From: Alexander Aring <aahringo@redhat.com>
To: teigland@redhat.com
Cc: aahringo@redhat.com, gfs2@lists.linux.dev
Subject: [PATCH vv6.19-rc6 2/7] dlm: validate length in dlm_search_rsb_tree
Date: Tue, 20 Jan 2026 10:35:06 -0500 [thread overview]
Message-ID: <20260120153511.2201392-2-aahringo@redhat.com> (raw)
In-Reply-To: <20260120153511.2201392-1-aahringo@redhat.com>
From: Ezrak1e <ezrakiez@gmail.com>
The len parameter in dlm_dump_rsb_name() is not validated and comes
from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can
cause out-of-bounds write in dlm_search_rsb_tree().
Add length validation to prevent potential buffer overflow.
Signed-off-by: Ezrak1e <ezrakiez@gmail.com>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
fs/dlm/lock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c
index c01a291db401b..a393ecaf3442a 100644
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -626,7 +626,8 @@ int dlm_search_rsb_tree(struct rhashtable *rhash, const void *name, int len,
struct dlm_rsb **r_ret)
{
char key[DLM_RESNAME_MAXLEN] = {};
-
+ if (len > DLM_RESNAME_MAXLEN)
+ return -EINVAL;
memcpy(key, name, len);
*r_ret = rhashtable_lookup_fast(rhash, &key, dlm_rhash_rsb_params);
if (*r_ret)
--
2.43.0
next prev parent reply other threads:[~2026-01-20 15:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-20 15:35 [PATCH vv6.19-rc6 1/7] dlm: fix recovery pending middle conversion Alexander Aring
2026-01-20 15:35 ` Alexander Aring [this message]
2026-01-20 15:35 ` [PATCH vv6.19-rc6 3/7] fs/dlm: use list_add_tail() instead of open-coding list insertion Alexander Aring
2026-01-20 15:35 ` [PATCH vv6.19-rc6 4/7] dlm: Constify struct configfs_item_operations and configfs_group_operations Alexander Aring
2026-01-20 15:35 ` [PATCH vv6.19-rc6 5/7] fs/dlm/dir: remove unuse variable count_match Alexander Aring
2026-01-20 15:35 ` [PATCH vv6.19-rc6 6/7] dlm: use bool for coniditonal expressions Alexander Aring
2026-01-20 15:35 ` [PATCH vv6.19-rc6 7/7] dlm: use coniditon expression instead return scalars Alexander Aring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260120153511.2201392-2-aahringo@redhat.com \
--to=aahringo@redhat.com \
--cc=gfs2@lists.linux.dev \
--cc=teigland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox