[LU-6503] Information leak from kernel space to userspace in lnet_ping Created: 27/Apr/15  Updated: 30/Nov/23  Resolved: 18/May/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.8.0

Type: Bug Priority: Major
Reporter: Oleg Drokin Assignee: Yang Sheng
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

It looks like lnet_ping is leaking a word from kernel stack to userspace (highlighted by smatch):

        lnet_process_id_t    tmpid;
...
                tmpid.pid = info->pi_pid;
                tmpid.nid = info->pi_ni[i].ns_nid;
                if (copy_to_user(&ids[i], &tmpid, sizeof(tmpid)))

There is a hole in this struct after pid member because it's 32 bit and preceeding member is 64 bit, so we need to always zero out this struct here.

I see that upstream kernel already has a fix, so probably good to fix it in the same way as here: https://www.marc.info/?l=git-commits-head&m=140225513907992&w=2

 Comments   
Comment by Peter Jones [ 27/Apr/15 ]

YangSheng

Could you please take care of this issue?

Thanks

Peter

Comment by Gerrit Updater [ 07/May/15 ]

Yang Sheng (yang.sheng@intel.com) uploaded a new patch: http://review.whamcloud.com/14706
Subject: LU-6503 lnet: info leak in lnet_ping()
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 78ea16f035ab976ff27a294b853a220529298ce8

Comment by Gerrit Updater [ 17/May/15 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/14706/
Subject: LU-6503 lnet: info leak in lnet_ping()
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: a59e513435533d83a02ad118a638b9deef4bb33e

Comment by Peter Jones [ 18/May/15 ]

Landed for 2.8

Generated at Sat Feb 10 02:00:47 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.