Linux-Block Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores
@ 2019-08-16  2:54 Ming Lei
  2019-08-16  3:39 ` Bart Van Assche
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Ming Lei @ 2019-08-16  2:54 UTC (permalink / raw)
  To: Jens Axboe; +Cc: linux-block, Ming Lei, stable, Mark Ray, Greg KH

It is reported that sysfs buffer overflow can be triggered in case
of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
blk_mq_hw_sysfs_cpus_show().

So use cpumap_print_to_pagebuf() to print the info and fix the potential
buffer overflow issue.

Cc: stable@vger.kernel.org
Cc: Mark Ray <mark.ray@hpe.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
---
 block/blk-mq-sysfs.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
index d6e1a9bd7131..4d0d32377ba3 100644
--- a/block/blk-mq-sysfs.c
+++ b/block/blk-mq-sysfs.c
@@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
 
 static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
 {
-	unsigned int i, first = 1;
-	ssize_t ret = 0;
-
-	for_each_cpu(i, hctx->cpumask) {
-		if (first)
-			ret += sprintf(ret + page, "%u", i);
-		else
-			ret += sprintf(ret + page, ", %u", i);
-
-		first = 0;
-	}
-
-	ret += sprintf(ret + page, "\n");
-	return ret;
+	return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
 }
 
 static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
-- 
2.20.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores
  2019-08-16  2:54 [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores Ming Lei
@ 2019-08-16  3:39 ` Bart Van Assche
  2019-08-16  4:17   ` Ming Lei
  2019-08-16  7:09 ` Greg KH
  2019-08-19  6:12 ` Hannes Reinecke
  2 siblings, 1 reply; 6+ messages in thread
From: Bart Van Assche @ 2019-08-16  3:39 UTC (permalink / raw)
  To: Ming Lei, Jens Axboe; +Cc: linux-block, stable, Mark Ray, Greg KH

On 8/15/19 7:54 PM, Ming Lei wrote:
> It is reported that sysfs buffer overflow can be triggered in case
> of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> blk_mq_hw_sysfs_cpus_show().
> 
> So use cpumap_print_to_pagebuf() to print the info and fix the potential
> buffer overflow issue.
> 
> Cc: stable@vger.kernel.org
> Cc: Mark Ray <mark.ray@hpe.com>
> Cc: Greg KH <gregkh@linuxfoundation.org>
> Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> Signed-off-by: Ming Lei <ming.lei@redhat.com>
> ---
>   block/blk-mq-sysfs.c | 15 +--------------
>   1 file changed, 1 insertion(+), 14 deletions(-)
> 
> diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> index d6e1a9bd7131..4d0d32377ba3 100644
> --- a/block/blk-mq-sysfs.c
> +++ b/block/blk-mq-sysfs.c
> @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
>   
>   static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
>   {
> -	unsigned int i, first = 1;
> -	ssize_t ret = 0;
> -
> -	for_each_cpu(i, hctx->cpumask) {
> -		if (first)
> -			ret += sprintf(ret + page, "%u", i);
> -		else
> -			ret += sprintf(ret + page, ", %u", i);
> -
> -		first = 0;
> -	}
> -
> -	ret += sprintf(ret + page, "\n");
> -	return ret;
> +	return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
>   }
>   
>   static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {

Although this patch looks fine to me, shouldn't this attribute be 
documented under Documentation/ABI/?

Thanks,

Bart.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores
  2019-08-16  3:39 ` Bart Van Assche
@ 2019-08-16  4:17   ` Ming Lei
  2019-08-16  7:09     ` Greg KH
  0 siblings, 1 reply; 6+ messages in thread
From: Ming Lei @ 2019-08-16  4:17 UTC (permalink / raw)
  To: Bart Van Assche
  Cc: Ming Lei, Jens Axboe, linux-block, stable, Mark Ray, Greg KH

