Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores

Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> · Fri, 16 Aug 2019 09:09:21 +0200

On Fri, Aug 16, 2019 at 12:17:31PM +0800, Ming Lei wrote:
> On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@xxxxxxx> wrote:
> >
> > On 8/15/19 7:54 PM, Ming Lei wrote:
> > > It is reported that sysfs buffer overflow can be triggered in case
> > > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> > > blk_mq_hw_sysfs_cpus_show().
> > >
> > > So use cpumap_print_to_pagebuf() to print the info and fix the potential
> > > buffer overflow issue.
> > >
> > > Cc: stable@xxxxxxxxxxxxxxx
> > > Cc: Mark Ray <mark.ray@xxxxxxx>
> > > Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> > > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> > > Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
> > > ---
> > >   block/blk-mq-sysfs.c | 15 +--------------
> > >   1 file changed, 1 insertion(+), 14 deletions(-)
> > >
> > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> > > index d6e1a9bd7131..4d0d32377ba3 100644
> > > --- a/block/blk-mq-sysfs.c
> > > +++ b/block/blk-mq-sysfs.c
> > > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
> > >
> > >   static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
> > >   {
> > > -     unsigned int i, first = 1;
> > > -     ssize_t ret = 0;
> > > -
> > > -     for_each_cpu(i, hctx->cpumask) {
> > > -             if (first)
> > > -                     ret += sprintf(ret + page, "%u", i);
> > > -             else
> > > -                     ret += sprintf(ret + page, ", %u", i);
> > > -
> > > -             first = 0;
> > > -     }
> > > -
> > > -     ret += sprintf(ret + page, "\n");
> > > -     return ret;
> > > +     return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
> > >   }
> > >
> > >   static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
> >
> > Although this patch looks fine to me, shouldn't this attribute be
> > documented under Documentation/ABI/?
> 
> That is another problem, not closely related with this buffer-overflow issue.
> 
> I suggest to fix the buffer overflow first, which is triggered from userspace.

I suggest you just delete this whole sysfs attribute, which will solve
the buffer overflow, as no one should be using it and it is incorrect to
have.

thanks,

greg k-h