It looks like what happened is there were two patches applied out of
sync.  Let's add a fixes tag and CC the original author.

Fixes: ed2f549dc0f6 ("staging: lustre: libcfs: test if userland data is to 
small")

This patch was probably correct when it was written but commit
1290932728e5 ("staging: lustre: Dynamic LNet Configuration (DLC) IOCTL
changes") ended up getting applied first so the size was wrong.

The lstcon_ioctl_entry() function doesn't have enough size checking.
Also I'm uncomfortable with:

        data = container_of(hdr, struct libcfs_ioctl_data, ioc_hdr);

If hdr isn't the first member of the struct then the code is broken but
container_of() implies that that isn't a hard requirement.  It should
just be:

        data = (struct libcfs_ioctl_data *)hdr;

regards,
dan carpenter


Reply via email to