Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
9223372036854775807
Description
4.16 has hardened usercopy checking, e.g. on rhel8 which is 4.18, a lfs df
will make the kernel complain in the dmesg:
[ 1379.571259] ------------[ cut here ]------------
[ 1379.573499] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'll_obd_dev_cache' (offset 1256, size 40)!
[ 1379.579230] WARNING: CPU: 1 PID: 17534 at mm/usercopy.c:83 usercopy_warn+0x7d/0xa0
[ 1379.582329] Modules linked in: mgc(OE) lustre(OE) lmv(OE) mdc(OE) fid(OE) osc(OE) lov(OE) fld(OE) ko2iblnd(OE) ptlrpc(OE) obdclass(OE) lnet(OE) libcfs(OE) rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache rdma_ucm(OE) ib_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) esp6_offload esp6 esp4_offload esp4 mlx5_fpga_tools(OE) mlx5_ib(OE) mlx5_core(OE) tls(t) strparser mlxfw(OE) cirrus ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops sg drm virtio_balloon joydev i2c_piix4 pcspkr knem(OE) xfs libcrc32c sr_mod cdrom ata_generic mlx4_ib(OE) ib_uverbs(OE) ib_core(OE) mlx4_en(OE) crct10dif_pclmul crc32_pclmul ata_piix crc32c_intel mlx4_core(OE) libata devlink serio_raw ghash_clmulni_intel virtio_blk mlx_compat(OE) sunrpc dm_mirror dm_region_hash dm_log
[ 1379.608132] dm_mod
[ 1379.608824] CPU: 1 PID: 17534 Comm: lfs Kdump: loaded Tainted: G OE --------- -t - 4.18.0-80.el8.x86_64 #1
[ 1379.612292] Hardware name: Fedora Project OpenStack Nova, BIOS 0.5.1 01/01/2011
[ 1379.614640] RIP: 0010:usercopy_warn+0x7d/0xa0
[ 1379.616038] Code: 6b 91 41 51 4d 89 d8 48 c7 c0 9d 47 6a 91 49 89 f1 48 89 f9 48 0f 45 c2 48 c7 c7 70 5a 6b 91 4c 89 d2 48 89 c6 e8 8d eb e0 ff <0f> 0b 48 83 c4 18 c3 48 c7 c6 17 5e 6c 91 49 89 f1 49 89 f3 eb 96
[ 1379.621917] RSP: 0018:ffffa1378b0c7b58 EFLAGS: 00010282
[ 1379.623521] RAX: 0000000000000000 RBX: ffff8da6f75d15a0 RCX: 0000000000000000
[ 1379.625691] RDX: ffff8da72fa5ed80 RSI: ffff8da72fa56958 RDI: ffff8da72fa56958
[ 1379.627929] RBP: 0000000000000028 R08: 0000000000000259 R09: 0000000000000007
[ 1379.629965] R10: 0000000000000000 R11: ffffffff9201bb0d R12: 0000000000000001
[ 1379.631931] R13: ffff8da6f75d15c8 R14: 0000000000000028 R15: 00007ffcde181870
[ 1379.633952] FS: 00007f4a32a81740(0000) GS:ffff8da72fa40000(0000) knlGS:0000000000000000
[ 1379.636253] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1379.637835] CR2: 00007f4a318255df CR3: 00000003f4342004 CR4: 00000000000606e0
[ 1379.639836] Call Trace:
[ 1379.640548] __check_object_size+0xfa/0x181
[ 1379.641738] lmv_iocontrol+0x1146/0x1880 [lmv]
[ 1379.643062] ll_obd_statfs+0x356/0x860 [lustre]
[ 1379.644306] ? page_add_file_rmap+0x13/0x200
[ 1379.645495] ll_dir_ioctl+0x1e37/0x6760 [lustre]
[ 1379.646784] ? sched_clock+0x5/0x10
[ 1379.647708] ? sched_clock_cpu+0xc/0xb0
[ 1379.648786] ? tty_insert_flip_string_fixed_flag+0x85/0xe0
[ 1379.650290] ? pty_write+0x78/0x90
[ 1379.651189] ? do_vfs_ioctl+0xa4/0x630
[ 1379.652154] do_vfs_ioctl+0xa4/0x630
[ 1379.653073] ksys_ioctl+0x60/0x90
[ 1379.653905] __x64_sys_ioctl+0x16/0x20
[ 1379.654876] do_syscall_64+0x5b/0x1b0
[ 1379.655857] entry_SYSCALL_64_after_hwframe+0x65/0xca
[ 1379.657134] RIP: 0033:0x7f4a3178b45b
[ 1379.658050] Code: 0f 1e fa 48 8b 05 2d aa 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d fd a9 2c 00 f7 d8 64 89 01 48
[ 1379.662641] RSP: 002b:00007ffcde17f558 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[ 1379.664389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a3178b45b
[ 1379.666147] RDX: 00007ffcde17f7c0 RSI: 00000000c00866a4 RDI: 0000000000000003
[ 1379.667888] RBP: 0000000000000003 R08: 0000000000000250 R09: 00007ffcde1812c0
[ 1379.669557] R10: fffffffffffffb4c R11: 0000000000000202 R12: 0000000000000000
[ 1379.671189] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcde181870
[ 1379.672841] ---[ end trace 0414e3c4c1442f97 ]---
