Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13525

struct sepol_downcall_data is badly formed

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: Lustre 2.14.0, Lustre 2.12.5
    • Fix Version/s: Lustre 2.14.0
    • Labels:
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      The struct sepol_downcall_data is badly formed for use between kernel and userspace for several reasons:

      struct sepol_downcall_data {
              __u32           sdd_magic;
              __kernel_time_t sdd_sepol_mtime;
              __u16           sdd_sepol_len;
              char            sdd_sepol[0];
      };
      

      Firstly, it uses a "time_t" (now "_kernel_time_t") field, which can be variably sized, either 32-bit or 64-bit depending on the size of "long" (or now "_kernel_long_t"). This should be a fixed-size __s64 type so that it is always the same.

      The change from time_t to kernel_time_t in patch https://review.whamcloud.com/37678 "LU-13274 uapi: make lustre UAPI headers C99 compliant" may have broken ABI compatibility for 32-bit userspace (if a 32-bit l_getsepol is used in a VM), but was only landed as commit v2_13_52-157-g7a7309fa84 and b2_12_4-22-g0417dce9fc so has not been in a release yet, so can still be fixed before 2.14.0 and 2.12.5 are released.

      Secondly, it has __u32 sdd_magic that is immediately before a (maybe) 64-bit field, which introduces a (maybe) 32-bit padding into the field, depending on the compiler and architecture. The 64-bit fields in a structure should always be naturally aligned on 64-bit boundaries to avoid potential incompatibility in the structure definition.

      Thirdly, it has _u16 sdd_sepol_len which _may be followed by padding.

      A better struct sepol_downcall_data that is safe for data transfer between the kernel and userspace would be:

      /* old interface struct is deprecated in 2.14 */
      #define SEPOL_DOWNCALL_MAGIC_OLD 0x8b8bb842
      struct sepol_downcall_data_old {
              __u32           sdd_magic;
              __kernel_time_t sdd_sepol_mtime;
              __u16           sdd_sepol_len;
              char            sdd_sepol[0];
      };
      
      #define SEPOL_DOWNCALL_MAGIC 0x8b8bb843
      struct sepol_downcall_data {
              __u32           sdd_magic;
              __u16           sdd_sepol_len;
              __u16           sdd_padding1;
              __s64          sdd_sepol_mtime;
              char            sdd_sepol[0];
      };
      

      We need to keep compatibility with struct sepol_downcall_data_old for some short time, because this was included in the 2.12.1 release, so lprocfs_sptlrpc_sepol_seq_write() should handle both old and new structs, with a version check for 2.16.53 or so.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sebastien Sebastien Buisson
                Reporter:
                adilger Andreas Dilger
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: