Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-12331] hardened usercopy whitelisting https://jira.whamcloud.com/browse/LU-12331 Lustre <p>4.16 has hardened usercopy checking, e.g. on rhel8 which is 4.18, a lfs df</p> <p>will make the kernel complain in the dmesg:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> [ 1379.571259] ------------[ cut here ]------------ [ 1379.573499] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object <span class="code-quote">'ll_obd_dev_cache'</span> (offset 1256, size 40)! [ 1379.579230] WARNING: CPU: 1 PID: 17534 at mm/usercopy.c:83 usercopy_warn+0x7d/0xa0 [ 1379.582329] Modules linked in: mgc(OE) lustre(OE) lmv(OE) mdc(OE) fid(OE) osc(OE) lov(OE) fld(OE) ko2iblnd(OE) ptlrpc(OE) obdclass(OE) lnet(OE) libcfs(OE) rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache rdma_ucm(OE) ib_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) esp6_offload esp6 esp4_offload esp4 mlx5_fpga_tools(OE) mlx5_ib(OE) mlx5_core(OE) tls(t) strparser mlxfw(OE) cirrus ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops sg drm virtio_balloon joydev i2c_piix4 pcspkr knem(OE) xfs libcrc32c sr_mod cdrom ata_generic mlx4_ib(OE) ib_uverbs(OE) ib_core(OE) mlx4_en(OE) crct10dif_pclmul crc32_pclmul ata_piix crc32c_intel mlx4_core(OE) libata devlink serio_raw ghash_clmulni_intel virtio_blk mlx_compat(OE) sunrpc dm_mirror dm_region_hash dm_log [ 1379.608132] dm_mod [ 1379.608824] CPU: 1 PID: 17534 Comm: lfs Kdump: loaded Tainted: G OE --------- -t - 4.18.0-80.el8.x86_64 #1 [ 1379.612292] Hardware name: Fedora Project OpenStack Nova, BIOS 0.5.1 01/01/2011 [ 1379.614640] RIP: 0010:usercopy_warn+0x7d/0xa0 [ 1379.616038] Code: 6b 91 41 51 4d 89 d8 48 c7 c0 9d 47 6a 91 49 89 f1 48 89 f9 48 0f 45 c2 48 c7 c7 70 5a 6b 91 4c 89 d2 48 89 c6 e8 8d eb e0 ff &lt;0f&gt; 0b 48 83 c4 18 c3 48 c7 c6 17 5e 6c 91 49 89 f1 49 89 f3 eb 96 [ 1379.621917] RSP: 0018:ffffa1378b0c7b58 EFLAGS: 00010282 [ 1379.623521] RAX: 0000000000000000 RBX: ffff8da6f75d15a0 RCX: 0000000000000000 [ 1379.625691] RDX: ffff8da72fa5ed80 RSI: ffff8da72fa56958 RDI: ffff8da72fa56958 [ 1379.627929] RBP: 0000000000000028 R08: 0000000000000259 R09: 0000000000000007 [ 1379.629965] R10: 0000000000000000 R11: ffffffff9201bb0d R12: 0000000000000001 [ 1379.631931] R13: ffff8da6f75d15c8 R14: 0000000000000028 R15: 00007ffcde181870 [ 1379.633952] FS: 00007f4a32a81740(0000) GS:ffff8da72fa40000(0000) knlGS:0000000000000000 [ 1379.636253] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1379.637835] CR2: 00007f4a318255df CR3: 00000003f4342004 CR4: 00000000000606e0 [ 1379.639836] Call Trace: [ 1379.640548] __check_object_size+0xfa/0x181 [ 1379.641738] lmv_iocontrol+0x1146/0x1880 [lmv] [ 1379.643062] ll_obd_statfs+0x356/0x860 [lustre] [ 1379.644306] ? page_add_file_rmap+0x13/0x200 [ 1379.645495] ll_dir_ioctl+0x1e37/0x6760 [lustre] [ 1379.646784] ? sched_clock+0x5/0x10 [ 1379.647708] ? sched_clock_cpu+0xc/0xb0 [ 1379.648786] ? tty_insert_flip_string_fixed_flag+0x85/0xe0 [ 1379.650290] ? pty_write+0x78/0x90 [ 1379.651189] ? do_vfs_ioctl+0xa4/0x630 [ 1379.652154] do_vfs_ioctl+0xa4/0x630 [ 1379.653073] ksys_ioctl+0x60/0x90 [ 1379.653905] __x64_sys_ioctl+0x16/0x20 [ 1379.654876] do_syscall_64+0x5b/0x1b0 [ 1379.655857] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 1379.657134] RIP: 0033:0x7f4a3178b45b [ 1379.658050] Code: 0f 1e fa 48 8b 05 2d aa 