From: Dan Carpenter <dan.carpenter@oracle.com>
To: James Simmons <jsimmons@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
devel@driverdev.osuosl.org, Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Liang Zhen <liang.zhen@intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
lustre-devel@lists.lustre.org
Subject: Re: [PATCH 19/40] staging: lustre: copy out libcfs ioctl inline buffer
Date: Wed, 2 Dec 2015 15:34:50 +0300 [thread overview]
Message-ID: <20151202123450.GQ18797@mwanda> (raw)
In-Reply-To: <1448062576-23757-20-git-send-email-jsimmons@infradead.org>
On Fri, Nov 20, 2015 at 06:35:55PM -0500, James Simmons wrote:
> From: Liang Zhen <liang.zhen@intel.com>
>
> - libcfs_ioctl_popdata should copy out inline buffers.
> - code cleanup for libcfs ioctl handler
> - error number fix for obd_ioctl_getdata
> - add new function libcfs_ioctl_unpack for upcoming patches
>
Without looking at the patch, I can already tell you it should be four
separate patches instead of one. Don't mix bug fixes and cleanups.
This should not be a new rule for anyone.
Guys, what the actual heck is going on??? This patchset is making me
really depressed and I'm not even half way through.
> Signed-off-by: Liang Zhen <liang.zhen@intel.com>
> Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5435
> Reviewed-on: http://review.whamcloud.com/11313
> Reviewed-by: Bobi Jam <bobijam@gmail.com>
> Reviewed-by: Johann Lombardi <johann.lombardi@intel.com>
> Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
> ---
> .../lustre/include/linux/libcfs/libcfs_ioctl.h | 24 +++-
> drivers/staging/lustre/lnet/lnet/api-ni.c | 2 +
> .../lustre/lustre/libcfs/linux/linux-module.c | 45 +++++---
> drivers/staging/lustre/lustre/libcfs/module.c | 119 ++++++++------------
> .../lustre/lustre/obdclass/linux/linux-module.c | 17 +--
> 5 files changed, 97 insertions(+), 110 deletions(-)
>
> diff --git a/drivers/staging/lustre/include/linux/libcfs/libcfs_ioctl.h b/drivers/staging/lustre/include/linux/libcfs/libcfs_ioctl.h
> index f24330d..3468933 100644
> --- a/drivers/staging/lustre/include/linux/libcfs/libcfs_ioctl.h
> +++ b/drivers/staging/lustre/include/linux/libcfs/libcfs_ioctl.h
> @@ -49,6 +49,9 @@ struct libcfs_ioctl_hdr {
> __u32 ioc_version;
> };
>
> +/** max size to copy from userspace */
> +#define LIBCFS_IOC_DATA_MAX (128 * 1024)
> +
> struct libcfs_ioctl_data {
> struct libcfs_ioctl_hdr ioc_hdr;
>
> @@ -240,11 +243,22 @@ static inline bool libcfs_ioctl_is_invalid(struct libcfs_ioctl_data *data)
>
> int libcfs_register_ioctl(struct libcfs_ioctl_handler *hand);
> int libcfs_deregister_ioctl(struct libcfs_ioctl_handler *hand);
> -int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr *buf, __u32 buf_len,
> - const void __user *arg);
> -int libcfs_ioctl_getdata_len(const struct libcfs_ioctl_hdr __user *arg,
> - __u32 *buf_len);
> -int libcfs_ioctl_popdata(void *arg, void *buf, int size);
> +int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr **hdr_pp,
> + struct libcfs_ioctl_hdr __user *uparam);
> +
> +static inline int libcfs_ioctl_popdata(struct libcfs_ioctl_hdr *hdr,
> + struct libcfs_ioctl_hdr __user *uparam)
> +{
> + if (copy_to_user(uparam, hdr, hdr->ioc_len))
> + return -EFAULT;
> + return 0;
> +}
No. Don't do this.
> +
> +static inline void libcfs_ioctl_freedata(struct libcfs_ioctl_hdr *hdr)
> +{
> + LIBCFS_FREE(hdr, hdr->ioc_len);
> +}
No. We need to transition to kmalloc() and kfree() instead of adding
even more abstraction layers. In this patchset we add new calls to
ALLOC() when we should be using normal kernel functions like kstrdup()
but we can't because then we wouldn't have a size parameter to pass to
LIBCFS_FREE().
> +
> int libcfs_ioctl_data_adjust(struct libcfs_ioctl_data *data);
>
> #endif /* __LIBCFS_IOCTL_H__ */
> diff --git a/drivers/staging/lustre/lnet/lnet/api-ni.c b/drivers/staging/lustre/lnet/lnet/api-ni.c
> index 949fa2f..4c4e6d3 100644
> --- a/drivers/staging/lustre/lnet/lnet/api-ni.c
> +++ b/drivers/staging/lustre/lnet/lnet/api-ni.c
> @@ -1838,6 +1838,8 @@ LNetCtl(unsigned int cmd, void *arg)
> int rc;
> unsigned long secs_passed;
>
> + CLASSERT(sizeof(struct lnet_ioctl_net_config) +
> + sizeof(struct lnet_ioctl_config_data) < LIBCFS_IOC_DATA_MAX);
BUILD_BUG_ON().