On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@acm.org> wrote:
>
> On 8/15/19 7:54 PM, Ming Lei wrote:
> > It is reported that sysfs buffer overflow can be triggered in case
> > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> > blk_mq_hw_sysfs_cpus_show().
> >
> > So use cpumap_print_to_pagebuf() to print the info and fix the potential
> > buffer overflow issue.
> >
> > Cc: stable@vger.kernel.org
> > Cc: Mark Ray <mark.ray@hpe.com>
> > Cc: Greg KH <gregkh@linuxfoundation.org>
> > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> > Signed-off-by: Ming Lei <ming.lei@redhat.com>
> > ---
> >   block/blk-mq-sysfs.c | 15 +--------------
> >   1 file changed, 1 insertion(+), 14 deletions(-)
> >
> > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> > index d6e1a9bd7131..4d0d32377ba3 100644
> > --- a/block/blk-mq-sysfs.c
> > +++ b/block/blk-mq-sysfs.c
> > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
> >
> >   static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
> >   {
> > -     unsigned int i, first = 1;
> > -     ssize_t ret = 0;
> > -
> > -     for_each_cpu(i, hctx->cpumask) {
> > -             if (first)
> > -                     ret += sprintf(ret + page, "%u", i);
> > -             else
> > -                     ret += sprintf(ret + page, ", %u", i);
> > -
> > -             first = 0;
> > -     }
> > -
> > -     ret += sprintf(ret + page, "\n");
> > -     return ret;
> > +     return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
> >   }
> >
> >   static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
>
> Although this patch looks fine to me, shouldn't this attribute be
> documented under Documentation/ABI/?

That is another problem, not closely related with this buffer-overflow issue.

I suggest to fix the buffer overflow first, which is triggered from userspace.


Thanks,
Ming Lei

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores
  2019-08-16  4:17   ` Ming Lei
@ 2019-08-16  7:09     ` Greg KH
  0 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2019-08-16  7:09 UTC (permalink / raw)
  To: Ming Lei
  Cc: Bart Van Assche, Ming Lei, Jens Axboe, linux-block, stable, Mark Ray

On Fri, Aug 16, 2019 at 12:17:31PM +0800, Ming Lei wrote:
> On Fri, Aug 16, 2019 at 11:42 AM Bart Van Assche <bvanassche@acm.org> wrote:
> >
> > On 8/15/19 7:54 PM, Ming Lei wrote:
> > > It is reported that sysfs buffer overflow can be triggered in case
> > > of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> > > blk_mq_hw_sysfs_cpus_show().
> > >
> > > So use cpumap_print_to_pagebuf() to print the info and fix the potential
> > > buffer overflow issue.
> > >
> > > Cc: stable@vger.kernel.org
> > > Cc: Mark Ray <mark.ray@hpe.com>
> > > Cc: Greg KH <gregkh@linuxfoundation.org>
> > > Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> > > Signed-off-by: Ming Lei <ming.lei@redhat.com>
> > > ---
> > >   block/blk-mq-sysfs.c | 15 +--------------
> > >   1 file changed, 1 insertion(+), 14 deletions(-)
> > >
> > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> > > index d6e1a9bd7131..4d0d32377ba3 100644
> > > --- a/block/blk-mq-sysfs.c
> > > +++ b/block/blk-mq-sysfs.c
> > > @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
> > >
> > >   static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
> > >   {
> > > -     unsigned int i, first = 1;
> > > -     ssize_t ret = 0;
> > > -
> > > -     for_each_cpu(i, hctx->cpumask) {
> > > -             if (first)
> > > -                     ret += sprintf(ret + page, "%u", i);
> > > -             else
> > > -                     ret += sprintf(ret + page, ", %u", i);
> > > -
> > > -             first = 0;
> > > -     }
> > > -
> > > -     ret += sprintf(ret + page, "\n");
> > > -     return ret;
> > > +     return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
> > >   }
> > >
> > >   static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
> >
> > Although this patch looks fine to me, shouldn't this attribute be
> > documented under Documentation/ABI/?
> 
> That is another problem, not closely related with this buffer-overflow issue.
> 
> I suggest to fix the buffer overflow first, which is triggered from userspace.

