In functions nova_seq_delete_snapshot and nova_seq_test_perf, NOVA directly sscanf from the user's buffer, which is unsafe and could cause Segment Fault sometimes. Instead, in the function nova_seq_gc, NOVA copies the buffer from the user space to kernel space before sscanf the content.
Issue
In functions
nova_seq_delete_snapshotandnova_seq_test_perf, NOVA directlysscanffrom the user's buffer, which is unsafe and could cause Segment Fault sometimes. Instead, in the functionnova_seq_gc, NOVA copies the buffer from the user space to kernel space beforesscanfthe content.https://github.com/NVSL/linux-nova/blob/976a4d1f3d5282863b23aa834e02012167be6ee2/fs/nova/sysfs.c#L317-L329 https://github.com/NVSL/linux-nova/blob/976a4d1f3d5282863b23aa834e02012167be6ee2/fs/nova/sysfs.c#L377-L392 https://github.com/NVSL/linux-nova/blob/976a4d1f3d5282863b23aa834e02012167be6ee2/fs/nova/sysfs.c#L419-L448
Fix
copy_from_userbeforesscanf.