From: Ziyi Guo Date: Mon, 27 Apr 2026 15:59:33 +0000 (-0400) Subject: dlm: add usercopy whitelist to dlm_cb cache X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5314f2c6654a3616fd72777deb1ca766cc50618;p=thirdparty%2Fkernel%2Flinux.git dlm: add usercopy whitelist to dlm_cb cache The dlm_cb slab cache is created with kmem_cache_create(), which provides no usercopy whitelist. When a callback carries LVB data, dlm_user_add_ast() copies the LVB into the inline lvbptr[] array within the slab-allocated struct dlm_callback and redirects ua->lksb.sb_lvbptr to point to it. copy_result_to_user() then calls copy_to_user() with this pointer. With CONFIG_HARDENED_USERCOPY enabled, this triggers usercopy_abort(). Switch to kmem_cache_create_usercopy() with a whitelist covering the lvbptr field. Signed-off-by: Ziyi Guo Acked-by: Alexander Aring Signed-off-by: Alexander Aring Signed-off-by: David Teigland --- diff --git a/fs/dlm/memory.c b/fs/dlm/memory.c index 5c35cc67aca4c..ee55994ce90d8 100644 --- a/fs/dlm/memory.c +++ b/fs/dlm/memory.c @@ -48,8 +48,10 @@ int __init dlm_memory_init(void) if (!rsb_cache) goto rsb; - cb_cache = kmem_cache_create("dlm_cb", sizeof(struct dlm_callback), + cb_cache = kmem_cache_create_usercopy("dlm_cb", sizeof(struct dlm_callback), __alignof__(struct dlm_callback), 0, + offsetof(struct dlm_callback, lvbptr), + sizeof_field(struct dlm_callback, lvbptr), NULL); if (!cb_cache) goto cb;