git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sergey Cheremencev <scherementsev@ddn.com>
	Wed, 25 Sep 2024 16:27:49 +0000 (19:27 +0300)
committer	Oleg Drokin <green@whamcloud.com>
	Mon, 30 Sep 2024 15:37:23 +0000 (15:37 +0000)
commit	142b9baeba254a81751db5e143c0788ad29e7e40
tree	afbb61472f52cdf53c0893d6fa8bf86d1f255eb0	tree \| snapshot
parent	1a4df98ff04dc70d5935314e3b125f6003ab87c3	commit \| diff

LU-18049 mgc: fix memory corruption

Fix memory corruption in mgc_apply_recovery_logs
caused by type address mistake of struct lnet_nid.
When mne_nid_count was > 1, at 2nd iteration it
stored nid at addr+400(sizeof(lnet_nid)*sizeof(lnet_nid))
instead of next array element, i.e. addr+20.
This caused a lot of memory corruptions with different
back traces, depending on the owner of memory located
near nid array. Corruptions usually happened in kmalloc-64.
It might corrupt the data inside slab objects or slub
service structres(freepointer).

Test-Parameters: trivial testlist=sanity-sec env=ONLY=31,ONLY_REPEAT=10 serverversion=2.15
Test-Parameters: trivial testlist=sanity-sec env=ONLY=31,ONLY_REPEAT=10 serverversion=2.15
Test-Parameters: trivial testlist=sanity-sec env=ONLY=31,ONLY_REPEAT=10 serverversion=EXA6

Fixes: e4d2d4ff74 ("LU-13306 mgc: handle large NID formats")
Signed-off-by: Sergey Cheremencev <scherementsev@ddn.com>
Change-Id: I3719a09a3814f24ef26c2b118de629b42d13313c
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56500
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Shaun Tancheff <shaun.tancheff@hpe.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/mgc/mgc_request.c		diff \| blob \| history
lustre/tests/sanity-sec.sh		diff \| blob \| history