[16/42] lnet: selftest: lst read-outside of allocation

Message ID	1674514855-15399-17-git-send-email-jsimmons@infradead.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <lustre-devel-bounces@lists.lustre.org> From: James Simmons <jsimmons@infradead.org> To: Andreas Dilger <adilger@whamcloud.com>, Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.de> Date: Mon, 23 Jan 2023 18:00:29 -0500 Message-Id: <1674514855-15399-17-git-send-email-jsimmons@infradead.org> In-Reply-To: <1674514855-15399-1-git-send-email-jsimmons@infradead.org> References: <1674514855-15399-1-git-send-email-jsimmons@infradead.org> Subject: [lustre-devel] [PATCH 16/42] lnet: selftest: lst read-outside of allocation Precedence: list Cc: Alexey Lyashkov <alexey.lyashkov@hpe.com>, Lustre Development List <lustre-devel@lists.lustre.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>
Series	lustre: sync to OpenSFS tree as of Jan 22 2023 \| expand [00/42] lustre: sync to OpenSFS tree as of Jan 22 2023 [01/42] lustre: osc: pack osc_async_page better [02/42] lnet: lnet_peer_merge_data to understand large addr [03/42] lnet: router_discover - handle large addrs in ping [04/42] lnet: Drop LNet message if deadline exceeded [05/42] lnet: change lnet_find_best_lpni to handle large NIDs [06/42] lustre: ldebugfs: add histogram to stats counter [07/42] lustre: llite: wake_up after cl_object_kill [08/42] lustre: pcc: use two bits to indicate pcc type for attach [09/42] lustre: ldebugfs: make job_stats and rename_stats valid YAML [10/42] lustre: misc: fix stats snapshot_time to use wallclock [11/42] lustre: pools: force creation of a component without a pool [12/42] lustre: sec: reserve flag for fid2path for encrypted files [13/42] lustre: llite: update statx size/ctime for fallocate [14/42] lustre: ptlrpc: fiemap flexible array [15/42] lustre: ptlrpc: Add LCME_FL_PARITY to wirecheck [16/42] lnet: selftest: lst read-outside of allocation [17/42] lustre: misc: rename lprocfs_stats functions [18/42] lustre: osc: Fix possible null pointer [19/42] lustre: ptlrpc: NUL terminate long jobid strings [20/42] lustre: uapi: remove _GNU_SOURCE dependency in lustre_user.h [21/42] lnet: handles unregister/register events [22/42] lustre: update version to 2.15.53 [23/42] lustre: ptlrpc: don't panic during reconnection [24/42] lustre: move to kobj_type default_groups [25/42] lnet: increase transaction timeout [26/42] lnet: Allow IP specification [27/42] lustre: obdclass: fix T10PI prototypes [28/42] lustre: obdclass: prefer T10 checksum if the target supports it [29/42] lustre: llite: remove false outdated comment [30/42] lnet: socklnd: clarify error message on timeout [31/42] lustre: llite: replace selinux_is_enabled() [32/42] lustre: enc: S_ENCRYPTED flag on OST objects for enc files [33/42] lnet: asym route inconsistency warning [34/42] lnet: o2iblnd: reset hiw proportionally [35/42] lnet: libcfs: cfs_hash_for_each_empty optimization [36/42] lustre: llite: always enable remote subdir mount [37/42] lnet: selftest: migrate LNet selftest group handling to Netlink [38/42] lnet: use Netlink to support LNet ping commands [39/42] lustre: llite: revert: "llite: clear stale page's uptodate bit" [40/42] lnet: validate data sent from user land properly [41/42] lnet: modify lnet_inetdev to work with large NIDS [42/42] lustre: ldlm: remove obsolete LDLM_FL_SERVER_LOCK

Message ID

1674514855-15399-17-git-send-email-jsimmons@infradead.org (mailing list archive)

State

New, archived

Headers

From: James Simmons <jsimmons@infradead.org>
To: Andreas Dilger <adilger@whamcloud.com>, Oleg Drokin <green@whamcloud.com>,
 NeilBrown <neilb@suse.de>
Date: Mon, 23 Jan 2023 18:00:29 -0500
Message-Id: <1674514855-15399-17-git-send-email-jsimmons@infradead.org>
In-Reply-To: <1674514855-15399-1-git-send-email-jsimmons@infradead.org>
References: <1674514855-15399-1-git-send-email-jsimmons@infradead.org>
Subject: [lustre-devel] [PATCH 16/42] lnet: selftest: lst read-outside of
 allocation
Precedence: list
Cc: Alexey Lyashkov <alexey.lyashkov@hpe.com>,
 Lustre Development List <lustre-devel@lists.lustre.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: lustre-devel-bounces@lists.lustre.org
Sender: "lustre-devel" <lustre-devel-bounces@lists.lustre.org>

Series

lustre: sync to OpenSFS tree as of Jan 22 2023 | expand

Commit Message

James Simmons Jan. 23, 2023, 11 p.m. UTC

From: Alexey Lyashkov <alexey.lyashkov@hpe.com>

lnet_selftest want a some parameters from userspace,
but it never sends. It caused a read of outside of allocation
like
  BUG: KASAN: slab-out-of-bounds in lstcon_testrpc_prep+0x19e7/0x1bb0
  Read of size 4 at addr ffff8888bbaa866c by task lt-lst/6371

WC-bug-id: https://jira.whamcloud.com/browse/LU-16157
Lustre-commit: 222fbed52e02122c7 ("LU-16157 lnet: lst read-outside of allocation")
Signed-off-by: Alexey Lyashkov <alexey.lyashkov@hpe.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/48547
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
 net/lnet/selftest/conrpc.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/net/lnet/selftest/conrpc.c b/net/lnet/selftest/conrpc.c
index 8096c467041a..4f427dd85265 100644
--- a/net/lnet/selftest/conrpc.c
+++ b/net/lnet/selftest/conrpc.c
@@ -780,8 +780,13 @@  lstcon_pingrpc_prep(struct lst_test_ping_param *param, struct srpc_test_reqst *r
 {
 	struct test_ping_req *prq = &req->tsr_u.ping;
 
-	prq->png_size = param->png_size;
-	prq->png_flags = param->png_flags;
+	if (param) {
+		prq->png_size = param->png_size;
+		prq->png_flags = param->png_flags;
+	} else {
+		prq->png_size = 0;
+		prq->png_flags = 0;
+	}
 	/* TODO dest */
 	return 0;
 }
@@ -896,12 +901,17 @@  lstcon_testrpc_prep(struct lstcon_node *nd, int transop, unsigned int feats,
 	trq->tsr_stop_onerr = !!test->tes_stop_onerr;
 
 	switch (test->tes_type) {
-	case LST_TEST_PING:
+	case LST_TEST_PING: {
+		struct lst_test_ping_param *data = NULL;
+
 		trq->tsr_service = SRPC_SERVICE_PING;
-		rc = lstcon_pingrpc_prep((struct lst_test_ping_param *)
-					 &test->tes_param[0], trq);
-		break;
+		if (test->tes_paramlen)
+			data = ((struct lst_test_ping_param *)
+				&test->tes_param[0]);
 
+		rc = lstcon_pingrpc_prep(data, trq);
+		break;
+	}
 	case LST_TEST_BULK:
 		trq->tsr_service = SRPC_SERVICE_BRW;
 		if (!(feats & LST_FEAT_BULK_LEN)) {

[16/42] lnet: selftest: lst read-outside of allocation

Commit Message

Patch