Re: [PATCH] dlm: add usercopy whitelist to dlm_cb cache

Next message: Miguel Ojeda: "Re: [PATCH v3 03/12] rust: xarray: add `contains_index` method"
Previous message: Rafael J. Wysocki: "[PATCH v1 0/2] ACPI: button: Cleanups after recent changes"
In reply to: Ziyi Guo: "[PATCH] dlm: add usercopy whitelist to dlm_cb cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Aring

Date: Thu Feb 12 2026 - 08:34:52 EST

Hi,

On Wed, Feb 11, 2026 at 10:43 PM Ziyi Guo <n7l8m4@xxxxxxxxxxxxxxxxxx> wrote:
>
> The dlm_cb slab cache is created with kmem_cache_create(), which
> provides no usercopy whitelist. When a callback carries LVB data,
> dlm_user_add_ast() copies the LVB into the inline lvbptr[] array within
> the slab-allocated struct dlm_callback and redirects ua->lksb.sb_lvbptr
> to point to it. copy_result_to_user() then calls copy_to_user() with
> this pointer. With CONFIG_HARDENED_USERCOPY enabled, this triggers
> usercopy_abort().
>
> Switch to kmem_cache_create_usercopy() with a whitelist covering the
> lvbptr field.
>
> Signed-off-by: Ziyi Guo <n7l8m4@xxxxxxxxxxxxxxxxxx>

Acked-by: Alexander Aring <aahringo@xxxxxxxxxx>

Thanks for pointing this out.

- Alex