[LU-16346] lctl stack smashing on aarch64 platform Created: 25/Nov/22  Updated: 13/Dec/22  Resolved: 13/Dec/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.16.0

Type: Bug Priority: Minor
Reporter: Artem Blagodarenko Assignee: Artem Blagodarenko
Resolution: Fixed Votes: 0
Labels: patch

Issue Links:
Related
is related to LU-9680 Improve the user land to kernel space... In Progress
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   
# uname -m
aarch64
#bash -x lustre/utils/lctl dl
... 
exec /home/ubuntu/lustre-build/lustre-release/lustre/utils/.libs/lctl dl
*** stack smashing detected ***: terminated
Aborted (core dumped) 

dbg shows this stack:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x0000fffff7d50aac in __GI_abort () at abort.c:79
#2  0x0000fffff7d9df40 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0xfffff7e5dff0 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x0000fffff7e104c8 in __GI___fortify_fail (msg=msg@entry=0xfffff7e5dfd8 "stack smashing detected") at fortify_fail.c:26
#4  0x0000fffff7e1049c in __stack_chk_fail () at stack_chk_fail.c:24
#5  0x0000fffff7eb9c28 in yaml_netlink_msg_parse (msg=<optimized out>, arg=0xaaaaaab1d040) at liblnetconfig_netlink.c:799
#6  0x0000fffff7f27464 in nl_recvmsgs_report () from /lib/aarch64-linux-gnu/libnl-3.so.200
#7  0x0000fffff7eb9c88 in yaml_netlink_read_handler (arg=0xaaaaaab1d040, buffer=0xaaaaaab0c540 "", size=16384, size_read=0xffffffffeb10) at liblnetconfig_netlink.c:931
#8  0x0000fffff7eee2e8 in ?? () from /lib/aarch64-linux-gnu/libyaml-0.so.2
#9  0x0000fffff7eee510 in yaml_parser_update_buffer () from /lib/aarch64-linux-gnu/libyaml-0.so.2
#10 0x0000fffff7ef4a28 in ?? () from /lib/aarch64-linux-gnu/libyaml-0.so.2
#11 0x0000fffff7ef6a34 in yaml_parser_fetch_more_tokens () from /lib/aarch64-linux-gnu/libyaml-0.so.2
#12 0x0000fffff7ef8f88 in yaml_parser_parse () from /lib/aarch64-linux-gnu/libyaml-0.so.2
#13 0x0000aaaaaaac8854 in lcfg_getparam_yaml (path=path@entry=0xaaaaaaad6188 "devices", popt=popt@entry=0xfffffffff258) at lustre_cfg.c:1220
#14 0x0000aaaaaaac921c in jt_obd_list (argc=<optimized out>, argv=<optimized out>) at lustre_cfg.c:1615
#15 0x0000fffff7f9b744 in Parser_execarg (argc=1, argv=0xfffffffff4f0, cmds=<optimized out>) at util/parser.c:118
#16 0x0000aaaaaaaca11c in lctl_main (argc=2, argv=0xfffffffff4e8) at lctl.c:660
#17 0x0000fffff7d50e10 in __libc_start_main (main=0xaaaaaaab3060 <main>, argc=2, argv=0xfffffffff4e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=<optimized out>) at ../csu/libc-start.c:308
#18 0x0000aaaaaaab3098 in _start () at lctl.c:690

It looks like genlmsg_parse() was misused. It requires passing maxtype+1 elements.

 * @tb: destination array with maxtype+1 elements
 * @maxtype: maximum attribute type to be expected
static inline int genlmsg_parse(const struct nlmsghdr *nlh,
                                const struct genl_family *family,
                                struct nlattr *tb[], int maxtype,
                                const struct nla_policy *policy,
                                struct netlink_ext_ack *extack) 

But maxtype+1 as a number of elements passed actually. Should be maxtype actually.

if (genlmsg_parse(nlh, 0, attrs, LN_SCALAR_MAX + 1,
            scalar_attr_policy)) 


 Comments   
Comment by Gerrit Updater [ 27/Nov/22 ]

"Artem Blagodarenko <ablagodarenko@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/49254
Subject: DDN-3520 utils: fix lctl stack smashing
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 4d0b6a824324e5853e318949108caeba7a091334

Comment by Gerrit Updater [ 13/Dec/22 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/49254/
Subject: LU-16346 utils: fix lctl stack smashing
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 30c5421ad567c851822f92c91595c9753ec648ec

Comment by Peter Jones [ 13/Dec/22 ]

Landed for 2.16

Generated at Sat Feb 10 03:26:13 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.