[LU-8171] stack overrun in hai_dump_data_field Created: 19/May/16  Updated: 15/Mar/17  Resolved: 14/Jun/16

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.9.0

Type: Bug Priority: Minor
Reporter: Frank Zago (Inactive) Assignee: John Hammond
Resolution: Fixed Votes: 0
Labels: cea

Issue Links:
Duplicate
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

With the stock 3.10 kernel, hai_dump_data_field will do a stack buffer overrun when cat'ing /proc/fs/lustre/.../hsm/actions if an action has some data in it.

On that kernel, these 2 snprintf:

                cnt = snprintf(buffer, 1, "%.2X", 54);
                cnt = snprintf(buffer, 2, "%.2X", 54);

will return 2 instead of 0 and 1 respectively. The strings generated are correct, with 0 and 1 character followed by NUL, respectively.

The coordinator code calls hai_dump_data_field with 12 bytes in the buffer. The last byte is printed incompletely to make room for the terminating NUL. However since that version of the kernel returns that 2 characters were written, when hai_dump_data_field writes the final NUL, it does it outside the reserved buffer, in the 13th byte. This stack buffer overrun hangs my VM.

This doesn't happen on CentOS 6.

 Comments   
Comment by Frank Zago (Inactive) [ 19/May/16 ]

Actually that snprintf behaviour is normal. It's a bug in Lustre.

Comment by Gerrit Updater [ 19/May/16 ]

Frank Zago (fzago@cray.com) uploaded a new patch: http://review.whamcloud.com/20338
Subject: LU-8171 hsm: stack overrun in hai_dump_data_field
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 54e077102fbb5ec4fb7d1a86c89b24db2e31a6b8

Comment by Joseph Gmitter (Inactive) [ 23/May/16 ]

Hi John,

Could you please advise here and have a look at the patch?

Thanks.
Joe

Comment by Gerrit Updater [ 14/Jun/16 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/20338/
Subject: LU-8171 hsm: stack overrun in hai_dump_data_field
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: b631a91e7e70ff609268def24e51b5bb089a5545

Comment by Joseph Gmitter (Inactive) [ 14/Jun/16 ]

patch has landed to master for 2.9

Comment by Jean-Baptiste Riaux (Inactive) [ 22/Jul/16 ]

Backport to b2_7_fe http://review.whamcloud.com/#/c/21478/

Generated at Sat Feb 10 02:15:15 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.