copy userspace buffer into kernel space before use.
Based on:
Linux-commit:
48f46e74dc7d1770a69b1dc9ef9a54ab7c3aedc0
staging: lustre: lustre: fld: lproc_fld.c fixed warning
fixed warning for line over 80 characters by moving the struct init
onto a diff line.
Signed-off-by: Anil Belur <askb23@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux-commit:
e84962e3afc1665756bd4854c63da662696fb687
staging: lustre: fix sparse warning on LPROC_SEQ_FOPS macros
...
The patch also fixes one __user pointer direct dereference by
strncmp() in function fld_proc_hash_seq_write().
Signed-off-by: Tristan Lelong <tristan@lelong.xyz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux-commit:
41dff7ac1a7c97f5532931154bfdf505d7ce1631
staging: lustre: remove kmalloc from fld_proc_hash_seq_write
This patch simplifies the fld_proc_hash_seq_write() function
by removing the dynamic memory allocation.
The longest fh_name used so far in lustre is 4 characters.
We use a 8 bytes variable to be on the safe side.
Signed-off-by: Tristan Lelong <tristan@lelong.xyz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Bob Glossman <bob.glossman@intel.com>
Change-Id: I3ca796f12d340753c6fd952587d2592dcfbc80c8
Reviewed-on: http://review.whamcloud.com/17797
Tested-by: Jenkins
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
size_t count, loff_t *off)
{
fld_proc_hash_seq_write(struct file *file, const char __user *buffer,
size_t count, loff_t *off)
{
- struct lu_client_fld *fld = ((struct seq_file *)file->private_data)->private;
- struct lu_fld_hash *hash = NULL;
- int i;
- ENTRY;
+ struct lu_client_fld *fld;
+ struct lu_fld_hash *hash = NULL;
+ char fh_name[8];
+ int i;
+ if (count > sizeof(fh_name))
+ return -ENAMETOOLONG;
- for (i = 0; fld_hash[i].fh_name != NULL; i++) {
- if (count != strlen(fld_hash[i].fh_name))
- continue;
+ if (copy_from_user(fh_name, buffer, count) != 0)
+ return -EFAULT;
- if (!strncmp(fld_hash[i].fh_name, buffer, count)) {
- hash = &fld_hash[i];
- break;
- }
- }
+ fld = ((struct seq_file *)file->private_data)->private;
+ LASSERT(fld != NULL);
+
+ for (i = 0; fld_hash[i].fh_name != NULL; i++) {
+ if (count != strlen(fld_hash[i].fh_name))
+ continue;
+
+ if (!strncmp(fld_hash[i].fh_name, fh_name, count)) {
+ hash = &fld_hash[i];
+ break;
+ }
+ }
if (hash != NULL) {
spin_lock(&fld->lcf_lock);
if (hash != NULL) {
spin_lock(&fld->lcf_lock);
fld->lcf_name, hash->fh_name);
}
fld->lcf_name, hash->fh_name);
}