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d fd a9 2c 00 f7 d8 64 89 01 48 [ 1379.662641] RSP: 002b:00007ffcde17f558 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 1379.664389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a3178b45b [ 1379.666147] RDX: 00007ffcde17f7c0 RSI: 00000000c00866a4 RDI: 0000000000000003 [ 1379.667888] RBP: 0000000000000003 R08: 0000000000000250 R09: 00007ffcde1812c0 [ 1379.669557] R10: fffffffffffffb4c R11: 0000000000000202 R12: 0000000000000000 [ 1379.671189] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcde181870 [ 1379.672841] ---[ end trace 0414e3c4c1442f97 ]--- </pre> </div></div> LU-12331 hardened usercopy whitelisting Improvement Minor Resolved Fixed Dongyang Li Dongyang Li Thu, 23 May 2019 06:47:56 +0000 Fri, 17 Jan 2020 18:40:59 +0000 Sun, 21 Jul 2019 04:09:08 +0000 Lustre 2.13.0 Lustre 2.12.3 0 5 <p>Li Dongyang (dongyangli@ddn.com) uploaded a new patch: <a href="https://review.whamcloud.com/34946" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/34946</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-12331" title="hardened usercopy whitelisting" class="issue-link" data-issue-key="LU-12331"><del>LU-12331</del></a> llite: create obd_device with usercopy whitelist<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: e90dbbf06a5b10151b1ad3bb561c575e3a63b88a</p> <p>Is it just <tt>cl_target_uuid</tt> that is being copied directly to userspace, or are there other fields? I'm wondering why this particular structure field is a problem when there likely are many other places we copy memory to userspace?</p> <p>u.cli.cl_target_uuid and obd_name both from struct obd_device.</p> <p>Most of the places we are copying the memory returned by kmalloc, kernel has already set up the white list for that.</p> <p>Jian Yu (yujian@whamcloud.com) uploaded a new patch: <a href="https://review.whamcloud.com/35528" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/35528</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-12331" title="hardened usercopy whitelisting" class="issue-link" data-issue-key="LU-12331"><del>LU-12331</del></a> llite: create obd_device with usercopy whitelist<br/> Project: fs/lustre-release<br/> Branch: b2_12<br/> Current Patch Set: 1<br/> Commit: 15b21ce482303c123ed49a486d71d8445ea6cfd4</p> <p>Oleg Drokin (green@whamcloud.com) merged in patch <a href="https://review.whamcloud.com/34946/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/34946/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-12331" title="hardened usercopy whitelisting" class="issue-link" data-issue-key="LU-12331"><del>LU-12331</del></a> llite: create obd_device with usercopy whitelist<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: e34c59812abf5e3f8e51f85bace48c3d3e5edc36</p> <p>Landed for 2.13</p> <p>Oleg Drokin (green@whamcloud.com) merged in patch <a href="https://review.whamcloud.com/35528/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/35528/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-12331" title="hardened usercopy whitelisting" class="issue-link" data-issue-key="LU-12331"><del>LU-12331</del></a> llite: create obd_device with usercopy whitelist<br/> Project: fs/lustre-release<br/> Branch: b2_12<br/> Current Patch Set: <br/> Commit: c8cf8521f517842febbab24e0b20a4b88e615416</p> Related LU-12269 LU-11838 LU-12511 Development Rank 1|i00gtz: Rank (Obsolete) 9223372036854775807