[LU-8171] stack overrun in hai_dump_data_field - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.9.0
Affects Version/s: None
Labels:
- cea

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

With the stock 3.10 kernel, hai_dump_data_field will do a stack buffer overrun when cat'ing /proc/fs/lustre/.../hsm/actions if an action has some data in it.

On that kernel, these 2 snprintf:

                cnt = snprintf(buffer, 1, "%.2X", 54);
                cnt = snprintf(buffer, 2, "%.2X", 54);

will return 2 instead of 0 and 1 respectively. The strings generated are correct, with 0 and 1 character followed by NUL, respectively.

The coordinator code calls hai_dump_data_field with 12 bytes in the buffer. The last byte is printed incompletely to make room for the terminating NUL. However since that version of the kernel returns that 2 characters were written, when hai_dump_data_field writes the final NUL, it does it outside the reserved buffer, in the 13th byte. This stack buffer overrun hangs my VM.

This doesn't happen on CentOS 6.

Attachments

Activity

[LU-8171] stack overrun in hai_dump_data_field

Jean-Baptiste Riaux (Inactive) added a comment - 22/Jul/16 9:27 AM

Backport to b2_7_fe http://review.whamcloud.com/#/c/21478/

Jean-Baptiste Riaux (Inactive) added a comment - 22/Jul/16 9:27 AM Backport to b2_7_fe http://review.whamcloud.com/#/c/21478/

Joseph Gmitter (Inactive) added a comment - 14/Jun/16 11:04 PM

patch has landed to master for 2.9

Joseph Gmitter (Inactive) added a comment - 14/Jun/16 11:04 PM patch has landed to master for 2.9

Gerrit Updater added a comment - 14/Jun/16 3:54 AM

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/20338/
Subject: ~~LU-8171~~ hsm: stack overrun in hai_dump_data_field
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: b631a91e7e70ff609268def24e51b5bb089a5545

Gerrit Updater added a comment - 14/Jun/16 3:54 AM Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/20338/ Subject: LU-8171 hsm: stack overrun in hai_dump_data_field Project: fs/lustre-release Branch: master Current Patch Set: Commit: b631a91e7e70ff609268def24e51b5bb089a5545

Joseph Gmitter (Inactive) added a comment - 23/May/16 5:24 PM

Hi John,

Could you please advise here and have a look at the patch?

Thanks.
Joe

Joseph Gmitter (Inactive) added a comment - 23/May/16 5:24 PM Hi John, Could you please advise here and have a look at the patch? Thanks. Joe

Gerrit Updater added a comment - 19/May/16 9:32 PM

Frank Zago (fzago@cray.com) uploaded a new patch: http://review.whamcloud.com/20338
Subject: ~~LU-8171~~ hsm: stack overrun in hai_dump_data_field
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 54e077102fbb5ec4fb7d1a86c89b24db2e31a6b8

Gerrit Updater added a comment - 19/May/16 9:32 PM Frank Zago (fzago@cray.com) uploaded a new patch: http://review.whamcloud.com/20338 Subject: LU-8171 hsm: stack overrun in hai_dump_data_field Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 54e077102fbb5ec4fb7d1a86c89b24db2e31a6b8

Frank Zago (Inactive) added a comment - 19/May/16 9:28 PM

Actually that snprintf behaviour is normal. It's a bug in Lustre.

Frank Zago (Inactive) added a comment - 19/May/16 9:28 PM Actually that snprintf behaviour is normal. It's a bug in Lustre.

People

Assignee:: John Hammond

Reporter:: Frank Zago (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 19/May/16 9:16 PM

Updated:: 15/Mar/17 9:39 AM

Resolved:: 14/Jun/16 11:04 PM