler.c
@@ -3318,7 +3318,7 @@ static int mdt_quotactl(struct tgt_session_info *tsi)
 	if (oqctl->qc_id != id)
 		swap(oqctl->qc_id, id);
 
-	QCTL_COPY(repoqc, oqctl);
+	QCTL_COPY_NO_PNAME(repoqc, oqctl);
 	EXIT;
 
 out_nodemap: