From b746591148aa8688b83bc73f9ea4c0bc962283eb Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Thu, 19 Jul 2018 18:04:08 +0000 Subject: [PATCH] scst/src/scst_mem: Enable userspace copying for sgv-*-*K This patch avoids that using the iSER target driver with usercopy harderning enabled triggers the following: usercopy: Kernel memory exposure attempt detected from SLUB object 'sgv-clust-64K' (offset 200, size 48)! kernel BUG at /build/linux-Sci2oS/linux-4.16.16/mm/usercopy.c:100! invalid opcode: 0000 [#1] SMP PTI CPU: 10 PID: 6283 Comm: iscsi-scstd Tainted: P O 4.16.0-0.bpo.2-amd64 #1 Debian 4.16.16-2~bpo9+1 Hardware name: Supermicro Super Server/X10SRH-CF, BIOS 2.0b 04/14/2017 RIP: 0010:usercopy_abort+0x69/0x80 Call Trace: __check_heap_object+0xee/0x120 __check_object_size+0xb8/0x1a0 isert_read+0x82/0x300 [isert_scst] vfs_read+0x91/0x130 SyS_read+0x52/0xc0 do_syscall_64+0x6c/0x130 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Reported-by: Carsten Aulbert git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@7428 d57e44dd-8a1f-0410-8b47-8ef2f437770f --- scst/src/scst_mem.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/scst/src/scst_mem.c b/scst/src/scst_mem.c index 7d827d861..9e9f989b8 100644 --- a/scst/src/scst_mem.c +++ b/scst/src/scst_mem.c @@ -1374,15 +1374,10 @@ static void sgv_pool_init_cache(struct sgv_pool *pool, int cache_num, scnprintf(pool->cache_names[cache_num], sizeof(pool->cache_names[cache_num]), "%s-%uK", pool->name, (pages << PAGE_SHIFT) >> 10); - pool->caches[cache_num] = kmem_cache_create( - pool->cache_names[cache_num], size, - 0, per_cpu ? SCST_SLAB_FLAGS : - (SCST_SLAB_FLAGS|SLAB_HWCACHE_ALIGN), NULL -#if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23)) - , NULL); -#else - ); -#endif + pool->caches[cache_num] = kmem_cache_create_usercopy( + pool->cache_names[cache_num], size, 0/*align*/, per_cpu ? + SCST_SLAB_FLAGS : SCST_SLAB_FLAGS | SLAB_HWCACHE_ALIGN, + 0/*useroffset*/, size/*usersize*/, NULL); return; }