lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Dec 2019 13:28:29 +0900
From:   Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@...hiba.co.jp>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Ming Lei <ming.lei@...hat.com>, Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH 4.14 204/267] blk-mq: avoid sysfs buffer overflow with
 too many CPU cores

On Mon, Dec 16, 2019 at 06:48:50PM +0100, Greg Kroah-Hartman wrote:
> From: Ming Lei <ming.lei@...hat.com>
> 
> commit 8962842ca5abdcf98e22ab3b2b45a103f0408b95 upstream.
> 
> It is reported that sysfs buffer overflow can be triggered if the system
> has too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs of
> hctx via /sys/block/$DEV/mq/$N/cpu_list.
> 
> Use snprintf to avoid the potential buffer overflow.
> 
> This version doesn't change the attribute format, and simply stops
> showing CPU numbers if the buffer is going to overflow.
> 
> Cc: stable@...r.kernel.org
> Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load")
> Signed-off-by: Ming Lei <ming.lei@...hat.com>
> Signed-off-by: Jens Axboe <axboe@...nel.dk>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> 

This commit also required following commit:

commit d2c9be89f8ebe7ebcc97676ac40f8dec1cf9b43a
Author: Ming Lei <ming.lei@...hat.com>
Date:   Mon Nov 4 16:26:53 2019 +0800

    blk-mq: make sure that line break can be printed

    8962842ca5ab ("blk-mq: avoid sysfs buffer overflow with too many CPU cores")
    avoids sysfs buffer overflow, and reserves one character for line break.
    However, the last snprintf() doesn't get correct 'size' parameter passed
    in, so fixed it.

    Fixes: 8962842ca5ab ("blk-mq: avoid sysfs buffer overflow with too many CPU cores")
    Signed-off-by: Ming Lei <ming.lei@...hat.com>
    Signed-off-by: Jens Axboe <axboe@...nel.dk>


And this is also required for 4.4, 4.9 and 4.19.
Please apply.

Best regards,
  Nobuhiro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