From: Sebastien Buisson <sbuisson@ddn.com>
Date: Fri, 26 Apr 2024 14:49:17 +0000 (+0200)
Subject: LU-17431 nodemap: sanity check ioctl user buffer
X-Git-Tag: 2.15.64~177
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=1de7a72cd437c93c537377023d5243d43589394a;p=fs%2Flustre-release.git

LU-17431 nodemap: sanity check ioctl user buffer

In server_iocontrol_nodemap(), user data is copied into a struct
lustre_cfg. Then this data must be sanity checked, by calling
lustre_cfg_sanity_check().

CoverityID: 425252 ("Passing tainted expression lcfg->lcfg_buflens to lustre_cfg_string")
CoverityID: 397130 ("Passing tainted expression lcfg->lcfg_buflens")
Fixes: 72734cf178 ("LU-17431 ptlrpc: move nodemap related ioctls to ptlrpc")

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I268b53fc0e977716ffd1985d145dc27b6acccf94
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/54928
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/ptlrpc/nodemap_handler.c b/lustre/ptlrpc/nodemap_handler.c
index f2cf2de..feaf1aa 100644
--- a/lustre/ptlrpc/nodemap_handler.c
+++ b/lustre/ptlrpc/nodemap_handler.c
@@ -2256,6 +2256,8 @@ int server_iocontrol_nodemap(struct obd_device *obd,
 
 	if (copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1))
 		GOTO(out_lcfg, rc = -EFAULT);
+	if (lustre_cfg_sanity_check(lcfg, data->ioc_plen1))
+		GOTO(out_lcfg, rc = -EINVAL);
 
 	cmd = lcfg->lcfg_command;