I suggest you just delete this whole sysfs attribute, which will solve
the buffer overflow, as no one should be using it and it is incorrect to
have.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores
  2019-08-16  2:54 [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores Ming Lei
  2019-08-16  3:39 ` Bart Van Assche
@ 2019-08-16  7:09 ` Greg KH
  2019-08-19  6:12 ` Hannes Reinecke
  2 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2019-08-16  7:09 UTC (permalink / raw)
  To: Ming Lei; +Cc: Jens Axboe, linux-block, stable, Mark Ray

On Fri, Aug 16, 2019 at 10:54:17AM +0800, Ming Lei wrote:
> It is reported that sysfs buffer overflow can be triggered in case
> of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> blk_mq_hw_sysfs_cpus_show().
> 
> So use cpumap_print_to_pagebuf() to print the info and fix the potential
> buffer overflow issue.
> 
> Cc: stable@vger.kernel.org
> Cc: Mark Ray <mark.ray@hpe.com>
> Cc: Greg KH <gregkh@linuxfoundation.org>
> Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> Signed-off-by: Ming Lei <ming.lei@redhat.com>
> ---
>  block/blk-mq-sysfs.c | 15 +--------------
>  1 file changed, 1 insertion(+), 14 deletions(-)

No list of what changed from v1 under here?

Anyway, no, just delete the attribute please.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores
  2019-08-16  2:54 [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores Ming Lei
  2019-08-16  3:39 ` Bart Van Assche
  2019-08-16  7:09 ` Greg KH
@ 2019-08-19  6:12 ` Hannes Reinecke
  2 siblings, 0 replies; 6+ messages in thread
From: Hannes Reinecke @ 2019-08-19  6:12 UTC (permalink / raw)
  To: Ming Lei, Jens Axboe; +Cc: linux-block, stable, Mark Ray, Greg KH

On 8/16/19 4:54 AM, Ming Lei wrote:
> It is reported that sysfs buffer overflow can be triggered in case
> of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in
> blk_mq_hw_sysfs_cpus_show().
> 
> So use cpumap_print_to_pagebuf() to print the info and fix the potential
> buffer overflow issue.
> 
> Cc: stable@vger.kernel.org
> Cc: Mark Ray <mark.ray@hpe.com>
> Cc: Greg KH <gregkh@linuxfoundation.org>
> Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> Signed-off-by: Ming Lei <ming.lei@redhat.com>
> ---
>  block/blk-mq-sysfs.c | 15 +--------------
>  1 file changed, 1 insertion(+), 14 deletions(-)
> 
> diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> index d6e1a9bd7131..4d0d32377ba3 100644
> --- a/block/blk-mq-sysfs.c
> +++ b/block/blk-mq-sysfs.c
> @@ -166,20 +166,7 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx,
>  
>  static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page)
>  {
> -	unsigned int i, first = 1;
> -	ssize_t ret = 0;
> -
> -	for_each_cpu(i, hctx->cpumask) {
> -		if (first)
> -			ret += sprintf(ret + page, "%u", i);
> -		else
> -			ret += sprintf(ret + page, ", %u", i);
> -
> -		first = 0;
> -	}
> -
> -	ret += sprintf(ret + page, "\n");
> -	return ret;
> +	return cpumap_print_to_pagebuf(true, page, hctx->cpumask);
>  }
>  
>  static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = {
> 
Reviewed-by: Hannes Reinecke <hare@suse.com>

And maybe you should send a update to the kABI documentation to keep
Greg KH happy :-)

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		   Teamlead Storage & Networking
hare@suse.de			               +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah
HRB 21284 (AG Nürnberg)

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-16  2:54 [PATCH V2] blk-mq: avoid sysfs buffer overflow by too many CPU cores Ming Lei
2019-08-16  3:39 ` Bart Van Assche
2019-08-16  4:17   ` Ming Lei
2019-08-16  7:09     ` Greg KH
2019-08-16  7:09 ` Greg KH
2019-08-19  6:12 ` Hannes Reinecke

Linux-Block Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-block/0 linux-block/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-block linux-block/ https://lore.kernel.org/linux-block \
		linux-block@vger.kernel.org linux-block@archiver.kernel.org
	public-inbox-index linux-block


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-block


AGPL code for this site: git clone https://public-inbox.org/ public-inbox