From a9ae88bbaca0770f28f3c88a4afed6b99403aec6 Mon Sep 17 00:00:00 2001
From: Jian Yu <jian.yu@intel.com>
Date: Mon, 31 Oct 2016 14:26:45 +0800
Subject: [PATCH] LU-8774 lprocfs: not use MAX_STRING_SIZE in copy_from_user

This patch removes the usage of MAX_STRING_SIZE from
copy_from_user() and just copies enough bytes to cover
count passed in.

Signed-off-by: Jian Yu <jian.yu@intel.com>
Change-Id: I1ac2c779b5cd984f88bb85d4ae8d571f7931091f
Reviewed-on: http://review.whamcloud.com/23462
Tested-by: Jenkins
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---
 lustre/ldlm/ldlm_resource.c      | 20 ++++++++++++++------
 lustre/obdclass/lprocfs_status.c | 30 +++++++++++++++++++-----------
 2 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/lustre/ldlm/ldlm_resource.c b/lustre/ldlm/ldlm_resource.c
index 85c7f41..b131001 100644
--- a/lustre/ldlm/ldlm_resource.c
+++ b/lustre/ldlm/ldlm_resource.c
@@ -305,13 +305,21 @@ static ssize_t lprocfs_lru_size_seq_write(struct file *file,
 					  size_t count, loff_t *off)
 {
 	struct ldlm_namespace *ns = ((struct seq_file *)file->private_data)->private;
-        char dummy[MAX_STRING_SIZE + 1], *end;
-        unsigned long tmp;
-        int lru_resize;
+	char		       dummy[MAX_STRING_SIZE + 1];
+	char		      *end;
+	unsigned long	       tmp;
+	int		       lru_resize;
 
-        dummy[MAX_STRING_SIZE] = '\0';
-	if (copy_from_user(dummy, buffer, MAX_STRING_SIZE))
-                return -EFAULT;
+	if (count >= sizeof(dummy))
+		return -EINVAL;
+
+	if (count == 0)
+		return 0;
+
+	if (copy_from_user(dummy, buffer, count))
+		return -EFAULT;
+
+	dummy[count] = 0;
 
         if (strncmp(dummy, "clear", 5) == 0) {
                 CDEBUG(D_DLMTRACE,
diff --git a/lustre/obdclass/lprocfs_status.c b/lustre/obdclass/lprocfs_status.c
index a58cbc3..08db676 100644
--- a/lustre/obdclass/lprocfs_status.c
+++ b/lustre/obdclass/lprocfs_status.c
@@ -296,20 +296,28 @@ EXPORT_SYMBOL(lprocfs_uint_seq_show);
 int lprocfs_wr_uint(struct file *file, const char __user *buffer,
                     unsigned long count, void *data)
 {
-        unsigned *p = data;
-        char dummy[MAX_STRING_SIZE + 1], *end;
-        unsigned long tmp;
+	unsigned	*p = data;
+	char		 dummy[MAX_STRING_SIZE + 1];
+	char		*end;
+	unsigned long	 tmp;
 
-        dummy[MAX_STRING_SIZE] = '\0';
-	if (copy_from_user(dummy, buffer, MAX_STRING_SIZE))
-                return -EFAULT;
+	if (count >= sizeof(dummy))
+		return -EINVAL;
 
-        tmp = simple_strtoul(dummy, &end, 0);
-        if (dummy == end)
-                return -EINVAL;
+	if (count == 0)
+		return 0;
+
+	if (copy_from_user(dummy, buffer, count))
+		return -EFAULT;
 
-        *p = (unsigned int)tmp;
-        return count;
+	dummy[count] = 0;
+
+	tmp = simple_strtoul(dummy, &end, 0);
+	if (dummy == end)
+		return -EINVAL;
+
+	*p = (unsigned int)tmp;
+	return count;
 }
 EXPORT_SYMBOL(lprocfs_wr_uint);
 
-- 
1.8.3.1