From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752622AbdA3KxC (ORCPT ); Mon, 30 Jan 2017 05:53:02 -0500 Received: from userp1040.oracle.com ([156.151.31.81]:47787 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751090AbdA3Kw4 (ORCPT ); Mon, 30 Jan 2017 05:52:56 -0500 Date: Mon, 30 Jan 2017 13:51:56 +0300 From: Dan Carpenter To: James Simmons , Liang Zhen , Amir Shehata Cc: Greg Kroah-Hartman , devel@driverdev.osuosl.org, Andreas Dilger , Oleg Drokin , Linux Kernel Mailing List , Lustre Development List Subject: Re: [PATCH 60/60] staging: lustre: libcfs: fix minimum size check for libcfs ioctl Message-ID: <20170130105156.GA6881@mwanda> References: <1485648328-2141-1-git-send-email-jsimmons@infradead.org> <1485648328-2141-61-git-send-email-jsimmons@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1485648328-2141-61-git-send-email-jsimmons@infradead.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Source-IP: userv0021.oracle.com [156.151.31.71] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It looks like what happened is there were two patches applied out of sync. Let's add a fixes tag and CC the original author. Fixes: ed2f549dc0f6 ("staging: lustre: libcfs: test if userland data is to small") This patch was probably correct when it was written but commit 1290932728e5 ("staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes") ended up getting applied first so the size was wrong. The lstcon_ioctl_entry() function doesn't have enough size checking. Also I'm uncomfortable with: data = container_of(hdr, struct libcfs_ioctl_data, ioc_hdr); If hdr isn't the first member of the struct then the code is broken but container_of() implies that that isn't a hard requirement. It should just be: data = (struct libcfs_ioctl_data *)hdr; regards, dan carpenter