> LASSERT(the_lnet.ln_init);
>
> switch (cmd) {
> diff --git a/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c b/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
> index 1c31e2e..50a5464 100644
> --- a/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
> +++ b/drivers/staging/lustre/lustre/libcfs/linux/linux-module.c
> @@ -43,7 +43,7 @@
> int libcfs_ioctl_data_adjust(struct libcfs_ioctl_data *data)
> {
> if (libcfs_ioctl_is_invalid(data)) {
> - CERROR("LNET: ioctl not correctly formatted\n");
> + CERROR("libcfs ioctl: parameter not correctly formatted\n");
> return -EINVAL;
> }
>
> @@ -57,39 +57,46 @@ int libcfs_ioctl_data_adjust(struct libcfs_ioctl_data *data)
> return 0;
> }
>
> -int libcfs_ioctl_getdata_len(const struct libcfs_ioctl_hdr __user *arg,
> - __u32 *len)
> +int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr **hdr_pp,
> + struct libcfs_ioctl_hdr __user *uhdr)
> {
> struct libcfs_ioctl_hdr hdr;
> + int err = 0;
>
> - if (copy_from_user(&hdr, arg, sizeof(hdr)))
> + if (copy_from_user(&hdr, uhdr, sizeof(hdr)))
> return -EFAULT;
>
> if (hdr.ioc_version != LIBCFS_IOCTL_VERSION &&
> hdr.ioc_version != LIBCFS_IOCTL_VERSION2) {
> - CERROR("LNET: version mismatch expected %#x, got %#x\n",
> + CERROR("libcfs ioctl: version mismatch expected %#x, got %#x\n",
> LIBCFS_IOCTL_VERSION, hdr.ioc_version);
> return -EINVAL;
> }
>
> - *len = hdr.ioc_len;
> + if (hdr.ioc_len < sizeof(struct libcfs_ioctl_data)) {
> + CERROR("libcfs ioctl: user buffer too small for ioctl\n");
> + return -EINVAL;
> + }
It's sort of good to check here, but we will need to add all the other
checks I mentioned as well. Also don't fix introduce bugs and fix them
in the same patchset, the fix has to be folded into the buggy patch.
>
> - return 0;
> -}
> + if (hdr.ioc_len > LIBCFS_IOC_DATA_MAX) {
> + CERROR("libcfs ioctl: user buffer is too large %d/%d\n",
> + hdr.ioc_len, LIBCFS_IOC_DATA_MAX);
> + return -EINVAL;
> + }
>
> -int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr *buf, __u32 buf_len,
> - const void __user *arg)
> -{
> - if (copy_from_user(buf, arg, buf_len))
> - return -EFAULT;
> - return 0;
> -}
> + LIBCFS_ALLOC(*hdr_pp, hdr.ioc_len);
> + if (!*hdr_pp)
> + return -ENOMEM;
> +
> + if (copy_from_user(*hdr_pp, uhdr, hdr.ioc_len)) {
> + err = -EFAULT;
> + goto failed;
> + }
We still need to re-check hdr.ioc_len after re-reading it from the user.
Anyway, break this patch up and I will review it properly.
regards,
dan carpenter
next prev parent reply other threads:[~2015-12-02 12:35 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 23:35 [PATCH 00/40] Sync upstream lustre client LNet core James Simmons
2015-11-20 23:35 ` [PATCH 01/40] staging: lustre: drop *_t from end of struct lnet_text_buf James Simmons
2015-11-20 23:35 ` [PATCH 02/40] staging: lustre: fix 'NULL pointer dereference' errors for LNet James Simmons
2015-12-02 7:46 ` Dan Carpenter
2015-12-15 18:08 ` Simmons, James A.
2015-11-20 23:35 ` [PATCH 03/40] staging: lustre: reflect down routes in /proc/sys/lnet/routes James Simmons
2015-12-02 7:54 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 04/40] staging: lustre: fix failure handle of create reply James Simmons
2015-11-20 23:35 ` [PATCH 05/40] staging: lustre: eliminate obsolete Cray SeaStar support James Simmons
2015-11-20 23:35 ` [PATCH 06/40] staging: lustre: remove uses of IS_ERR_VALUE() James Simmons
2015-11-21 18:45 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 07/40] staging: lustre: return +ve for blocked lnet message James Simmons
2015-11-20 23:35 ` [PATCH 08/40] staging: lustre: do not memset after LIBCFS_ALLOC James Simmons
2015-11-20 23:35 ` [PATCH 09/40] staging: lustre: Dynamic LNet Configuration (DLC) James Simmons
2015-11-20 23:35 ` [PATCH 10/40] staging: lustre: Dynamic LNet Configuration (DLC) dynamic routing James Simmons
2015-11-20 23:35 ` [PATCH 11/40] staging: lustre: DLC Feature dynamic net config James Simmons
2015-12-02 9:23 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 12/40] staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes James Simmons
2015-12-02 9:48 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 13/40] staging: lustre: Dynamic LNet Configuration (DLC) show command James Simmons
2015-12-02 11:20 ` Dan Carpenter
2015-12-15 18:14 ` Simmons, James A.
