[LU-8014] potential memory dereference in kuc_ispayload() Created: 12/Apr/16 Updated: 31/Aug/17 Resolved: 24/Jul/16 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | Lustre 2.9.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Frank Zago (Inactive) | Assignee: | Frank Zago (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | patch | ||
| Issue Links: |
|
||||
| Severity: | 3 | ||||
| Rank (Obsolete): | 9223372036854775807 | ||||
| Description |
|
That function takes a pointer, decrements it and dereference the new address. However we have no idea if the page it's in is readable or even exists. Such dereference would cause an oops. |
| Comments |
| Comment by Gerrit Updater [ 12/Apr/16 ] |
|
Frank Zago (fzago@cray.com) uploaded a new patch: http://review.whamcloud.com/19494 |
| Comment by Frank Zago (Inactive) [ 12/Apr/16 ] |
|
An optimization would be to use kuc_alloc earlier to allocate the hal, and change mdt_hsm_agent_send to take a KUC buffer instead of a hal. |
| Comment by Gerrit Updater [ 25/Apr/16 ] |
|
Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/19494/ |
| Comment by Joseph Gmitter (Inactive) [ 27/Apr/16 ] |
|
Landed to master for 2.9.0 |
| Comment by Gerrit Updater [ 28/Apr/16 ] |
|
Frank Zago (fzago@cray.com) uploaded a new patch: http://review.whamcloud.com/19869 |
| Comment by Andreas Dilger [ 28/Apr/16 ] |
|
Reopen to track http://review.whamcloud.com/19869 landing. |
| Comment by Gerrit Updater [ 27/May/16 ] |
|
Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/19869/ |
| Comment by Peter Jones [ 24/Jul/16 ] |
|
Both patches now landed for 2.9 |