On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@xxxxxxx> wrote:
>
> On 8/15/19 7:54 PM, Ming Lei wrote:
> > It is reported that sysfs buffer overflow can be triggered in case
> > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> > blk_mq_hw_sysfs_cpus_show().
> >
> > So use cpumap_print_to_pagebuf() to print the info and fix the potential
> > buffer overflow issue.
> >
> > Cc: stable@xxxxxxxxxxxxxxx
> > Cc: Mark Ray <mark.ray@xxxxxxx>
> > Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> > Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
> > ---
> > block/blk-mq-sysfs.c | 15 +--------------
> > 1 file changed, 1 insertion(+), 14 deletions(-)
> >
> > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> > index d6e1a9bd7131..4d0d32377ba3 100644
> > --- a/block/blk-mq-sysfs.c
> > +++ b/block/blk-mq-sysfs.c
> > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
> >
> > static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
> > {
> > - unsigned int i, first = 1;
> > - ssize_t ret = 0;
> > -
> > - for_each_cpu(i, hctx->cpumask) {
> > - if (first)
> > - ret += sprintf(ret + page, "%u", i);
> > - else
> > - ret += sprintf(ret + page, ", %u", i);
> > -
> > - first = 0;
> > - }
> > -
> > - ret += sprintf(ret + page, "\n");
> > - return ret;
> > + return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
> > }
> >
> > static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
>
> Although this patch looks fine to me, shouldn't this attribute be
> documented under Documentation/ABI/?
That is another problem, not closely related with this buffer-overflow issue.
I suggest to fix the buffer overflow first, which is triggered from userspace.
Thanks,
Ming Lei