2015-12-15 18:19 ` Dan Carpenter
2015-12-15 18:39 ` Simmons, James A.
2015-12-15 18:48 ` Greg Kroah-Hartman
2015-12-15 19:48 ` Simmons, James A.
2015-12-15 19:55 ` 'Greg Kroah-Hartman'
2015-12-02 12:00 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 14/40] staging: lustre: fix crash due to NULL networks string James Simmons
2015-12-02 11:27 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 15/40] staging: lustre: DLC user/kernel space glue code James Simmons
2015-12-02 12:11 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 16/40] staging: lustre: make local functions static for LNet ni James Simmons
2015-11-20 23:35 ` [PATCH 17/40] staging: lustre: add sparse annotation __user wherever needed for lnet James Simmons
2015-11-20 23:35 ` [PATCH 18/40] staging: lustre: remove LUSTRE_{,SRV_}LNET_PID James Simmons
2015-11-20 23:35 ` [PATCH 19/40] staging: lustre: copy out libcfs ioctl inline buffer James Simmons
2015-12-02 12:34 ` Dan Carpenter [this message]
2015-11-20 23:35 ` [PATCH 20/40] staging: lustre: fix kernel crash when network failed to start James Simmons
2015-12-02 12:44 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 21/40] staging: lustre: improve LNet clean up code and API James Simmons
2015-12-02 12:59 ` Dan Carpenter
2015-12-02 13:20 ` [lustre-devel] " Alexander Zarochentsev
2015-12-02 13:59 ` Dan Carpenter
2015-12-15 17:10 ` Simmons, James A.
2015-12-15 17:41 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 22/40] staging: lustre: Fixes to make lnetctl function as expected James Simmons
2015-11-20 23:35 ` [PATCH 23/40] staging: lustre: return appropriate errno when adding route James Simmons
2015-11-20 23:36 ` [PATCH 24/40] staging: lustre: make some lnet functions static James Simmons
2015-11-20 23:36 ` [PATCH 25/40] staging: lustre: missed a few cases of using NULL instead of 0 James Simmons
2015-11-20 23:36 ` [PATCH 26/40] staging: lustre: startup lnet acceptor thread dynamically James Simmons
2015-11-20 23:36 ` [PATCH 27/40] staging: lustre: reject invalid net configuration for lnet James Simmons
2015-11-20 23:36 ` [PATCH 28/40] staging: lustre: return -EEXIST if NI is not unique James Simmons
2015-11-20 23:36 ` [PATCH 29/40] staging: lustre: handle lnet_check_routes() errors James Simmons
2015-11-20 23:36 ` [PATCH 30/40] staging: lustre: improvement to router checker James Simmons
2015-11-20 23:36 ` [PATCH 31/40] staging: lustre: assume a kernel build James Simmons
2015-11-20 23:36 ` [PATCH 32/40] staging: lustre: prevent assert on LNet module unload James Simmons
2015-11-20 23:36 ` [PATCH 33/40] staging: lustre: remove messages from lazy portal on NI shutdown James Simmons
2015-11-20 23:36 ` [PATCH 34/40] staging: lustre: remove unnecessary EXPORT_SYMBOL from lnet layer James Simmons
2015-11-20 23:36 ` [PATCH 35/40] staging: lustre: avoid race during lnet acceptor thread termination James Simmons
2015-11-20 23:36 ` [PATCH 36/40] staging: lustre: test for sk_sleep presence in compact-2.6.h James Simmons
2015-11-20 23:36 ` [PATCH 37/40] staging: lustre: remove unnecessary NULL check in IOC_LIBCFS_GET_NET James Simmons
2015-11-20 23:36 ` [PATCH 38/40] staging: lustre: Allocate the correct number of rtr buffers James Simmons
2015-11-20 23:36 ` [PATCH 39/40] staging: lustre: Use lnet_is_route_alive for router aliveness James Simmons
2015-11-20 23:36 ` [PATCH 40/40] staging: lustre: Remove LASSERTS from router checker James Simmons
2015-12-21 23:41 ` [PATCH 00/40] Sync upstream lustre client LNet core Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151202123450.GQ18797@mwanda \
--to=dan.carpenter@oracle.com \
--cc=andreas.dilger@intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=jsimmons@infradead.org \
--cc=liang.zhen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lustre-devel@lists.lustre.org \
--cc=oleg.drokin@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox