From 4c4c4ca3a6c1c1e62a74fc25f76dd1dfa81e5265 Mon Sep 17 00:00:00 2001
From: Oleg Drokin <green@whamcloud.com>
Date: Sat, 17 Aug 2019 01:43:36 -0400
Subject: [PATCH] LU-12614 ldlm: ldlm_cancel_hpreq_check should check lock
 count

Make sure the number of locks we are going to cancel fits into
the supplied buffer first.
This is similar to LU-12603, just in a different place.

Lustre-change: https://review.whamcloud.com/35807
Lustre-commit: 2b7af478bdbf5c6701e0e49aefe34597bdee3126

Change-Id: Ifa2aa976ce8613217c739ef609de54538c57b5e9
Signed-off-by: Oleg Drokin <green@whamcloud.com>
Reported-by: Alibaba Cloud <yunye.ry@alibaba-inc.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Yunye Ry <yunye.ry@alibaba-inc.com>
Signed-off-by: Minh Diep <mdiep@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/36107
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
---
 lustre/ldlm/ldlm_lockd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lustre/ldlm/ldlm_lockd.c b/lustre/ldlm/ldlm_lockd.c
index 5280277..d579c1b 100644
--- a/lustre/ldlm/ldlm_lockd.c
+++ b/lustre/ldlm/ldlm_lockd.c
@@ -2406,6 +2406,7 @@ static int ldlm_cancel_hpreq_check(struct ptlrpc_request *req)
 	struct ldlm_request *dlm_req;
 	int rc = 0;
 	int i;
+	unsigned int size;
 
 	ENTRY;
 
@@ -2417,6 +2418,12 @@ static int ldlm_cancel_hpreq_check(struct ptlrpc_request *req)
 	if (dlm_req == NULL)
 		RETURN(-EFAULT);
 
+	size = req_capsule_get_size(&req->rq_pill, &RMF_DLM_REQ, RCL_CLIENT);
+	if (size <= offsetof(struct ldlm_request, lock_handle) ||
+	    (size - offsetof(struct ldlm_request, lock_handle)) /
+	     sizeof(struct lustre_handle) < dlm_req->lock_count)
+		RETURN(-EPROTO);
+
 	for (i = 0; i < dlm_req->lock_count; i++) {
 		struct ldlm_lock *lock;
 
-- 
1.8.3.1