[Linux-cluster] fence_tool problem, direct user pointer dereference in cman kernel code
teigland at redhat.com
Sun Jun 27 11:14:07 UTC 2004
On Sun, Jun 27, 2004 at 01:00:30AM +0200, Lennert Buytenhek wrote:
> Looking at linux/cluster/cman/sm_user.c:sm_ioctl, it casts 'arg' to a
> (char *) and then passes it into user_register, which does a direct
> strlen() on it... which is bad coding style in general, but definitely
> ain't gonna produce anything remotely useful on a 4G/4G kernel, like
> the one that ships with Fedora Core 2.
> I suspect there are more such bugs out there, sometimes I get really
> unexpected behaviour or things that plain don't seem to work at all.
> cman+dlm+gfs kernel code is ~2MB, but cman alone is only 400kb, so if
> anyone else feels like some auditing work, we could do a rough pass over
> cman in a few days with a few people.. anyone volunteering?
Thanks for all the feedback and bug reports; we'll look at each one
and get fixes out as quickly as possible (watch cvs). We also have bug
reports coming at us from multiple Red Hat QA people who are doing some
great testing as well.
Dave Teigland <teigland at redhat.com>
More information about the Linux-cluster