scst/src/scst_mem: Enable userspace copying for sgv-*-*K

This patch avoids that using the iSER target driver with usercopy harderning enabled triggers the following: usercopy: Kernel memory exposure attempt detected from SLUB object 'sgv-clust-64K' (offset 200, size 48)! kernel BUG at /build/linux-Sci2oS/linux-4.16.16/mm/usercopy.c:100! invalid opcode: 0000 [#1] SMP PTI CPU: 10 PID: 6283 Comm: iscsi-scstd Tainted: P O 4.16.0-0.bpo.2-amd64 #1 Debian 4.16.16-2~bpo9+1 Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 2.0b 04/14/2017 RIP: 0010:usercopy_abort+0x69/0x80 Call Trace: __check_heap_object+0xee/0x120 __check_object_size+0xb8/0x1a0 isert_read+0x82/0x300 [isert_scst] vfs_read+0x91/0x130 SyS_read+0x52/0xc0 do_syscall_64+0x6c/0x130 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Reported-by: Carsten Aulbert <carsten.aulbert@aei.mpg.de> git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@7428 d57e44dd-8a1f-0410-8b47-8ef2f437770f
2026-05-19 19:51:27 +00:00 · 2018-07-19 18:04:08 +00:00
parent cfe8f3cfc1
commit b746591148
1 changed files with 4 additions and 9 deletions
--- a/scst/src/scst_mem.c
+++ b/scst/src/scst_mem.c
@@ -1374,15 +1374,10 @@ static void sgv_pool_init_cache(struct sgv_pool *pool, int cache_num,
 	scnprintf(pool->cache_names[cache_num],
 		sizeof(pool->cache_names[cache_num]),
 		"%s-%uK", pool->name, (pages << PAGE_SHIFT) >> 10);
-	pool->caches[cache_num] = kmem_cache_create(
-		pool->cache_names[cache_num], size,
-		0, per_cpu ? SCST_SLAB_FLAGS :
-			     (SCST_SLAB_FLAGS|SLAB_HWCACHE_ALIGN), NULL
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23))
-		, NULL);
-#else
-		);
-#endif
+	pool->caches[cache_num] = kmem_cache_create_usercopy(
+		pool->cache_names[cache_num], size, 0/*align*/, per_cpu ?
+		SCST_SLAB_FLAGS : SCST_SLAB_FLAGS | SLAB_HWCACHE_ALIGN,
+		0/*useroffset*/, size/*usersize*/, NULL);
 	return;
 }