[1/1] eal/linux: reject mountpt shorter than --huge-dir
Checks
Commit Message
The code added for allowing --huge-dir to specify hugetlbfs
sub-directories has a bug where it incorrectly matches mounts that
contain a prefix of the specified --huge-dir.
Consider --huge-dir=/dev/hugepages1G is passed to rte_eal_init. Given
the following hugetlbfs mounts
$ mount | grep hugetlbfs
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
hugetlbfs on /dev/hugepages1G type hugetlbfs (rw,relatime,pagesize=1024M)
hugetlbfs on /mnt/huge type hugetlbfs (rw,relatime,pagesize=2M)
get_hugepage_dir is first called with hugepage_sz=2097152. While
iterating over all mount points, /dev/hugepages is incorrectly
determined to be a match because it's a prefix of --huge-dir. The caller
then obtains an exclusive lock on --huge-dir.
In the next call to get_hugepage_dir, hugepage_sz=1073741824. This call
correctly determines /dev/hugepages1G is a match. The caller again
attempts to obtain an exclusive lock on --huge-dir and deadlocks because
it's already holding a lock.
This has been corrected by rejecting the mount point being considered if
its length is smaller than the specified --huge-dir.
Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
Cc: john.levon@nutanix.com
Cc: stable@dpdk.org
---
lib/eal/linux/eal_hugepage_info.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
Comments
Please ignore this patch, I'll submit an updated one. I somehow managed to
only execute a subset of the fast-tests suite initially and didn't run
eal_flags_misc_autotest at all. Now I see that my proposed fix is flawed, I
will submit another try soon.
Sorry for the noise
On Tue, Jan 3, 2023 at 11:57 AM Ashish Sadanandan <
ashish.sadanandan@gmail.com> wrote:
> The code added for allowing --huge-dir to specify hugetlbfs
> sub-directories has a bug where it incorrectly matches mounts that
> contain a prefix of the specified --huge-dir.
>
> Consider --huge-dir=/dev/hugepages1G is passed to rte_eal_init. Given
> the following hugetlbfs mounts
>
> $ mount | grep hugetlbfs
> hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
> hugetlbfs on /dev/hugepages1G type hugetlbfs (rw,relatime,pagesize=1024M)
> hugetlbfs on /mnt/huge type hugetlbfs (rw,relatime,pagesize=2M)
>
> get_hugepage_dir is first called with hugepage_sz=2097152. While
> iterating over all mount points, /dev/hugepages is incorrectly
> determined to be a match because it's a prefix of --huge-dir. The caller
> then obtains an exclusive lock on --huge-dir.
>
> In the next call to get_hugepage_dir, hugepage_sz=1073741824. This call
> correctly determines /dev/hugepages1G is a match. The caller again
> attempts to obtain an exclusive lock on --huge-dir and deadlocks because
> it's already holding a lock.
>
> This has been corrected by rejecting the mount point being considered if
> its length is smaller than the specified --huge-dir.
>
> Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
> Cc: john.levon@nutanix.com
> Cc: stable@dpdk.org
> ---
> lib/eal/linux/eal_hugepage_info.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/lib/eal/linux/eal_hugepage_info.c
> b/lib/eal/linux/eal_hugepage_info.c
> index a1b6cb31ff..fcc3d82fdf 100644
> --- a/lib/eal/linux/eal_hugepage_info.c
> +++ b/lib/eal/linux/eal_hugepage_info.c
> @@ -269,16 +269,19 @@ get_hugepage_dir(uint64_t hugepage_sz, char
> *hugedir, int len)
> * Ignore any mount that doesn't contain the --huge-dir
> * directory.
> */
> - if (strncmp(internal_conf->hugepage_dir, splitstr[MOUNTPT],
> - strlen(splitstr[MOUNTPT])) != 0) {
> + size_t mountpt_len = strlen(splitstr[MOUNTPT]);
> +
> + if (strlen(internal_conf->hugepage_dir) > mountpt_len)
> + continue;
> + else if (strncmp(internal_conf->hugepage_dir,
> splitstr[MOUNTPT],
> + mountpt_len) != 0)
> continue;
> - }
>
> /*
> * We found a match, but only prefer it if it's a longer
> match
> * (so /mnt/1 is preferred over /mnt for matching
> /mnt/1/2)).
> */
> - if (strlen(splitstr[MOUNTPT]) > strlen(found))
> + if (mountpt_len > strlen(found))
> strlcpy(found, splitstr[MOUNTPT], len);
> } /* end while fgets */
>
> --
> 2.27.0
>
>
@@ -269,16 +269,19 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir, int len)
* Ignore any mount that doesn't contain the --huge-dir
* directory.
*/
- if (strncmp(internal_conf->hugepage_dir, splitstr[MOUNTPT],
- strlen(splitstr[MOUNTPT])) != 0) {
+ size_t mountpt_len = strlen(splitstr[MOUNTPT]);
+
+ if (strlen(internal_conf->hugepage_dir) > mountpt_len)
+ continue;
+ else if (strncmp(internal_conf->hugepage_dir, splitstr[MOUNTPT],
+ mountpt_len) != 0)
continue;
- }
/*
* We found a match, but only prefer it if it's a longer match
* (so /mnt/1 is preferred over /mnt for matching /mnt/1/2)).
*/
- if (strlen(splitstr[MOUNTPT]) > strlen(found))
+ if (mountpt_len > strlen(found))
strlcpy(found, splitstr[MOUNTPT], len);
} /* end while fgets */