From: James Simmons <jsimmons@infradead.org>
To: Andreas Dilger <adilger@whamcloud.com>,
Oleg Drokin <green@whamcloud.com>, NeilBrown <neilb@suse.de>
Cc: Alexey Lyashkov <alexey.lyashkov@hpe.com>,
Lustre Development List <lustre-devel@lists.lustre.org>
Subject: [lustre-devel] [PATCH 16/42] lnet: selftest: lst read-outside of allocation
Date: Mon, 23 Jan 2023 18:00:29 -0500 [thread overview]
Message-ID: <1674514855-15399-17-git-send-email-jsimmons@infradead.org> (raw)
In-Reply-To: <1674514855-15399-1-git-send-email-jsimmons@infradead.org>
From: Alexey Lyashkov <alexey.lyashkov@hpe.com>
lnet_selftest want a some parameters from userspace,
but it never sends. It caused a read of outside of allocation
like
BUG: KASAN: slab-out-of-bounds in lstcon_testrpc_prep+0x19e7/0x1bb0
Read of size 4 at addr ffff8888bbaa866c by task lt-lst/6371
WC-bug-id: https://jira.whamcloud.com/browse/LU-16157
Lustre-commit: 222fbed52e02122c7 ("LU-16157 lnet: lst read-outside of allocation")
Signed-off-by: Alexey Lyashkov <alexey.lyashkov@hpe.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/48547
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
net/lnet/selftest/conrpc.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/net/lnet/selftest/conrpc.c b/net/lnet/selftest/conrpc.c
index 8096c467041a..4f427dd85265 100644
--- a/net/lnet/selftest/conrpc.c
+++ b/net/lnet/selftest/conrpc.c
@@ -780,8 +780,13 @@ lstcon_pingrpc_prep(struct lst_test_ping_param *param, struct srpc_test_reqst *r
{
struct test_ping_req *prq = &req->tsr_u.ping;
- prq->png_size = param->png_size;
- prq->png_flags = param->png_flags;
+ if (param) {
+ prq->png_size = param->png_size;
+ prq->png_flags = param->png_flags;
+ } else {
+ prq->png_size = 0;
+ prq->png_flags = 0;
+ }
/* TODO dest */
return 0;
}
@@ -896,12 +901,17 @@ lstcon_testrpc_prep(struct lstcon_node *nd, int transop, unsigned int feats,
trq->tsr_stop_onerr = !!test->tes_stop_onerr;
switch (test->tes_type) {
- case LST_TEST_PING:
+ case LST_TEST_PING: {
+ struct lst_test_ping_param *data = NULL;
+
trq->tsr_service = SRPC_SERVICE_PING;
- rc = lstcon_pingrpc_prep((struct lst_test_ping_param *)
- &test->tes_param[0], trq);
- break;
+ if (test->tes_paramlen)
+ data = ((struct lst_test_ping_param *)
+ &test->tes_param[0]);
+ rc = lstcon_pingrpc_prep(data, trq);
+ break;
+ }
case LST_TEST_BULK:
trq->tsr_service = SRPC_SERVICE_BRW;
if (!(feats & LST_FEAT_BULK_LEN)) {
--
2.27.0
_______________________________________________
lustre-devel mailing list
lustre-devel@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
next prev parent reply other threads:[~2023-01-23 23:19 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-23 23:00 [lustre-devel] [PATCH 00/42] lustre: sync to OpenSFS tree as of Jan 22 2023 James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 01/42] lustre: osc: pack osc_async_page better James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 02/42] lnet: lnet_peer_merge_data to understand large addr James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 03/42] lnet: router_discover - handle large addrs in ping James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 04/42] lnet: Drop LNet message if deadline exceeded James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 05/42] lnet: change lnet_find_best_lpni to handle large NIDs James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 06/42] lustre: ldebugfs: add histogram to stats counter James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 07/42] lustre: llite: wake_up after cl_object_kill James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 08/42] lustre: pcc: use two bits to indicate pcc type for attach James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 09/42] lustre: ldebugfs: make job_stats and rename_stats valid YAML James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 10/42] lustre: misc: fix stats snapshot_time to use wallclock James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 11/42] lustre: pools: force creation of a component without a pool James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 12/42] lustre: sec: reserve flag for fid2path for encrypted files James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 13/42] lustre: llite: update statx size/ctime for fallocate James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 14/42] lustre: ptlrpc: fiemap flexible array James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 15/42] lustre: ptlrpc: Add LCME_FL_PARITY to wirecheck James Simmons
2023-01-23 23:00 ` James Simmons [this message]
2023-01-23 23:00 ` [lustre-devel] [PATCH 17/42] lustre: misc: rename lprocfs_stats functions James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 18/42] lustre: osc: Fix possible null pointer James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 19/42] lustre: ptlrpc: NUL terminate long jobid strings James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 20/42] lustre: uapi: remove _GNU_SOURCE dependency in lustre_user.h James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 21/42] lnet: handles unregister/register events James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 22/42] lustre: update version to 2.15.53 James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 23/42] lustre: ptlrpc: don't panic during reconnection James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 24/42] lustre: move to kobj_type default_groups James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 25/42] lnet: increase transaction timeout James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 26/42] lnet: Allow IP specification James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 27/42] lustre: obdclass: fix T10PI prototypes James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 28/42] lustre: obdclass: prefer T10 checksum if the target supports it James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 29/42] lustre: llite: remove false outdated comment James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 30/42] lnet: socklnd: clarify error message on timeout James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 31/42] lustre: llite: replace selinux_is_enabled() James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 32/42] lustre: enc: S_ENCRYPTED flag on OST objects for enc files James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 33/42] lnet: asym route inconsistency warning James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 34/42] lnet: o2iblnd: reset hiw proportionally James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 35/42] lnet: libcfs: cfs_hash_for_each_empty optimization James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 36/42] lustre: llite: always enable remote subdir mount James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 37/42] lnet: selftest: migrate LNet selftest group handling to Netlink James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 38/42] lnet: use Netlink to support LNet ping commands James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 39/42] lustre: llite: revert: "llite: clear stale page's uptodate bit" James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 40/42] lnet: validate data sent from user land properly James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 41/42] lnet: modify lnet_inetdev to work with large NIDS James Simmons
2023-01-23 23:00 ` [lustre-devel] [PATCH 42/42] lustre: ldlm: remove obsolete LDLM_FL_SERVER_LOCK James Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1674514855-15399-17-git-send-email-jsimmons@infradead.org \
--to=jsimmons@infradead.org \
--cc=adilger@whamcloud.com \
--cc=alexey.lyashkov@hpe.com \
--cc=green@whamcloud.com \
--cc=lustre-devel@lists.lustre.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).