From 288e55b8a38222af843a71a89df90234a72d8e0d Mon Sep 17 00:00:00 2001 From: Kit Westneat Date: Wed, 10 Aug 2016 12:41:48 -0400 Subject: [PATCH] LU-8258 nodemap: fix userspace address access in proc code The fileset proc write handler was incorrectly passing the userspace buffer address directly to the nodemap code. This patch copies it to kernel space before passing it. Because the buffer could be greater than 2k, allocate the buffer off stack. Signed-off-by: Kit Westneat Change-Id: If90c1a95c80b2afd2a4cf6a70dc41d28dd157a2f Reviewed-on: http://review.whamcloud.com/21857 Reviewed-by: James Simmons Tested-by: Jenkins Tested-by: Maloo Reviewed-by: Jian Yu Reviewed-by: Oleg Drokin --- lustre/ptlrpc/nodemap_lproc.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/lustre/ptlrpc/nodemap_lproc.c b/lustre/ptlrpc/nodemap_lproc.c index f9692e3..305f95b 100644 --- a/lustre/ptlrpc/nodemap_lproc.c +++ b/lustre/ptlrpc/nodemap_lproc.c @@ -210,15 +210,32 @@ nodemap_fileset_seq_write(struct file *file, size_t count, loff_t *off) { struct seq_file *m = file->private_data; + char *nm_fileset; int rc = 0; + ENTRY; - if (count > 0) - rc = nodemap_set_fileset(m->private, buffer); + if (count == 0) + RETURN(0); + + if (count > PATH_MAX) + RETURN(-EINVAL); + + OBD_ALLOC(nm_fileset, count); + if (nm_fileset == NULL) + RETURN(-ENOMEM); + if (copy_from_user(nm_fileset, buffer, count)) + GOTO(out, rc = -EFAULT); + + rc = nodemap_set_fileset(m->private, nm_fileset); if (rc != 0) - return -EINVAL; + GOTO(out, rc = -EINVAL); - return count; + rc = count; +out: + OBD_FREE(nm_fileset, count); + + return rc; } LPROC_SEQ_FOPS(nodemap_fileset); -- 1.8.3.1