| Message ID | 20190816025417.28964-1-ming.lei@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores | expand |
On 8/15/19 7:54 PM, Ming Lei wrote: > It is reported that sysfs buffer overflow can be triggered in case > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in > blk_mq_hw_sysfs_cpus_show(). > > So use cpumap_print_to_pagebuf() to print the info and fix the potential > buffer overflow issue. > > Cc: stable@vger.kernel.org > Cc: Mark Ray <mark.ray@hpe.com> > Cc: Greg KH <gregkh@linuxfoundation.org> > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") > Signed-off-by: Ming Lei <ming.lei@redhat.com> > --- > block/blk-mq-sysfs.c | 15 +-------------- > 1 file changed, 1 insertion(+), 14 deletions(-) > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c > index d6e1a9bd7131..4d0d32377ba3 100644 > --- a/block/blk-mq-sysfs.c > +++ b/block/blk-mq-sysfs.c > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx, > > static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page) > { > - unsigned int i, first = 1; > - ssize_t ret = 0; > - > - for_each_cpu(i, hctx->cpumask) { > - if (first) > - ret += sprintf(ret + page, "%u", i); > - else > - ret += sprintf(ret + page, ", %u", i); > - > - first = 0; > - } > - > - ret += sprintf(ret + page, "\n"); > - return ret; > + return cpumap_print_to_pagebuf(true, page, hctx->cpumask); > } > > static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = { Although this patch looks fine to me, shouldn't this attribute be documented under Documentation/ABI/? Thanks, Bart.
On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@acm.org> wrote: > > On 8/15/19 7:54 PM, Ming Lei wrote: > > It is reported that sysfs buffer overflow can be triggered in case > > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in > > blk_mq_hw_sysfs_cpus_show(). > > > > So use cpumap_print_to_pagebuf() to print the info and fix the potential > > buffer overflow issue. > > > > Cc: stable@vger.kernel.org > > Cc: Mark Ray <mark.ray@hpe.com> > > Cc: Greg KH <gregkh@linuxfoundation.org> > > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") > > Signed-off-by: Ming Lei <ming.lei@redhat.com> > > --- > > block/blk-mq-sysfs.c | 15 +-------------- > > 1 file changed, 1 insertion(+), 14 deletions(-) > > > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c > > index d6e1a9bd7131..4d0d32377ba3 100644 > > --- a/block/blk-mq-sysfs.c > > +++ b/block/blk-mq-sysfs.c > > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx, > > > > static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page) > > { > > - unsigned int i, first = 1; > > - ssize_t ret = 0; > > - > > - for_each_cpu(i, hctx->cpumask) { > > - if (first) > > - ret += sprintf(ret + page, "%u", i); > > - else > > - ret += sprintf(ret + page, ", %u", i); > > - > > - first = 0; > > - } > > - > > - ret += sprintf(ret + page, "\n"); > > - return ret; > > + return cpumap_print_to_pagebuf(true, page, hctx->cpumask); > > } > > > > static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = { > > Although this patch looks fine to me, shouldn't this attribute be > documented under Documentation/ABI/? That is another problem, not closely related with this buffer-overflow issue. I suggest to fix the buffer overflow first, which is triggered from userspace. Thanks, Ming Lei
On Fri, Aug 16, 2019 at 12:17:31PM +0800, Ming Lei wrote: > On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@acm.org> wrote: > > > > On 8/15/19 7:54 PM, Ming Lei wrote: > > > It is reported that sysfs buffer overflow can be triggered in case > > > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in > > > blk_mq_hw_sysfs_cpus_show(). > > > > > > So use cpumap_print_to_pagebuf() to print the info and fix the potential > > > buffer overflow issue. > > > > > > Cc: stable@vger.kernel.org > > > Cc: Mark Ray <mark.ray@hpe.com> > > > Cc: Greg KH <gregkh@linuxfoundation.org> > > > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") > > > Signed-off-by: Ming Lei <ming.lei@redhat.com> > > > --- > > > block/blk-mq-sysfs.c | 15 +-------------- > > > 1 file changed, 1 insertion(+), 14 deletions(-) > > > > > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c > > > index d6e1a9bd7131..4d0d32377ba3 100644 > > > --- a/block/blk-mq-sysfs.c > > > +++ b/block/blk-mq-sysfs.c > > > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx, > > > > > > static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page) > > > { > > > - unsigned