From 57e158e0357f70678bba703edac3ce811c072ff2 Mon Sep 17 00:00:00 2001
From: liangzhen <liangzhen>
Date: Wed, 15 Feb 2006 10:28:26 +0000
Subject: [PATCH] Fix for ioctl handler of obdclass: Data should be copied in
 kernel before checking.

---
 lustre/obdclass/class_obd.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/lustre/obdclass/class_obd.c b/lustre/obdclass/class_obd.c
index 456ce2a..f4b23d8 100644
--- a/lustre/obdclass/class_obd.c
+++ b/lustre/obdclass/class_obd.c
@@ -174,16 +174,19 @@ int class_handle_ioctl(unsigned int cmd, unsigned long arg)
                         CERROR("No config buffer passed!\n");
                         GOTO(out, err = -EINVAL);
                 }
-
-                err = lustre_cfg_sanity_check(data->ioc_pbuf1,
-                                              data->ioc_plen1);
-                if (err)
-                        GOTO(out, err);
-
                 OBD_ALLOC(lcfg, data->ioc_plen1);
                 err = copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1);
-                if (!err)
-                        err = class_process_config(lcfg);
+                if (err) {
+                        GOTO(out, err);
+                        OBD_FREE(lcfg, data->ioc_plen1);
+                }
+                err = lustre_cfg_sanity_check(lcfg, data->ioc_plen1);
+                if (err) {
+                        GOTO(out, err);
+                        OBD_FREE(lcfg, data->ioc_plen1);
+                }
+                err = class_process_config(lcfg);
+
                 OBD_FREE(lcfg, data->ioc_plen1);
                 GOTO(out, err);
         }
-- 
1.8.3.1