From: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Date: Sat, 8 Feb 2025 11:10:01 +0000 (-0500)
Subject: LU-17419 target: Fix KASAN slab-out-of-bounds in string_nocheck
X-Git-Tag: 2.16.53~138
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=4930d5c9daf39b42fa174cc5a3b50b89dc7f5be8;p=fs%2Flustre-release.git

LU-17419 target: Fix KASAN slab-out-of-bounds in string_nocheck

flexi array mti_nidlist member of 'struct mgs_target_info'
is only valid when 'large_nid' is true. However, on returning
from server_lsi2mti() member mti_nidlist was unconditionally
accessed leading to slab-out-of-bounds because its rows are
not yet allocated.

This patch adds a condition for debug printing to either print
member mti_nids(v4/not large nid) or mti_nidlist for large nids

KASAN slab-out-of-bounds was triggered when running
conf-sanity/19b giving the below stack

==================================================================
[  534.044351] BUG: KASAN: slab-out-of-bounds in string_nocheck+0x1ec/0x290
[  534.045064] Read of size 1 at addr ffff88818625d1c0 by task mount.lustre/5165
[  534.045797]
[  534.045971] CPU: 1 PID: 5165 Comm: mount.lustre Tainted: G    \
	W  OE    ---------r-  - 4.18.0-348.23.1.el8_5.x86_64+debug #1
[  534.047172] Hardware name: Red Hat KVM/RHEL-AV, \
	BIOS 1.16.0-4.module_el8.9.0+3659+9c8643f3 04/01/2014
[  534.048120] Call Trace:
[  534.048393]  dump_stack+0x8e/0xd0
[  534.048749]  ? string_nocheck+0x1ec/0x290
[  534.049178]  print_address_description.constprop.5+0x1e/0x230
[  534.054812]  string+0xb6/0xc0
[  534.057142]  libcfs_debug_msg+0x152c/0x2290 [libcfs]
[  534.059975]  server_start_targets+0x39d8/0x73e0 [ptlrpc]
[  534.074514]  server_fill_super+0x1352/0x1cc0 [ptlrpc]
[  534.077431]  lustre_fill_super+0x779/0x9f0 [lustre]
[  534.078519]  mount_nodev+0x48/0xe0
[  534.079441]  legacy_get_tree+0x105/0x200
[  534.080294]  vfs_get_tree+0x89/0x330
[  534.081114]  do_mount+0xd40/0x1570
[  534.083922]  ksys_mount+0xb6/0xd0
[  534.084282]  __x64_sys_mount+0xba/0x150
[  534.084704]  do_syscall_64+0xa5/0x430
[  534.085090]  entry_SYSCALL_64_after_hwframe+0x6a/0xdf
----
[  534.092557] Allocated by task 5165:
[  534.092927]  kasan_save_stack+0x19/0x80
[  534.093321]  __kasan_kmalloc.constprop.9+0xc1/0xd0
[  534.093817]  __kmalloc+0x143/0x260
[  534.094257]  server_lsi2mti+0x6d5/0x1600 [ptlrpc]
[  534.094838]  server_start_targets+0x9f5/0x73e0 [ptlrpc]
[  534.095489]  server_fill_super+0x1352/0x1cc0 [ptlrpc]
[  534.096062]  lustre_fill_super+0x779/0x9f0 [lustre]
[  534.096584]  mount_nodev+0x48/0xe0
[  534.096946]  legacy_get_tree+0x105/0x200
[  534.097353]  vfs_get_tree+0x89/0x330
[  534.097729]  do_mount+0xd40/0x1570
[  534.098114]  ksys_mount+0xb6/0xd0
[  534.098482]  __x64_sys_mount+0xba/0x150
[  534.098885]  do_syscall_64+0xa5/0x430
[  534.099269]  entry_SYSCALL_64_after_hwframe+0x6a/0x

Test-Parameters: trivial testlist=conf-sanity
Signed-off-by: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Change-Id: I82eb33abc70cfe918711835b019af8e07c46272d
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/58018
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Frank Sehr <fsehr@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/target/tgt_mount.c b/lustre/target/tgt_mount.c
index 549855a..c5e5d57 100644
--- a/lustre/target/tgt_mount.c
+++ b/lustre/target/tgt_mount.c
@@ -1305,9 +1305,11 @@ static int server_register_target(struct lustre_sb_info *lsi)
 	struct obd_device *mgc = lsi->lsi_mgc;
 	struct mgs_target_info *mti = NULL;
 	size_t mti_len = sizeof(*mti);
+	struct lnet_nid nid;
 	bool must_succeed;
-	int rc;
 	int tried = 0;
+	char *nidstr;
+	int rc;
 
 	ENTRY;
 	LASSERT(mgc);
@@ -1315,9 +1317,18 @@ static int server_register_target(struct lustre_sb_info *lsi)
 	if (IS_ERR(mti))
 		GOTO(out, rc = PTR_ERR(mti));
 
-	CDEBUG(D_MOUNT, "Registration %s, fs=%s, %s, index=%04x, flags=%#x\n",
-	       mti->mti_svname, mti->mti_fsname, mti->mti_nidlist[0],
-	       mti->mti_stripe_index, mti->mti_flags);
+	if (exp_connect_flags2(lsi->lsi_mgc->u.cli.cl_mgc_mgsexp) &
+	    OBD_CONNECT2_LARGE_NID) {
+		nidstr = mti->mti_nidlist[0]; /* large_nid */
+	} else {
+		lnet_nid4_to_nid(mti->mti_nids[0], &nid);
+		nidstr = libcfs_nidstr(&nid);
+	}
+
+	CDEBUG(D_MOUNT,
+	       "Registration %s, fs=%s, %s, index=%04x, flags=%#x\n",
+	       mti->mti_svname, mti->mti_fsname, nidstr, mti->mti_stripe_index,
+	       mti->mti_flags);
 
 	/* we cannot ignore registration failure if MGS logs must be updated. */
 	must_succeed = !!(lsi->lsi_flags &