Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-8171

stack overrun in hai_dump_data_field

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Lustre 2.9.0
    • Labels:
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      With the stock 3.10 kernel, hai_dump_data_field will do a stack buffer overrun when cat'ing /proc/fs/lustre/.../hsm/actions if an action has some data in it.

      On that kernel, these 2 snprintf:

                      cnt = snprintf(buffer, 1, "%.2X", 54);
                      cnt = snprintf(buffer, 2, "%.2X", 54);
      

      will return 2 instead of 0 and 1 respectively. The strings generated are correct, with 0 and 1 character followed by NUL, respectively.

      The coordinator code calls hai_dump_data_field with 12 bytes in the buffer. The last byte is printed incompletely to make room for the terminating NUL. However since that version of the kernel returns that 2 characters were written, when hai_dump_data_field writes the final NUL, it does it outside the reserved buffer, in the 13th byte. This stack buffer overrun hangs my VM.

      This doesn't happen on CentOS 6.

        Attachments

          Activity

            People

            • Assignee:
              jhammond John Hammond
              Reporter:
              fzago Frank Zago
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: