From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
To: Peter Zijlstra <peterz@infradead.org>,
linux-kernel@vger.kernel.org, Li Zefan <lizefan@huawei.com>,
Johannes Weiner <hannes@cmpxchg.org>, Tejun Heo <tj@kernel.org>,
cgroups@vger.kernel.org, Ingo Molnar <mingo@redhat.com>
Subject: [PATCH] sched/core: check format and overflows in cgroup2 cpu.max
Date: Wed, 27 Feb 2019 11:13:21 +0300 [thread overview]
Message-ID: <155125520155.293746.7017401430432481979.stgit@buzz> (raw)
Cgroup2 interface for cpu bandwidth limit has some flaws:
- on stack buffer overflow
- no checks for valid format or trailing garbage
- no checks for integer overflows
This patch fixes all these flaws.
Fixes: 0d5936344f30 ("sched: Implement interface for cgroup unified hierarchy")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
---
kernel/sched/core.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 5f46aa335b28..123b1910bc2e 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -6947,19 +6947,34 @@ static int __maybe_unused cpu_period_quota_parse(char *buf,
u64 *periodp, u64 *quotap)
{
char tok[21]; /* U64_MAX */
+ int ret, len;
- if (!sscanf(buf, "%s %llu", tok, periodp))
+ if (sscanf(buf, "%20s %n", tok, &len) != 1)
return -EINVAL;
- *periodp *= NSEC_PER_USEC;
-
- if (sscanf(tok, "%llu", quotap))
- *quotap *= NSEC_PER_USEC;
- else if (!strcmp(tok, "max"))
+ ret = kstrtou64(tok, 10, quotap);
+ if (ret) {
+ if (strcmp(tok, "max"))
+ return ret;
*quotap = RUNTIME_INF;
- else
+ } else if (*quotap <= U64_MAX / NSEC_PER_USEC) {
+ *quotap *= NSEC_PER_USEC;
+ } else
return -EINVAL;
+ buf += len;
+ if (*buf) {
+ if (sscanf(buf, "%20s %n", tok, &len) != 1 || buf[len])
+ return -EINVAL;
+ ret = kstrtou64(tok, 10, periodp);
+ if (ret)
+ return ret;
+ if (*periodp > U64_MAX / NSEC_PER_USEC)
+ return -EINVAL;
+ }
+
+ *periodp *= NSEC_PER_USEC;
+
return 0;
}
next reply other threads:[~2019-02-27 8:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-27 8:13 Konstantin Khlebnikov [this message]
2019-03-05 15:57 ` [PATCH] sched/core: check format and overflows in cgroup2 cpu.max Tejun Heo
2019-03-05 17:03 ` Konstantin Khlebnikov
2019-03-06 16:11 ` Tejun Heo
2019-03-06 16:48 ` Peter Zijlstra
2019-03-06 17:21 ` Konstantin Khlebnikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=155125520155.293746.7017401430432481979.stgit@buzz \
--to=khlebnikov@yandex-team.ru \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).