Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-6503

Information leak from kernel space to userspace in lnet_ping

Details

    • Bug
    • Resolution: Fixed
    • Major
    • Lustre 2.8.0
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      It looks like lnet_ping is leaking a word from kernel stack to userspace (highlighted by smatch):

              lnet_process_id_t    tmpid;
      ...
                      tmpid.pid = info->pi_pid;
                      tmpid.nid = info->pi_ni[i].ns_nid;
                      if (copy_to_user(&ids[i], &tmpid, sizeof(tmpid)))
      

      There is a hole in this struct after pid member because it's 32 bit and preceeding member is 64 bit, so we need to always zero out this struct here.

      I see that upstream kernel already has a fix, so probably good to fix it in the same way as here: https://www.marc.info/?l=git-commits-head&m=140225513907992&w=2

      Attachments

        Activity

          People

            ys Yang Sheng
            green Oleg Drokin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: