From: Oleg Drokin <green@whamcloud.com>
Date: Sat, 17 Aug 2019 05:43:36 +0000 (-0400)
Subject: LU-12614 ldlm: ldlm_cancel_hpreq_check should check lock count
X-Git-Tag: 2.12.58~23
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=2b7af478bdbf5c6701e0e49aefe34597bdee3126;hp=0f6302471fd2344aaac58a3b12af2ae108b57f90

LU-12614 ldlm: ldlm_cancel_hpreq_check should check lock count

Make sure the number of locks we are going to cancel fits into
the supplied buffer first.
This is similar to LU-12603, just in a different place.

Change-Id: Ifa2aa976ce8613217c739ef609de54538c57b5e9
Signed-off-by: Oleg Drokin <green@whamcloud.com>
Reported-by: Alibaba Cloud <yunye.ry@alibaba-inc.com>
Reviewed-on: https://review.whamcloud.com/35807
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Yunye Ry <yunye.ry@alibaba-inc.com>
---

diff --git a/lustre/ldlm/ldlm_lockd.c b/lustre/ldlm/ldlm_lockd.c
index 65509be..6fcc0a9 100644
--- a/lustre/ldlm/ldlm_lockd.c
+++ b/lustre/ldlm/ldlm_lockd.c
@@ -2507,6 +2507,7 @@ static int ldlm_cancel_hpreq_check(struct ptlrpc_request *req)
 	struct ldlm_request *dlm_req;
 	int rc = 0;
 	int i;
+	unsigned int size;
 
 	ENTRY;
 
@@ -2518,6 +2519,12 @@ static int ldlm_cancel_hpreq_check(struct ptlrpc_request *req)
 	if (dlm_req == NULL)
 		RETURN(-EFAULT);
 
+	size = req_capsule_get_size(&req->rq_pill, &RMF_DLM_REQ, RCL_CLIENT);
+	if (size <= offsetof(struct ldlm_request, lock_handle) ||
+	    (size - offsetof(struct ldlm_request, lock_handle)) /
+	     sizeof(struct lustre_handle) < dlm_req->lock_count)
+		RETURN(-EPROTO);
+
 	for (i = 0; i < dlm_req->lock_count; i++) {
 		struct ldlm_lock *lock;