lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Feb 2019 11:05:44 +0300
From:   Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
To:     Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org,
        linux-block@...r.kernel.org, Li Zefan <lizefan@...wei.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Tejun Heo <tj@...nel.org>, cgroups@...r.kernel.org
Subject: [PATCH] blk-throttle: verify format of bandwidth limit and detect
 overflows

Unlike to memory cgroup blkio throttler does not support value suffixes.

It silently ignores everything after last digit. For example this command
will set rate limit 1 byte per second rather than 1 megabyte per second:

# echo "7:0 1M" > blkio.throttle.read_bps_device
# cat blkio.throttle.read_bps_device
7:0 1

Cgroup2 interface has the same flaw:

# echo "7:0 rbps=1M" > io.max
# cat io.max
7:0 rbps=1 wbps=max riops=max wiops=max

Also sscanf does not care much about overflows.

This patch uses modern function kstrtou64 for parsing.
It rejects trailing garbage and detects integer overflows.

Also this patch handles iops limit overflows for cgroup-v1 in the same as
cgroup-v2: limits >= UINT_MAX becomes unlimited.

Fixes: 2ee867dcfa2e ("blkcg: implement interface for the unified hierarchy")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
---
 block/blk-throttle.c |   40 ++++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index 1b97a73d2fb1..ce00060b3a48 100644
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -1433,8 +1433,10 @@ static ssize_t tg_set_conf(struct kernfs_open_file *of,
 	if (ret)
 		return ret;
 
-	ret = -EINVAL;
-	if (sscanf(ctx.body, "%llu", &v) != 1)
+	/* remove trailing spaces, kstrto* are strict about them */
+	ctx.body = strim(ctx.body);
+	ret = kstrtou64(ctx.body, 10, &v);
+	if (ret)
 		goto out_finish;
 	if (!v)
 		v = U64_MAX;
@@ -1444,7 +1446,8 @@ static ssize_t tg_set_conf(struct kernfs_open_file *of,
 	if (is_u64)
 		*(u64 *)((void *)tg + of_cft(of)->private) = v;
 	else
-		*(unsigned int *)((void *)tg + of_cft(of)->private) = v;
+		*(unsigned int *)((void *)tg + of_cft(of)->private) =
+							min_t(u64, v, UINT_MAX);
 
 	tg_conf_updated(tg, false);
 	ret = 0;
@@ -1609,23 +1612,25 @@ static ssize_t tg_set_limit(struct kernfs_open_file *of,
 	idle_time = tg->idletime_threshold_conf;
 	latency_time = tg->latency_target_conf;
 	while (true) {
-		char tok[27];	/* wiops=18446744073709551616 */
-		char *p;
-		u64 val = U64_MAX;
-		int len;
-
-		if (sscanf(ctx.body, "%26s%n", tok, &len) != 1)
-			break;
-		if (tok[0] == '\0')
-			break;
-		ctx.body += len;
+		char tok[8];	/* "latency" */
+		char buf[21];	/* U64_MAX */
+		int end;
+		u64 val;
 
 		ret = -EINVAL;
-		p = tok;
-		strsep(&p, "=");
-		if (!p || (sscanf(p, "%llu", &val) != 1 && strcmp(p, "max")))
+		if (sscanf(ctx.body, "%7[^=]=%20s %n", tok, buf, &end) != 2)
 			goto out_finish;
 
+		/* skip this field and trailing spaces */
+		ctx.body += end;
+
+		ret = kstrtou64(buf, 10, &val);
+		if (ret) {
+			if (strcmp(buf, "max"))
+				goto out_finish;
+			val = U64_MAX;
+		}
+
 		ret = -ERANGE;
 		if (!val)
 			goto out_finish;
@@ -1645,6 +1650,9 @@ static ssize_t tg_set_limit(struct kernfs_open_file *of,
 			latency_time = val;
 		else
 			goto out_finish;
+
+		if (!*ctx.body)
+			break;
 	}
 
 	tg->bps_conf[READ][index] = v[0];

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