[v4,1/1] eal/linux: reject mountpt not parent of --huge-dir
Checks
Commit Message
The code added for allowing --huge-dir to specify hugetlbfs
sub-directories has a bug where it incorrectly matches mounts that
contain a prefix of the specified --huge-dir.
Consider --huge-dir=/dev/hugepages1G is passed to rte_eal_init. Given
the following hugetlbfs mounts
$ mount | grep hugetlbfs
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
hugetlbfs on /dev/hugepages1G type hugetlbfs (rw,relatime,pagesize=1024M)
hugetlbfs on /mnt/huge type hugetlbfs (rw,relatime,pagesize=2M)
get_hugepage_dir is first called with hugepage_sz=2097152. While
iterating over all mount points, /dev/hugepages is incorrectly
determined to be a match because it's a prefix of --huge-dir. The caller
then obtains an exclusive lock on --huge-dir.
In the next call to get_hugepage_dir, hugepage_sz=1073741824. This call
correctly determines /dev/hugepages1G is a match. The caller again
attempts to obtain an exclusive lock on --huge-dir and deadlocks because
it's already holding a lock.
This has been corrected by ensuring any matched mount point is either an
exact match or a parent path of --huge-dir.
Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
Cc: john.levon@nutanix.com
Cc: stable@dpdk.org
Signed-off-by: Ashish Sadanandan <ashish.sadanandan@gmail.com>
---
lib/eal/linux/eal_hugepage_info.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
Comments
On Sun, Jan 08, 2023 at 06:52:39PM -0700, Ashish Sadanandan wrote:
> The code added for allowing --huge-dir to specify hugetlbfs
> sub-directories has a bug where it incorrectly matches mounts that
> contain a prefix of the specified --huge-dir.
>
> Consider --huge-dir=/dev/hugepages1G is passed to rte_eal_init. Given
> the following hugetlbfs mounts
>
> $ mount | grep hugetlbfs
> hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
> hugetlbfs on /dev/hugepages1G type hugetlbfs (rw,relatime,pagesize=1024M)
> hugetlbfs on /mnt/huge type hugetlbfs (rw,relatime,pagesize=2M)
>
> get_hugepage_dir is first called with hugepage_sz=2097152. While
> iterating over all mount points, /dev/hugepages is incorrectly
> determined to be a match because it's a prefix of --huge-dir. The caller
> then obtains an exclusive lock on --huge-dir.
>
> In the next call to get_hugepage_dir, hugepage_sz=1073741824. This call
> correctly determines /dev/hugepages1G is a match. The caller again
> attempts to obtain an exclusive lock on --huge-dir and deadlocks because
> it's already holding a lock.
>
> This has been corrected by ensuring any matched mount point is either an
> exact match or a parent path of --huge-dir.
>
> Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
> Cc: john.levon@nutanix.com
> Cc: stable@dpdk.org
> Signed-off-by: Ashish Sadanandan <ashish.sadanandan@gmail.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
thanks
john
On Wed, Jan 11, 2023 at 5:11 AM John Levon <john.levon@nutanix.com> wrote:
> On Sun, Jan 08, 2023 at 06:52:39PM -0700, Ashish Sadanandan wrote:
>
> > The code added for allowing --huge-dir to specify hugetlbfs
> > sub-directories has a bug where it incorrectly matches mounts that
> > contain a prefix of the specified --huge-dir.
> >
> > Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
> > Cc: john.levon@nutanix.com
> > Cc: stable@dpdk.org
> > Signed-off-by: Ashish Sadanandan <ashish.sadanandan@gmail.com>
>
> Reviewed-by: John Levon <john.levon@nutanix.com>
>
> thanks
> john
>
Thanks for reviewing again, John. Do I need to CC anyone else to get this
committed or any other steps I need to follow? I was hoping to get this
merged into 22.11 stable branch too.
- Ashish
On Mon, Jan 9, 2023 at 2:52 AM Ashish Sadanandan
<ashish.sadanandan@gmail.com> wrote:
>
> The code added for allowing --huge-dir to specify hugetlbfs
> sub-directories has a bug where it incorrectly matches mounts that
> contain a prefix of the specified --huge-dir.
>
> Consider --huge-dir=/dev/hugepages1G is passed to rte_eal_init. Given
> the following hugetlbfs mounts
>
> $ mount | grep hugetlbfs
> hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
> hugetlbfs on /dev/hugepages1G type hugetlbfs (rw,relatime,pagesize=1024M)
> hugetlbfs on /mnt/huge type hugetlbfs (rw,relatime,pagesize=2M)
>
> get_hugepage_dir is first called with hugepage_sz=2097152. While
> iterating over all mount points, /dev/hugepages is incorrectly
> determined to be a match because it's a prefix of --huge-dir. The caller
> then obtains an exclusive lock on --huge-dir.
>
> In the next call to get_hugepage_dir, hugepage_sz=1073741824. This call
> correctly determines /dev/hugepages1G is a match. The caller again
> attempts to obtain an exclusive lock on --huge-dir and deadlocks because
> it's already holding a lock.
>
> This has been corrected by ensuring any matched mount point is either an
> exact match or a parent path of --huge-dir.
>
> Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
> Cc: stable@dpdk.org
> Signed-off-by: Ashish Sadanandan <ashish.sadanandan@gmail.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
I got pinged by Julien who reported a similar issue.
He confirmed later that this fix works for him too.
Tested-by: Julien Meunier <julien.meunier@nokia.com>
Applied, thanks Ashish.
On Mon, Jan 16, 2023 at 7:26 PM Ashish Sadanandan
<ashish.sadanandan@gmail.com> wrote:
> On Wed, Jan 11, 2023 at 5:11 AM John Levon <john.levon@nutanix.com> wrote:
>> On Sun, Jan 08, 2023 at 06:52:39PM -0700, Ashish Sadanandan wrote:
>>
>> > The code added for allowing --huge-dir to specify hugetlbfs
>> > sub-directories has a bug where it incorrectly matches mounts that
>> > contain a prefix of the specified --huge-dir.
>> >
>> > Fixes: 24d5a1ce6b85 ("eal/linux: allow hugetlbfs sub-directories")
>> > Cc: john.levon@nutanix.com
>> > Cc: stable@dpdk.org
>> > Signed-off-by: Ashish Sadanandan <ashish.sadanandan@gmail.com>
>>
>> Reviewed-by: John Levon <john.levon@nutanix.com>
>>
>> thanks
>> john
>
>
> Thanks for reviewing again, John. Do I need to CC anyone else to get this committed or any other steps I need to follow? I was hoping to get this merged into 22.11 stable branch too.
You already did what was necessary, by putting a Fixes: tag and adding
Cc: stable@dpdk.org in the commitlog.
LTS maintainers scripts will catch this fix later, and it will likely
end up in 22.11 and 21.11 branches.
@@ -214,6 +214,8 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir, int len)
char buf[BUFSIZ];
const struct internal_config *internal_conf =
eal_get_internal_configuration();
+ const size_t hugepage_dir_len = (internal_conf->hugepage_dir != NULL) ?
+ strlen(internal_conf->hugepage_dir) : 0;
struct stat st;
/*
@@ -233,6 +235,7 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir, int len)
while (fgets(buf, sizeof(buf), fd)){
const char *pagesz_str;
+ size_t mountpt_len = 0;
if (rte_strsplit(buf, sizeof(buf), splitstr, _FIELDNAME_MAX,
split_tok) != _FIELDNAME_MAX) {
@@ -265,12 +268,16 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir, int len)
break;
}
+ mountpt_len = strlen(splitstr[MOUNTPT]);
+
/*
- * Ignore any mount that doesn't contain the --huge-dir
- * directory.
+ * Ignore any mount that doesn't contain the --huge-dir directory
+ * or where mount point is not a parent path of --huge-dir
*/
if (strncmp(internal_conf->hugepage_dir, splitstr[MOUNTPT],
- strlen(splitstr[MOUNTPT])) != 0) {
+ mountpt_len) != 0 ||
+ (hugepage_dir_len > mountpt_len &&
+ internal_conf->hugepage_dir[mountpt_len] != '/')) {
continue;
}
@@ -278,7 +285,7 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir, int len)
* We found a match, but only prefer it if it's a longer match
* (so /mnt/1 is preferred over /mnt for matching /mnt/1/2)).
*/
- if (strlen(splitstr[MOUNTPT]) > strlen(found))
+ if (mountpt_len > strlen(found))
strlcpy(found, splitstr[MOUNTPT], len);
} /* end while fgets */