int i, first = 1; > > > - ssize_t ret = 0; > > > - > > > - for_each_cpu(i, hctx->cpumask) { > > > - if (first) > > > - ret += sprintf(ret + page, "%u", i); > > > - else > > > - ret += sprintf(ret + page, ", %u", i); > > > - > > > - first = 0; > > > - } > > > - > > > - ret += sprintf(ret + page, "\n"); > > > - return ret; > > > + return cpumap_print_to_pagebuf(true, page, hctx->cpumask); > > > } > > > > > > static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = { > > > > Although this patch looks fine to me, shouldn't this attribute be > > documented under Documentation/ABI/? > > That is another problem, not closely related with this buffer-overflow issue. > > I suggest to fix the buffer overflow first, which is triggered from userspace. I suggest you just delete this whole sysfs attribute, which will solve the buffer overflow, as no one should be using it and it is incorrect to have. thanks, greg k-h
On Fri, Aug 16, 2019 at 10:54:17AM +0800, Ming Lei wrote: > It is reported that sysfs buffer overflow can be triggered in case > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in > blk_mq_hw_sysfs_cpus_show(). > > So use cpumap_print_to_pagebuf() to print the info and fix the potential > buffer overflow issue. > > Cc: stable@vger.kernel.org > Cc: Mark Ray <mark.ray@hpe.com> > Cc: Greg KH <gregkh@linuxfoundation.org> > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") > Signed-off-by: Ming Lei <ming.lei@redhat.com> > --- > block/blk-mq-sysfs.c | 15 +-------------- > 1 file changed, 1 insertion(+), 14 deletions(-) No list of what changed from v1 under here? Anyway, no, just delete the attribute please. thanks, greg k-h
On 8/16/19 4:54 AM, Ming Lei wrote: > It is reported that sysfs buffer overflow can be triggered in case > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in > blk_mq_hw_sysfs_cpus_show(). > > So use cpumap_print_to_pagebuf() to print the info and fix the potential > buffer overflow issue. > > Cc: stable@vger.kernel.org > Cc: Mark Ray <mark.ray@hpe.com> > Cc: Greg KH <gregkh@linuxfoundation.org> > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") > Signed-off-by: Ming Lei <ming.lei@redhat.com> > --- > block/blk-mq-sysfs.c | 15 +-------------- > 1 file changed, 1 insertion(+), 14 deletions(-) > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c > index d6e1a9bd7131..4d0d32377ba3 100644 > --- a/block/blk-mq-sysfs.c > +++ b/block/blk-mq-sysfs.c > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx, > > static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page) > { > - unsigned int i, first = 1; > - ssize_t ret = 0; > - > - for_each_cpu(i, hctx->cpumask) { > - if (first) > - ret += sprintf(ret + page, "%u", i); > - else > - ret += sprintf(ret + page, ", %u", i); > - > - first = 0; > - } > - > - ret += sprintf(ret + page, "\n"); > - return ret; > + return cpumap_print_to_pagebuf(true, page, hctx->cpumask); > } > > static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = { > Reviewed-by: Hannes Reinecke <hare@suse.com> And maybe you should send a update to the kABI documentation to keep Greg KH happy :-) Cheers, Hannes
diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c index d6e1a9bd7131..4d0d32377ba3 100644 --- a/block/blk-mq-sysfs.c +++ b/block/blk-mq-sysfs.c @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx, static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page) { - unsigned int i, first = 1; - ssize_t ret = 0; - - for_each_cpu(i, hctx->cpumask) { - if (first) - ret += sprintf(ret + page, "%u", i); - else - ret += sprintf(ret + page, ", %u", i); - - first = 0; - } - - ret += sprintf(ret + page, "\n"); - return ret; + return cpumap_print_to_pagebuf(true, page, hctx->cpumask); } static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
It is reported that sysfs buffer overflow can be triggered in case of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in blk_mq_hw_sysfs_cpus_show(). So use cpumap_print_to_pagebuf() to print the info and fix the potential buffer overflow issue. Cc: stable@vger.kernel.org Cc: Mark Ray <mark.ray@hpe.com> Cc: Greg KH <gregkh@linuxfoundation.org> Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") Signed-off-by: Ming Lei <ming.lei@redhat.com> --- block/blk-mq-sysfs.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-)