It is reported that sysfs buffer overflow can be triggered in case of too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs in one hctx.
So use snprintf for avoiding the potential buffer overflow. Cc: [email protected] Cc: Mark Ray <[email protected]> Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") Signed-off-by: Ming Lei <[email protected]> --- block/blk-mq-sysfs.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c index d6e1a9bd7131..e75f41a98415 100644 --- a/block/blk-mq-sysfs.c +++ b/block/blk-mq-sysfs.c @@ -164,22 +164,28 @@ static ssize_t blk_mq_hw_sysfs_nr_reserved_tags_show(struct blk_mq_hw_ctx *hctx, return sprintf(page, "%u\n", hctx->tags->nr_reserved_tags); } +/* avoid overflow by too many CPU cores */ static ssize_t blk_mq_hw_sysfs_cpus_show(struct blk_mq_hw_ctx *hctx, char *page) { - unsigned int i, first = 1; - ssize_t ret = 0; - - for_each_cpu(i, hctx->cpumask) { - if (first) - ret += sprintf(ret + page, "%u", i); - else - ret += sprintf(ret + page, ", %u", i); - - first = 0; + unsigned int cpu = cpumask_first(hctx->cpumask); + ssize_t len = snprintf(page, PAGE_SIZE - 1, "%u", cpu); + int last_len = len; + + while ((cpu = cpumask_next(cpu, hctx->cpumask)) < nr_cpu_ids) { + int cur_len = snprintf(page + len, PAGE_SIZE - 1 - len, + ", %u", cpu); + if (cur_len >= PAGE_SIZE - 1 - len) { + len -= last_len; + len += snprintf(page + len, PAGE_SIZE - 1 - len, + "..."); + break; + } + len += cur_len; + last_len = cur_len; } - ret += sprintf(ret + page, "\n"); - return ret; + len += snprintf(page + len, PAGE_SIZE - 1 - len, "\n"); + return len; } static struct blk_mq_hw_ctx_sysfs_entry blk_mq_hw_sysfs_nr_tags = { -- 2.20.1
