Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-6503

Information leak from kernel space to userspace in lnet_ping

Details

    • Bug
    • Resolution: Fixed
    • Major
    • Lustre 2.8.0
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      It looks like lnet_ping is leaking a word from kernel stack to userspace (highlighted by smatch):

              lnet_process_id_t    tmpid;
...
                tmpid.pid = info->pi_pid;
                tmpid.nid = info->pi_ni[i].ns_nid;
                if (copy_to_user(&ids[i], &tmpid, sizeof(tmpid)))

      There is a hole in this struct after pid member because it's 32 bit and preceeding member is 64 bit, so we need to always zero out this struct here.

      I see that upstream kernel already has a fix, so probably good to fix it in the same way as here: https://www.marc.info/?l=git-commits-head&m=140225513907992&w=2

      Attachments

        Activity

          [LU-6503] Information leak from kernel space to userspace in lnet_ping
          pjones Peter Jones added a comment -

          Landed for 2.8

          pjones Peter Jones added a comment - Landed for 2.8
          gerrit Gerrit Updater added a comment -

          Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/14706/
          Subject: LU-6503 lnet: info leak in lnet_ping()
          Project: fs/lustre-release
          Branch: master
          Current Patch Set:
          Commit: a59e513435533d83a02ad118a638b9deef4bb33e

          gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/14706/ Subject: LU-6503 lnet: info leak in lnet_ping() Project: fs/lustre-release Branch: master Current Patch Set: Commit: a59e513435533d83a02ad118a638b9deef4bb33e
          gerrit Gerrit Updater added a comment -

          Yang Sheng (yang.sheng@intel.com) uploaded a new patch: http://review.whamcloud.com/14706
          Subject: LU-6503 lnet: info leak in lnet_ping()
          Project: fs/lustre-release
          Branch: master
          Current Patch Set: 1
          Commit: 78ea16f035ab976ff27a294b853a220529298ce8

          gerrit Gerrit Updater added a comment - Yang Sheng (yang.sheng@intel.com) uploaded a new patch: http://review.whamcloud.com/14706 Subject: LU-6503 lnet: info leak in lnet_ping() Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 78ea16f035ab976ff27a294b853a220529298ce8
          pjones Peter Jones added a comment -

          YangSheng

          Could you please take care of this issue?

          Thanks

          Peter

          pjones Peter Jones added a comment - YangSheng Could you please take care of this issue? Thanks Peter

          People

            ys Yang Sheng
            green Oleg Drokin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: