Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@xxxxxxx> wrote:
>
> On 8/15/19 7:54 PM, Ming Lei wrote:
> > It is reported that sysfs buffer overflow can be triggered in case
> > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> > blk_mq_hw_sysfs_cpus_show().
> >
> > So use cpumap_print_to_pagebuf() to print the info and fix the potential
> > buffer overflow issue.
> >
> > Cc: stable@xxxxxxxxxxxxxxx
> > Cc: Mark Ray <mark.ray@xxxxxxx>
> > Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> > Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
> > ---
> >   block/blk-mq-sysfs.c | 15 +--------------
> >   1 file changed, 1 insertion(+), 14 deletions(-)
> >
> > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> > index d6e1a9bd7131..4d0d32377ba3 100644
> > --- a/block/blk-mq-sysfs.c
> > +++ b/block/blk-mq-sysfs.c
> > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
> >
> >   static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
> >   {
> > -     unsigned int i, first = 1;
> > -     ssize_t ret = 0;
> > -
> > -     for_each_cpu(i, hctx->cpumask) {
> > -             if (first)
> > -                     ret += sprintf(ret + page, "%u", i);
> > -             else
> > -                     ret += sprintf(ret + page, ", %u", i);
> > -
> > -             first = 0;
> > -     }
> > -
> > -     ret += sprintf(ret + page, "\n");
> > -     return ret;
> > +     return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
> >   }
> >
> >   static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
>
> Although this patch looks fine to me, shouldn't this attribute be
> documented under Documentation/ABI/?

That is another problem, not closely related with this buffer-overflow issue.

I suggest to fix the buffer overflow first, which is triggered from userspace.


Thanks,
Ming Lei



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux