LU-7624 fld: copy userspace buffer

copy userspace buffer into kernel space before use.

Based on:
 Linux-commit: 48f46e74dc7d1770a69b1dc9ef9a54ab7c3aedc0

    staging: lustre: lustre: fld: lproc_fld.c fixed warning

    fixed warning for line over 80 characters by moving the struct init
    onto a diff line.

    Signed-off-by: Anil Belur <askb23@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 Linux-commit: e84962e3afc1665756bd4854c63da662696fb687

    staging: lustre: fix sparse warning on LPROC_SEQ_FOPS macros

    ...

    The patch also fixes one __user pointer direct dereference by
    strncmp() in function fld_proc_hash_seq_write().

    Signed-off-by: Tristan Lelong <tristan@lelong.xyz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 Linux-commit: 41dff7ac1a7c97f5532931154bfdf505d7ce1631

    staging: lustre: remove kmalloc from fld_proc_hash_seq_write

    This patch simplifies the fld_proc_hash_seq_write() function
    by removing the dynamic memory allocation.
    The longest fh_name used so far in lustre is 4 characters.
    We use a 8 bytes variable to be on the safe side.

    Signed-off-by: Tristan Lelong <tristan@lelong.xyz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Bob Glossman <bob.glossman@intel.com>
Change-Id: I3ca796f12d340753c6fd952587d2592dcfbc80c8
Reviewed-on: http://review.whamcloud.com/17797
Tested-by: Jenkins
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>

diff --git a/lustre/fld/lproc_fld.c b/lustre/fld/lproc_fld.c
index bb74e14..4ae4f26 100644 (file)
--- a/lustre/fld/lproc_fld.c
+++ b/lustre/fld/lproc_fld.c
@@ -87,22 +87,29 @@ static ssize_t
 fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
                        size_t count, loff_t *off)
 {
 fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
                        size_t count, loff_t *off)
 {

-       struct lu_client_fld *fld = ((struct seq_file *)file->private_data)->private;
-        struct lu_fld_hash *hash = NULL;
-        int i;
-       ENTRY;
+       struct lu_client_fld *fld;
+       struct lu_fld_hash *hash = NULL;
+       char fh_name[8];
+       int i;

 
 

-        LASSERT(fld != NULL);
+       if (count > sizeof(fh_name))
+               return -ENAMETOOLONG;

 
 

-        for (i = 0; fld_hash[i].fh_name != NULL; i++) {
-                if (count != strlen(fld_hash[i].fh_name))
-                        continue;
+       if (copy_from_user(fh_name, buffer, count) != 0)
+               return -EFAULT;

 
 

-                if (!strncmp(fld_hash[i].fh_name, buffer, count)) {
-                        hash = &fld_hash[i];
-                        break;
-                }
-        }
+       fld = ((struct seq_file *)file->private_data)->private;
+       LASSERT(fld != NULL);
+
+       for (i = 0; fld_hash[i].fh_name != NULL; i++) {
+               if (count != strlen(fld_hash[i].fh_name))
+                       continue;
+
+               if (!strncmp(fld_hash[i].fh_name, fh_name, count)) {
+                       hash = &fld_hash[i];
+                       break;
+               }
+       }

 
        if (hash != NULL) {
                spin_lock(&fld->lcf_lock);
 
        if (hash != NULL) {
                spin_lock(&fld->lcf_lock);


@@ -113,7 +120,7 @@ fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
                       fld->lcf_name, hash->fh_name);
        }
 
                       fld->lcf_name, hash->fh_name);
        }
 

-       RETURN(count);
+       return count;

 }
 
 static ssize_t
 }
 
 static ssize_t