From nobody Sat Apr 18 01:59:59 2026
Received: from mail-qk1-f182.google.com (mail-qk1-f182.google.com
 [209.85.222.182])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 442C0184540
	for <linux-kernel@vger.kernel.org>; Thu, 12 Feb 2026 03:42:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.222.182
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770867780; cv=none;
 b=fuLStRMw+qv8CBdmbzd90f+kgvg0485/GDaXP5Kmob62pKyI8EU8w3Le+WgWdbHhO96v/log2zuML5l5A747tCbkp4o4suKvimEmWMtn8ukZa1cQkVQDYsefD13vv3Qzn2/obQKv19fFCBKRRzLjGf4GiSFf6Ux1yhPzns6yowo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770867780; c=relaxed/simple;
	bh=nNp4Wp+vu6RPgm0Gr+xltF6IUuc5nM/Ab5qww+8kGhE=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=Hye7z0VN2SpbmJb8gJ2bptGHeYsMzhLHIYrIPHTM6c+pbGPMZUJLRNhQ2Sk199VemJ2NF9zTZBpxybr4q8AGNvh9Fz69z+jKcPrJJLpR+m+io2LzYEzm1xpS00d0N23f7BWoIMMD7iMVKe7rJma63kK1LLdSvhJ6/RadUi9ycpY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=u.northwestern.edu;
 spf=pass smtp.mailfrom=u.northwestern.edu;
 dkim=pass (2048-bit key) header.d=u-northwestern-edu.20230601.gappssmtp.com
 header.i=@u-northwestern-edu.20230601.gappssmtp.com header.b=v6a/pA8Q;
 arc=none smtp.client-ip=209.85.222.182
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=u.northwestern.edu
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=u.northwestern.edu
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=u-northwestern-edu.20230601.gappssmtp.com
 header.i=@u-northwestern-edu.20230601.gappssmtp.com header.b="v6a/pA8Q"
Received: by mail-qk1-f182.google.com with SMTP id
 af79cd13be357-8c70ce93afaso286938885a.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 11 Feb 2026 19:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=u-northwestern-edu.20230601.gappssmtp.com; s=20230601; t=1770867776;
 x=1771472576; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=seO+5nAucO1bceqmeu6GxIOrO5iVYQCSjl/bvIVFZJk=;
        b=v6a/pA8QabNOw//fr49vKJtdEdrSQaDRKHdmeethgpBFfinx2f0orj9SIybAGTdq73
         rwr3O6Uif9y6iqxP/817dqhVCYeqM8h45th0KpqaNgWsridK2n8KcQydveJkIcmgJo7f
         4B2WadNmB0dK5H/ReSjUmj6Fjm5W5iB15eQM+0OVfxQqabwkATwTzCkC1rXw6+6tvboD
         p54lZ6Ar9w6hOOKDGy6o1vrLsRqoexLgb+dq4s0PMrsInccVKDAq9YENJesA14S++VMr
         WWi341bQk8+/xP0viYqxdPj91pbpbzs0bA5jFrUH4W6jnPwSgV2lFG4OaDVjpdarn9wW
         hBmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1770867776; x=1771472576;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=seO+5nAucO1bceqmeu6GxIOrO5iVYQCSjl/bvIVFZJk=;
        b=ZWct7076TiLi7vBTSMC/exmgBUPtmw8e3g+4+IMQPw9jGil/wiftpxH5IvlovVpwNT
         h8Ck9yPgK1OjM4AZK/Z3w1SX5mpTHkTs7pX67ZAyha9AE0pODaPODG919jNYGgQEH+U4
         z3TeoDfAEst8Pr1MwD7sWbvnjFXiXiSu8hrjjQKx0aKayKtq7m/YNjcKBobDZDaBz2Pm
         0ajf3kECbde+hlz52nwVknBsmwj8RdaOt1qKTC7cE9VI1sJZBkrx3xMOsEkx70DrRAxZ
         Ct7MGdBZSbdJM2234WRFlClnhRNa2NgxZNLVxTzzqNssxHx+Tc5/bdlMOTQLwm2oXiFU
         8T/w==
X-Forwarded-Encrypted: i=1;
