From ab38c3afa2747c99b766b9bbdd825ef7593bc532 Mon Sep 17 00:00:00 2001
From: Bob Glossman <bob.glossman@intel.com>
Date: Mon, 4 Jan 2016 11:28:43 -0800
Subject: [PATCH] LU-7624 fld: copy userspace buffer

copy userspace buffer into kernel space before use.

Based on:
 Linux-commit: 48f46e74dc7d1770a69b1dc9ef9a54ab7c3aedc0

    staging: lustre: lustre: fld: lproc_fld.c fixed warning

    fixed warning for line over 80 characters by moving the struct init
    onto a diff line.

    Signed-off-by: Anil Belur <askb23@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 Linux-commit: e84962e3afc1665756bd4854c63da662696fb687

    staging: lustre: fix sparse warning on LPROC_SEQ_FOPS macros

    ...

    The patch also fixes one __user pointer direct dereference by
    strncmp() in function fld_proc_hash_seq_write().

    Signed-off-by: Tristan Lelong <tristan@lelong.xyz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 Linux-commit: 41dff7ac1a7c97f5532931154bfdf505d7ce1631

    staging: lustre: remove kmalloc from fld_proc_hash_seq_write

    This patch simplifies the fld_proc_hash_seq_write() function
    by removing the dynamic memory allocation.
    The longest fh_name used so far in lustre is 4 characters.
    We use a 8 bytes variable to be on the safe side.

    Signed-off-by: Tristan Lelong <tristan@lelong.xyz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Bob Glossman <bob.glossman@intel.com>
Change-Id: I3ca796f12d340753c6fd952587d2592dcfbc80c8
Reviewed-on: http://review.whamcloud.com/17797
Tested-by: Jenkins
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
---
 lustre/fld/lproc_fld.c | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/lustre/fld/lproc_fld.c b/lustre/fld/lproc_fld.c
index bb74e14..4ae4f26 100644
--- a/lustre/fld/lproc_fld.c
+++ b/lustre/fld/lproc_fld.c
@@ -87,22 +87,29 @@ static ssize_t
 fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
 			size_t count, loff_t *off)
 {
-	struct lu_client_fld *fld = ((struct seq_file *)file->private_data)->private;
-        struct lu_fld_hash *hash = NULL;
-        int i;
-	ENTRY;
+	struct lu_client_fld *fld;
+	struct lu_fld_hash *hash = NULL;
+	char fh_name[8];
+	int i;
 
-        LASSERT(fld != NULL);
+	if (count > sizeof(fh_name))
+		return -ENAMETOOLONG;
 
-        for (i = 0; fld_hash[i].fh_name != NULL; i++) {
-                if (count != strlen(fld_hash[i].fh_name))
-                        continue;
+	if (copy_from_user(fh_name, buffer, count) != 0)
+		return -EFAULT;
 
-                if (!strncmp(fld_hash[i].fh_name, buffer, count)) {
-                        hash = &fld_hash[i];
-                        break;
-                }
-        }
+	fld = ((struct seq_file *)file->private_data)->private;
+	LASSERT(fld != NULL);
+
+	for (i = 0; fld_hash[i].fh_name != NULL; i++) {
+		if (count != strlen(fld_hash[i].fh_name))
+			continue;
+
+		if (!strncmp(fld_hash[i].fh_name, fh_name, count)) {
+			hash = &fld_hash[i];
+			break;
+		}
+	}
 
 	if (hash != NULL) {
 		spin_lock(&fld->lcf_lock);
@@ -113,7 +120,7 @@ fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
 		       fld->lcf_name, hash->fh_name);
 	}
 
-	RETURN(count);
+	return count;
 }
 
 static ssize_t
-- 
1.8.3.1