[LU-17400] lfs changelog 08RENME records changelog_rec_sname string overrun Created: 08/Jan/24  Updated: 04/Feb/24

Status: Open
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.15.4
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Josh Samuelson Assignee: Josh Samuelson
Resolution: Unresolved Votes: 0
Labels: changelog, patch
Environment:

AlmaLinux 8.9
uname -r: 4.18.0-513.9.1.el8_lustre.x86_64
modinfo -F version lustre: 2.15.4

Issue Links:
Related
is related to LU-15420 Linux kernel 5.15 support Open
is related to LU-15798 RHEL9 / gcc-11 adds -Wstringop-overre... Open
Epic/Theme: changelog
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

6331eadbd6 had the following change for the changelog_rec_snamelen() function:

-       return cr_name + strlen(cr_name) + 1;
+       return strlen(changelog_rec_sname(rec));

The "sname" char array is limited by the struct changelog_rec.cr_namelen value and has no '\0' character allocated to it, so strlen() will overrun the char array till it finds the next '\0' char.

[root@lustre.test ~]# cd /lustre/fs/path/test
[root@lustre.test test]# cat 08RENME.sh 
#!/bin/bash

mkdir -p test/a test/b
cd test
echo 'hello world' > hw
touch large_file_name
mv hw a/a.hw
mv a/a.hw b/b.hw
[root@lustre.test test]# # changelog is enabled on system
[root@lustre.test test]# ./08RENME.sh
[root@lustre.test test]# lfs changelog Test-MDT0000 > /tmp/1
[root@lustre.test test]# cat /tmp/1
1 02MKDIR 18:15:46.662260625 2024.01.05 0x0 t=[0x200000bd1:0x1:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000007:0x1:0x0] test
2 02MKDIR 18:15:46.663947475 2024.01.05 0x0 t=[0x200000bd1:0x2:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000bd1:0x1:0x0] a
3 02MKDIR 18:15:46.664793663 2024.01.05 0x0 t=[0x200000bd1:0x4:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000bd1:0x1:0x0] b
4 01CREAT 18:15:46.665888981 2024.01.05 0x0 t=[0x200000bd1:0x5:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000bd1:0x1:0x0] hw
5 11CLOSE 18:15:46.685258476 2024.01.05 0x242 t=[0x200000bd1:0x5:0x0] ef=0xf u=0:0 nid=0@lo
6 01CREAT 18:15:46.690481215 2024.01.05 0x0 t=[0x200000bd1:0x6:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000bd1:0x1:0x0] large_file_name
7 11CLOSE 18:15:46.691566718 2024.01.05 0x42 t=[0x200000bd1:0x6:0x0] ef=0xf u=0:0 nid=0@lo
8 08RENME 18:15:46.694667908 2024.01.05 0x0 t=[0:0x0:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000bd1:0x2:0x0] a.hw s=[0x200000bd1:0x5:0x0] sp=[0x200000bd1:0x1:0x0] hwile_name
9 08RENME 18:15:46.697111676 2024.01.05 0x0 t=[0:0x0:0x0] ef=0xf u=0:0 nid=0@lo p=[0x200000bd1:0x4:0x0] b.hw s=[0x200000bd1:0x5:0x0] sp=[0x200000bd1:0x2:0x0] a.hwe_name

Records 8 and 9 show "hwile_name" and "a.hwe_name" when they should be "hw" and "a.hw" respectively.

 Comments   
Comment by Andreas Dilger [ 08/Jan/24 ]

Please include the following line into your commit message before the Signed-off-by: line:

Fixes: 6331eadbd6 ("LU-15420 uapi: avoid gcc-11 -Werror=stringop-overread")
Comment by Gerrit Updater [ 09/Jan/24 ]

"Josh Samuelson <josh@1up.unl.edu>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53624
Subject: LU-17400 uapi: Fix incorrect snamelen return value
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 9bcac515f73783452c084b21cdc8946797d0d08c

Comment by Gerrit Updater [ 04/Feb/24 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/53624/
Subject: LU-17400 uapi: Fix incorrect snamelen return value
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: b8f4a96b5ebd5cd35747b0a061277d02d46e7a4c

Generated at Sat Feb 10 03:35:08 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.