Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-12911

Setting a LOV EA can access or change outside allocated buffer

    XMLWordPrintable

Details

    • 3
    • 9223372036854775807

    Description

      The attribute passed to ll_setstripe_ea() is copied to a buffer allocated  based on size information passed from userspace.

      But the contents of this attribute are analyized and possibly changed (in ll_adjust_lum) before the size is validated.

      This can result in a warning from KASAN, and could result in memory corruption.

      The size should be validated before, or while, the attribute is examined.

       

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. LU-13168 Client panic "Freechain corrupt"/"Redzone Overwritten"

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              neilb Neil Brown
              neilb Neil Brown
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: