[PATCH] orangefs: add usercopy whitelist to orangefs_op_cache

Next message: Wenchao Hao: "Re: [RFC PATCH] mm: only set fault addrsss' access bit in do_anonymous_page"
Previous message: John Hubbard: "Re: [PATCH v4 08/33] gpu: nova-core: set DMA mask width based on GPU architecture"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ziyi Guo

Date: Wed Feb 11 2026 - 21:08:18 EST

orangefs_op_cache is created with kmem_cache_create(), which provides
no usercopy whitelist. orangefs_devreq_read() copies the tag and upcall
fields directly from slab objects to userspace via copy_to_user(). With
CONFIG_HARDENED_USERCOPY enabled, this triggers usercopy_abort().

Switch to kmem_cache_create_usercopy() with a whitelist covering the
tag and upcall fields, matching the pattern already used by
orangefs_inode_cache in super.c.

Signed-off-by: Ziyi Guo <n7l8m4@xxxxxxxxxxxxxxxxxx>
---
fs/orangefs/orangefs-cache.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/orangefs/orangefs-cache.c b/fs/orangefs/orangefs-cache.c
index e75e173a9186..0bdb99e89744 100644
--- a/fs/orangefs/orangefs-cache.c
+++ b/fs/orangefs/orangefs-cache.c
@@ -19,10 +19,14 @@ static struct kmem_cache *op_cache;

int op_cache_initialize(void)
{
- op_cache = kmem_cache_create("orangefs_op_cache",
+ op_cache = kmem_cache_create_usercopy("orangefs_op_cache",
sizeof(struct orangefs_kernel_op_s),
0,
0,
+ offsetof(struct orangefs_kernel_op_s, tag),
+ offsetof(struct orangefs_kernel_op_s, upcall) +
+ sizeof(struct orangefs_upcall_s) -
+ offsetof(struct orangefs_kernel_op_s, tag),
NULL);

if (!op_cache) {
--
2.34.1