| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a7c80676-0761-4618-ac07-0b53434b1a9b@intel.com>
Date: Tue, 24 Sep 2024 10:46:10 -0700
From: Reinette Chatre <reinette.chatre@...el.com>
To: Martin Kletzander <nert.pinx@...il.com>, Fenghua Yu
<fenghua.yu@...el.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar
<mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
<dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin"
<hpa@...or.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3] x86/resctrl: Avoid overflow in MB settings in
bw_validate()
Hi Martin,
On 9/24/24 1:53 AM, Martin Kletzander wrote:
> The memory bandwidth value was parsed as unsigned long, but later on
> rounded up and stored in u32. That could result in an overflow,
> especially if resctrl is mounted with the "mba_MBps" option.
>
> Switch the variable right to u32 and parse it as such.
>
> Since the granularity and minimum bandwidth are not used when the
> software controller is used (resctrl is mounted with the "mba_MBps"),
> skip the rounding up as well and return early from bw_validate().
Since this patch will flow via the tip tree the changelog needs
to meet the requirements documented in Documentation/process/maintainer-tip.rst
Here is an example how the changelog can be when taking into account
that context, problem, solution needs to be clearly separated with
everything written in imperative mood:
The resctrl schemata file supports specifying memory bandwidth
associated with the Memory Bandwidth Allocation (MBA) feature
via a percentage (this is the default) or bandwidth in MiBps
(when resctrl is mounted with the "mba_MBps" option). The allowed
range for the bandwidth percentage is from
/sys/fs/resctrl/info/MB/min_bandwidth to 100, using a granularity
of /sys/fs/resctrl/info/MB/bandwidth_gran. The supported range for
the MiBps bandwidth is 0 to U32_MAX.
There are two issues with parsing of MiBps memory bandwidth:
* The user provided MiBps is mistakenly round up to the granularity
that is unique to percentage input.
* The user provided MiBps is parsed using unsigned long (thus accepting
values up to ULONG_MAX), and then assigned to u32 that could result in
overflow.
Do not round up the MiBps value and parse user provided bandwidth as
the u32 it is intended to be. Use the appropriate kstrtou32() that
can detect out of range values.
This needs "Fixes" tags. Looks like the following are appropriate:
Fixes: 8205a078ba78 ("x86/intel_rdt/mba_sc: Add schemata support")
Fixes: 6ce1560d35f6 ("x86/resctrl: Switch over to the resctrl mbps_val list")
> Signed-off-by: Martin Kletzander <nert.pinx@...il.com>
> Co-developed-by: Reinette Chatre <reinette.chatre@...el.com>
> Signed-off-by: Reinette Chatre <reinette.chatre@...el.com>
Please place your SoB at the end. For details about tag ordering
you can refer to section "Ordering of commit tags" in
Documentation/process/maintainer-tip.rst
> arch/x86/kernel/cpu/resctrl/ctrlmondata.c | 19 ++++++++++++-------
> 1 file changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/resctrl/ctrlmondata.c b/arch/x86/kernel/cpu/resctrl/ctrlmondata.c
> index 50fa1fe9a073..53defc5a6784 100644
> --- a/arch/x86/kernel/cpu/resctrl/ctrlmondata.c
> +++ b/arch/x86/kernel/cpu/resctrl/ctrlmondata.c
> @@ -29,10 +29,10 @@
> * hardware. The allocated bandwidth percentage is rounded to the next
> * control step available on the hardware.
> */
> -static bool bw_validate(char *buf, unsigned long *data, struct rdt_resource *r)
> +static bool bw_validate(char *buf, u32 *data, struct rdt_resource *r)
> {
> - unsigned long bw;
> int ret;
> + u32 bw;
>
> /*
> * Only linear delay values is supported for current Intel SKUs.
> @@ -42,14 +42,19 @@ static bool bw_validate(char *buf, unsigned long *data, struct rdt_resource *r)
> return false;
> }
>
> - ret = kstrtoul(buf, 10, &bw);
> + ret = kstrtou32(buf, 10, &bw);
> if (ret) {
> - rdt_last_cmd_printf("Non-decimal digit in MB value %s\n", buf);
> + rdt_last_cmd_printf("Invalid MB value %s\n", buf);
> return false;
> }
>
> - if ((bw < r->membw.min_bw || bw > r->default_ctrl) &&
> - !is_mba_sc(r)) {
> + /* Nothing else to do if software controller is enabled. */
> + if (is_mba_sc(r)) {
> + *data = bw;
> + return true;
> + }
> +
> + if (bw < r->membw.min_bw || bw > r->default_ctrl) {
> rdt_last_cmd_printf("MB value %ld out of range [%d,%d]\n", bw,
> r->membw.min_bw, r->default_ctrl);
By now you may have noticed the lkp report [1] catching an issue with my
code snippet. Could you please take a look? Seems that %u would be appropriate.
> return false;
> @@ -65,7 +70,7 @@ int parse_bw(struct rdt_parse_data *data, struct resctrl_schema *s,
> struct resctrl_staged_config *cfg;
> u32 closid = data->rdtgrp->closid;
> struct rdt_resource *r = s->res;
> - unsigned long bw_val;
> + u32 bw_val;
>
> cfg = &d->staged_config[s->conf_type];
> if (cfg->have_new_ctrl) {
Reinette
[1] https://lore.kernel.org/all/202409250046.1Kk0NXVZ-lkp@intel.com/
Powered by blists - more mailing lists