lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ef0f23d0-456a-70b0-1ef9-2615a5528278@iogearbox.net>
Date:   Wed, 22 Sep 2021 23:22:48 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Muhammad Falak R Wani <falakreyaz@...il.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>
Cc:     Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>,
        Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 bpf-next] libbpf: Use sysconf to simplify
 libbpf_num_possible_cpus

On 9/22/21 9:07 AM, Muhammad Falak R Wani wrote:
> Simplify libbpf_num_possible_cpus by using sysconf(_SC_NPROCESSORS_CONF)
> instead of parsing a file.
> This patch is a part ([0]) of libbpf-1.0 milestone.
> 
> [0] Closes: https://github.com/libbpf/libbpf/issues/383
> 
> Signed-off-by: Muhammad Falak R Wani <falakreyaz@...il.com>
> ---
>   tools/lib/bpf/libbpf.c | 17 ++++-------------
>   1 file changed, 4 insertions(+), 13 deletions(-)
> 
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index ef5db34bf913..f1c0abe5b58d 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -10898,25 +10898,16 @@ int parse_cpu_mask_file(const char *fcpu, bool **mask, int *mask_sz)
>   
>   int libbpf_num_possible_cpus(void)
>   {
> -	static const char *fcpu = "/sys/devices/system/cpu/possible";
>   	static int cpus;
> -	int err, n, i, tmp_cpus;
> -	bool *mask;
> +	int tmp_cpus;
>   
>   	tmp_cpus = READ_ONCE(cpus);
>   	if (tmp_cpus > 0)
>   		return tmp_cpus;
>   
> -	err = parse_cpu_mask_file(fcpu, &mask, &n);
> -	if (err)
> -		return libbpf_err(err);
> -
> -	tmp_cpus = 0;
> -	for (i = 0; i < n; i++) {
> -		if (mask[i])
> -			tmp_cpus++;
> -	}
> -	free(mask);
> +	tmp_cpus = sysconf(_SC_NPROCESSORS_CONF);
> +	if (tmp_cpus < 1)
> +		return libbpf_err(-EINVAL);

This approach is unfortunately broken, see also commit e00c7b216f34 ("bpf: fix
multiple issues in selftest suite and samples") for more details:

     3) Current selftest suite code relies on sysconf(_SC_NPROCESSORS_CONF) for
        retrieving the number of possible CPUs. This is broken at least in our
        scenario and really just doesn't work.

        glibc tries a number of things for retrieving _SC_NPROCESSORS_CONF.
        First it tries equivalent of /sys/devices/system/cpu/cpu[0-9]* | wc -l,
        if that fails, depending on the config, it either tries to count CPUs
        in /proc/cpuinfo, or returns the _SC_NPROCESSORS_ONLN value instead.
        If /proc/cpuinfo has some issue, it returns just 1 worst case. This
        oddity is nothing new [1], but semantics/behaviour seems to be settled.
        _SC_NPROCESSORS_ONLN will parse /sys/devices/system/cpu/online, if
        that fails it looks into /proc/stat for cpuX entries, and if also that
        fails for some reason, /proc/cpuinfo is consulted (and returning 1 if
        unlikely all breaks down).

        While that might match num_possible_cpus() from the kernel in some
        cases, it's really not guaranteed with CPU hotplugging, and can result
        in a buffer overflow since the array in user space could have too few
        number of slots, and on perpcu map lookup, the kernel will write beyond
        that memory of the value buffer.

        William Tu reported such mismatches:

          [...] The fact that sysconf(_SC_NPROCESSORS_CONF) != num_possible_cpu()
          happens when CPU hotadd is enabled. For example, in Fusion when
          setting vcpu.hotadd = "TRUE" or in KVM, setting ./qemu-system-x86_64
          -smp 2, maxcpus=4 ... the num_possible_cpu() will be 4 and sysconf()
          will be 2 [2]. [...]

        Documentation/cputopology.txt says /sys/devices/system/cpu/possible
        outputs cpu_possible_mask. That is the same as in num_possible_cpus(),
        so first step would be to fix the _SC_NPROCESSORS_CONF calls with our
        own implementation. Later, we could add support to bpf(2) for passing
        a mask via CPU_SET(3), for example, to just select a subset of CPUs.

        BPF samples code needs this fix as well (at least so that people stop
        copying this). Thus, define bpf_num_possible_cpus() once in selftests
        and import it from there for the sample code to avoid duplicating it.
        The remaining sysconf(_SC_NPROCESSORS_CONF) in samples are unrelated.

Thanks,
Daniel

>   	WRITE_ONCE(cpus, tmp_cpus);
>   	return tmp_cpus;
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