orangefs_op_cache is created with kmem_cache_create(), which provides
no usercopy whitelist. orangefs_devreq_read() copies the tag and upcall
fields directly from slab objects to userspace via copy_to_user(). With
CONFIG_HARDENED_USERCOPY enabled, this triggers usercopy_abort().

Switch to kmem_cache_create_usercopy() with a whitelist covering the
tag and upcall fields, matching the pattern already used by
orangefs_inode_cache in super.c.

Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
---
 fs/orangefs/orangefs-cache.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/orangefs/orangefs-cache.c b/fs/orangefs/orangefs-cache.c
index e75e173a9186..0bdb99e89744 100644
--- a/fs/orangefs/orangefs-cache.c
+++ b/fs/orangefs/orangefs-cache.c
@@ -19,10 +19,14 @@ static struct kmem_cache *op_cache;
 
 int op_cache_initialize(void)
 {
-	op_cache = kmem_cache_create("orangefs_op_cache",
+	op_cache = kmem_cache_create_usercopy("orangefs_op_cache",
 				     sizeof(struct orangefs_kernel_op_s),
 				     0,
 				     0,
+					 offsetof(struct orangefs_kernel_op_s, tag),
+					 offsetof(struct orangefs_kernel_op_s, upcall) +
+					     sizeof(struct orangefs_upcall_s) -
+						 offsetof(struct orangefs_kernel_op_s, tag),
 				     NULL);
 
 	if (!op_cache) {
-- 
2.34.1