 AJvYcCV4j9MqmfxUscEi40oxis4OCbx++lFVQDErIR5ejVPboBwccU2SrE+NJiF/bE/XUqj8UHXpumvENiVNgxk=@vger.kernel.org
X-Gm-Message-State: AOJu0Yykj43T1eqTpTEK6V20+sCEzZJvKaV0LvqqJgbakHdzqdbiHAMB
	/ypPOOkTiZixWday7/DrSMHLgjsKrZ96qQJyyWL5kxBV7wFOfj9cQBp6yx2xHYjttJI=
X-Gm-Gg: AZuq6aINutL9mTRcd40ARMyoj9oAgQ0Fqx1M84sC4ygZRCevDQjW2VRMjHh4vPTdqCz
	jCyVAdYlSbadGwFr8+kMtQJePLhOxcw7+Q9+llq4GPHpW/phs7QGJ5MJweEr1fpq7bcWiQugBGJ
	L86yIyv47GLLqx6Vr6F6GeIlysr4KVSf9tt/OoSkGDKtqjJLVkSywW9+sbteuLjDtVkn692+NwZ
	vgUTDczBU81xTHtk7+PgXB4FEptolJq4MsSJ57P0Qh5yS62yqFNUZw3LQmdxHPnkkxIUYVRGsYX
	jY8S391r7i6uvg1Gb7X70Esk/gmg4yCGPCuhMwrSP8b6J4M4y5vg7dwOXxuh5fkzCVi8f10O04E
	+mrvig7C8JjpN6YeLYwThHenMZn3xp736pf7r2fb+1WaQsiaZHAYcLoTBQx24G4prnmhOAjiGKX
	ZHU9NLGI0ybUw2c62/Ar+kQis2OUL9yTjaUBhqJcHKQTYAAj+kKmQY176bMzauiOKwwzgWJ9iNK
	tAQeIYfzCw3thPAvAk9gGFqQDoZMhItaRI5+RxQ09s=
X-Received: by 2002:a05:620a:1708:b0:8b2:d26f:14b0 with SMTP id
 af79cd13be357-8cb3505b753mr86208985a.3.1770867776256;
        Wed, 11 Feb 2026 19:42:56 -0800 (PST)
Received: from security.cs.northwestern.edu (security.cs.northwestern.edu.
 [165.124.184.136])
        by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-8971cc7f2a5sm29182356d6.11.2026.02.11.19.42.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 11 Feb 2026 19:42:55 -0800 (PST)
From: Ziyi Guo <n7l8m4@u.northwestern.edu>
To: Alexander Aring <aahringo@redhat.com>,
	David Teigland <teigland@redhat.com>
Cc: gfs2@lists.linux.dev,
	linux-kernel@vger.kernel.org,
	Ziyi Guo <n7l8m4@u.northwestern.edu>
Subject: [PATCH] dlm: add usercopy whitelist to dlm_cb cache
Date: Thu, 12 Feb 2026 03:42:54 +0000
Message-Id: <20260212034254.2864235-1-n7l8m4@u.northwestern.edu>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The dlm_cb slab cache is created with kmem_cache_create(), which
provides no usercopy whitelist. When a callback carries LVB data,
dlm_user_add_ast() copies the LVB into the inline lvbptr[] array within
the slab-allocated struct dlm_callback and redirects ua->lksb.sb_lvbptr
to point to it. copy_result_to_user() then calls copy_to_user() with
this pointer. With CONFIG_HARDENED_USERCOPY enabled, this triggers
usercopy_abort().

Switch to kmem_cache_create_usercopy() with a whitelist covering the
lvbptr field.

Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
Acked-by: Alexander Aring <aahringo@redhat.com>
---
 fs/dlm/memory.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/dlm/memory.c b/fs/dlm/memory.c
index 5c35cc67aca4..ee55994ce90d 100644
--- a/fs/dlm/memory.c
+++ b/fs/dlm/memory.c
@@ -48,8 +48,10 @@ int __init dlm_memory_init(void)
 	if (!rsb_cache)
 		goto rsb;
=20
-	cb_cache =3D kmem_cache_create("dlm_cb", sizeof(struct dlm_callback),
+	cb_cache =3D kmem_cache_create_usercopy("dlm_cb", sizeof(struct dlm_callb=
ack),
 				     __alignof__(struct dlm_callback), 0,
+					 offsetof(struct dlm_callback, lvbptr),
+					 sizeof_field(struct dlm_callback, lvbptr),
 				     NULL);
 	if (!cb_cache)
 		goto cb;
--=20
2.34.1