From 0c4f769c0ed38e76d07cc7301077c59e432a342f Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Mon, 1 Nov 2021 01:28:33 +0000 Subject: [PATCH] scst: Enable copying to user space from an SGV cache This patch should fix the following kernel warning: usercopy: Kernel memory exposure attempt detected from SLUB object 'sgv-clust-64K' (offset 200, size 48)! ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:99! invalid opcode: 0000 [#1] SMP PTI CPU: 0 PID: 2645 Comm: iscsi-scstd Tainted: P IOE 5.13.0-20-generic #20-Ubuntu Hardware name: Dell Inc. PowerEdge R740xd/07X9K0, BIOS 2.12.2 07/09/2021 RIP: 0010:usercopy_abort+0x7b/0x7d Call Trace: __check_heap_object+0xdf/0x110 __check_object_size.part.0+0x128/0x150 __check_object_size+0x1c/0x20 isert_read+0x10b/0x380 [isert_scst] vfs_read+0x9f/0x190 ksys_read+0x67/0xe0 __x64_sys_read+0x19/0x20 do_syscall_64+0x61/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@9589 d57e44dd-8a1f-0410-8b47-8ef2f437770f --- scst/src/scst_mem.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/scst/src/scst_mem.c b/scst/src/scst_mem.c index a0bba7662..92a8f5c0f 100644 --- a/scst/src/scst_mem.c +++ b/scst/src/scst_mem.c @@ -1376,15 +1376,11 @@ static void sgv_pool_init_cache(struct sgv_pool *pool, int cache_num, scnprintf(pool->cache_names[cache_num], sizeof(pool->cache_names[cache_num]), "%s-%uK", pool->name, (pages << PAGE_SHIFT) >> 10); - pool->caches[cache_num] = kmem_cache_create( + pool->caches[cache_num] = kmem_cache_create_usercopy( pool->cache_names[cache_num], size, - 0, per_cpu ? SCST_SLAB_FLAGS : - (SCST_SLAB_FLAGS|SLAB_HWCACHE_ALIGN), NULL -#if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23)) - , NULL); -#else - ); -#endif + /*align=*/0, per_cpu ? SCST_SLAB_FLAGS : + (SCST_SLAB_FLAGS|SLAB_HWCACHE_ALIGN), + /*useroffset=*/0, /*usersize=*/size, /*ctor=*/NULL); return; }