lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YtFyaMWfYtjrsrSI@yury-laptop>
Date:   Fri, 15 Jul 2022 06:58:00 -0700
From:   Yury Norov <yury.norov@...il.com>
To:     Phil Auld <pauld@...hat.com>
Cc:     linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Rafael J . Wysocki" <rafael@...nel.org>,
        Barry Song <21cnbao@...il.com>,
        Tian Tao <tiantao6@...ilicon.com>, stable@...r.kernel.org
Subject: Re: [PATCH v5] drivers/base: fix userspace break from using
 bin_attributes for cpumap and cpulist

On Fri, Jul 15, 2022 at 09:49:24AM -0400, Phil Auld wrote:
> Using bin_attributes with a 0 size causes fstat and friends to return that
> 0 size. This breaks userspace code that retrieves the size before reading
> the file. Rather than reverting 75bd50fa841 ("drivers/base/node.c: use
> bin_attribute to break the size limitation of cpumap ABI") let's put in a
> size value at compile time.
> 
> For cpulist the maximum size is on the order of
> 	NR_CPUS * (ceil(log10(NR_CPUS)) + 1)/2
> 
> which for 8192 is 20480 (8192 * 5)/2. In order to get near that you'd need
> a system with every other CPU on one node. For example: (0,2,4,8, ... ).
> To simplify the math and support larger NR_CPUS in the future we are using
> (NR_CPUS * 7)/2. We also set it to a min of PAGE_SIZE to retain the older
> behavior for smaller NR_CPUS.
> 
> The cpumap file the size works out to be NR_CPUS/4 + NR_CPUS/32 - 1
> (or NR_CPUS * 9/32 - 1) including the ","s.
> 
> Add a set of macros for these values to cpumask.h so they can be used in
> multiple places. Apply these to the handful of such files in
> drivers/base/topology.c as well as node.c.
> 
> As an example, on an 80 cpu 4-node system (NR_CPUS == 8192):
> 
> before:
> 
> -r--r--r--. 1 root root 0 Jul 12 14:08 system/node/node0/cpulist
> -r--r--r--. 1 root root 0 Jul 11 17:25 system/node/node0/cpumap
> 
> after:
> 
> -r--r--r--. 1 root root 28672 Jul 13 11:32 system/node/node0/cpulist
> -r--r--r--. 1 root root  4096 Jul 13 11:31 system/node/node0/cpumap
> 
> CONFIG_NR_CPUS = 16384
> -r--r--r--. 1 root root 57344 Jul 13 14:03 system/node/node0/cpulist
> -r--r--r--. 1 root root  4607 Jul 13 14:02 system/node/node0/cpumap
> 
> The actual number of cpus doesn't matter for the reported size since they
> are based on NR_CPUS.
> 
> Fixes: 75bd50fa841 ("drivers/base/node.c: use bin_attribute to break the size limitation of cpumap ABI")
> Fixes: bb9ec13d156 ("topology: use bin_attribute to break the size limitation of cpumap ABI")
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: "Rafael J. Wysocki" <rafael@...nel.org>
> Cc: Yury Norov <yury.norov@...il.com>
> Cc: stable@...r.kernel.org
> Signed-off-by: Phil Auld <pauld@...hat.com>

Acked-by: Yury Norov <yury.norov@...il.com> (for include/linux/cpumask.h)

