LU-8258 nodemap: fix userspace address access in proc code

The fileset proc write handler was incorrectly passing the userspace
buffer address directly to the nodemap code. This patch copies it to
kernel space before passing it.  Because the buffer could be greater
than 2k, allocate the buffer off stack.

Signed-off-by: Kit Westneat <kit.westneat@gmail.com>
Change-Id: If90c1a95c80b2afd2a4cf6a70dc41d28dd157a2f
Reviewed-on: http://review.whamcloud.com/21857
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Jian Yu <jian.yu@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/ptlrpc/nodemap_lproc.c b/lustre/ptlrpc/nodemap_lproc.c
index f9692e3..305f95b 100644 (file)
--- a/lustre/ptlrpc/nodemap_lproc.c
+++ b/lustre/ptlrpc/nodemap_lproc.c
@@ -210,15 +210,32 @@ nodemap_fileset_seq_write(struct file *file,
                                      size_t count, loff_t *off)
 {
        struct seq_file *m = file->private_data;
+       char *nm_fileset;
        int rc = 0;
+       ENTRY;
 
-       if (count > 0)
-               rc = nodemap_set_fileset(m->private, buffer);
+       if (count == 0)
+               RETURN(0);
+
+       if (count > PATH_MAX)
+               RETURN(-EINVAL);
+
+       OBD_ALLOC(nm_fileset, count);
+       if (nm_fileset == NULL)
+               RETURN(-ENOMEM);
 
+       if (copy_from_user(nm_fileset, buffer, count))
+               GOTO(out, rc = -EFAULT);
+
+       rc = nodemap_set_fileset(m->private, nm_fileset);
        if (rc != 0)
-               return -EINVAL;
+               GOTO(out, rc = -EINVAL);
 
-       return count;
+       rc = count;
+out:
+       OBD_FREE(nm_fileset, count);
+
+       return rc;
 }
 LPROC_SEQ_FOPS(nodemap_fileset);