> ---
> v2: Fix cpumap size calculation. Increase multiplier for cpulist size.
> 
> v3: Add comments in code.
> 
> v4: Define constants in cpumask.h. Move comments there. Also fix
> topology.c.
> 
> v5: Fixed math based on Yury's corrections.
> 
>  drivers/base/node.c     |  4 ++--
>  drivers/base/topology.c | 32 ++++++++++++++++----------------
>  include/linux/cpumask.h | 18 ++++++++++++++++++
>  3 files changed, 36 insertions(+), 18 deletions(-)
> 
> diff --git a/drivers/base/node.c b/drivers/base/node.c
> index 0ac6376ef7a1..eb0f43784c2b 100644
> --- a/drivers/base/node.c
> +++ b/drivers/base/node.c
> @@ -45,7 +45,7 @@ static inline ssize_t cpumap_read(struct file *file, struct kobject *kobj,
>  	return n;
>  }
>  
> -static BIN_ATTR_RO(cpumap, 0);
> +static BIN_ATTR_RO(cpumap, CPUMAP_FILE_MAX_BYTES);
>  
>  static inline ssize_t cpulist_read(struct file *file, struct kobject *kobj,
>  				   struct bin_attribute *attr, char *buf,
> @@ -66,7 +66,7 @@ static inline ssize_t cpulist_read(struct file *file, struct kobject *kobj,
>  	return n;
>  }
>  
> -static BIN_ATTR_RO(cpulist, 0);
> +static BIN_ATTR_RO(cpulist, CPULIST_FILE_MAX_BYTES);
>  
>  /**
>   * struct node_access_nodes - Access class device to hold user visible
> diff --git a/drivers/base/topology.c b/drivers/base/topology.c
> index ac6ad9ab67f9..89f98be5c5b9 100644
> --- a/drivers/base/topology.c
> +++ b/drivers/base/topology.c
> @@ -62,47 +62,47 @@ define_id_show_func(ppin, "0x%llx");
>  static DEVICE_ATTR_ADMIN_RO(ppin);
>  
>  define_siblings_read_func(thread_siblings, sibling_cpumask);
> -static BIN_ATTR_RO(thread_siblings, 0);
> -static BIN_ATTR_RO(thread_siblings_list, 0);
> +static BIN_ATTR_RO(thread_siblings, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(thread_siblings_list, CPULIST_FILE_MAX_BYTES);
>  
>  define_siblings_read_func(core_cpus, sibling_cpumask);
> -static BIN_ATTR_RO(core_cpus, 0);
> -static BIN_ATTR_RO(core_cpus_list, 0);
> +static BIN_ATTR_RO(core_cpus, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(core_cpus_list, CPULIST_FILE_MAX_BYTES);
>  
>  define_siblings_read_func(core_siblings, core_cpumask);
> -static BIN_ATTR_RO(core_siblings, 0);
> -static BIN_ATTR_RO(core_siblings_list, 0);
> +static BIN_ATTR_RO(core_siblings, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(core_siblings_list, CPULIST_FILE_MAX_BYTES);
>  
>  #ifdef TOPOLOGY_CLUSTER_SYSFS
>  define_siblings_read_func(cluster_cpus, cluster_cpumask);
> -static BIN_ATTR_RO(cluster_cpus, 0);
> -static BIN_ATTR_RO(cluster_cpus_list, 0);
> +static BIN_ATTR_RO(cluster_cpus, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(cluster_cpus_list, CPULIST_FILE_MAX_BYTES);
>  #endif
>  
>  #ifdef TOPOLOGY_DIE_SYSFS
>  define_siblings_read_func(die_cpus, die_cpumask);
> -static BIN_ATTR_RO(die_cpus, 0);
> -static BIN_ATTR_RO(die_cpus_list, 0);
> +static BIN_ATTR_RO(die_cpus, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(die_cpus_list, CPULIST_FILE_MAX_BYTES);
>  #endif
>  
>  define_siblings_read_func(package_cpus, core_cpumask);
> -static BIN_ATTR_RO(package_cpus, 0);
> -static BIN_ATTR_RO(package_cpus_list, 0);
> +static BIN_ATTR_RO(package_cpus, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(package_cpus_list, CPULIST_FILE_MAX_BYTES);
>  
>  #ifdef TOPOLOGY_BOOK_SYSFS
>  define_id_show_func(book_id, "%d");
>  static DEVICE_ATTR_RO(book_id);
>  define_siblings_read_func(book_siblings, book_cpumask);
> -static BIN_ATTR_RO(book_siblings, 0);
> -static BIN_ATTR_RO(book_siblings_list, 0);
> +static BIN_ATTR_RO(book_siblings, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(book_siblings_list, CPULIST_FILE_MAX_BYTES);
>  #endif
>  
>  #ifdef TOPOLOGY_DRAWER_SYSFS
>  define_id_show_func(drawer_id, "%d");
>  static DEVICE_ATTR_RO(drawer_id);
>  define_siblings_read_func(drawer_siblings, drawer_cpumask);
> -static BIN_ATTR_RO(drawer_siblings, 0);
> -static BIN_ATTR_RO(drawer_siblings_list, 0);
> +static BIN_ATTR_RO(drawer_siblings, CPUMAP_FILE_MAX_BYTES);
> +static BIN_ATTR_RO(drawer_siblings_list, CPULIST_FILE_MAX_BYTES);
>  #endif
>  
>  static struct bin_attribute *bin_attrs[] = {
> diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
> index fe29ac7cc469..4592d0845941 100644
> --- a/include/linux/cpumask.h
> +++ b/include/linux/cpumask.h
> @@ -1071,4 +1071,22 @@ cpumap_print_list_to_buf(char *buf, const struct cpumask *mask,
>  	[0] =  1UL							\
>  } }
>  
> +/*
> + * Provide a valid theoretical max size for cpumap and cpulist sysfs files
> + * to avoid breaking userspace which may allocate a buffer based on the size
> + * reported by e.g. fstat.
> + *
> + * for cpumap NR_CPUS * 9/32 - 1 should be an exact length.
> + *
> + * For cpulist 7 is (ceil(log10(NR_CPUS)) + 1) allowing for NR_CPUS to be up
> + * to 2 orders of magnitude larger than 8192. And then we divide by 2 to
> + * cover a worst-case of every other cpu being on one of two nodes for a
> + * very large NR_CPUS.
> + *
> + *  Use PAGE_SIZE as a minimum for smaller configurations.
> + */
> +#define CPUMAP_FILE_MAX_BYTES  ((((NR_CPUS * 9)/32 - 1) > PAGE_SIZE) \
> +					? (NR_CPUS * 9)/32 - 1 : PAGE_SIZE)
> +#define CPULIST_FILE_MAX_BYTES  (((NR_CPUS * 7)/2 > PAGE_SIZE) ? (NR_CPUS * 7)/2 : PAGE_SIZE)
> +
>  #endif /* __LINUX_CPUMASK_H */
> -- 
> 2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