Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2135906pxk; Mon, 14 Sep 2020 05:49:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxEsuEgf1LkM8dL5DHh4SyT+qfEIdpX0+CtwegZYuvxf8vnGDxZS5d0exD14ZOg8hgdVAKr X-Received: by 2002:a17:906:c1c6:: with SMTP id bw6mr15100270ejb.374.1600087751570; Mon, 14 Sep 2020 05:49:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600087751; cv=none; d=google.com; s=arc-20160816; b=SsHrrZDfv4XgyZDYRFRPwGw7BUFc8ACxM2pYbXeYEnjE/f55E/mEjjGKbjesqO1Ax+ Qd64KpO29NKnc4wS+gGwPBkqarGDEBqqCE15g6zCDdzRES9m9VAX3zBpHXs+ecC86mdz vIy8JVC3juH7vc39tCb8M1uD77F7fZoyJBArmSlRIWpIea3dFtnJYta/wdFWKjrQlboz +dsuTo+k+Q5SdWEKe4w1I0GXuL6zbyzMELh9WyuA18zZlMAJ/zz8IKvTKjZlEf9lID2S Z/MpBTWIRLSRxHIgKac177d18pKzsgPxxC3/jUHn6jRW8ySKxo1clYToQhUI0gPyGIhP o0xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=gaHqLLOiDHFUFxGuWbnZK3gT/b6ZmVwWYrsEoWMwxu4=; b=kzweoTd5yypGKflGwfLzYY9qZOmYSJVDdJ7gcrcLMGz5aLgE2OIXiiuz1NgjlEGrI4 ws5YU+/UZPLJC5iu8V8YoxziK/2lfWCvvyzqxkY/TzDHByW7WVnN9uioU5RysIdDqCEs WFBPv9jxFsuHiBaBiLF45147n+RB58+RawgTcmP4iVQy0z/jzq0D/dhp7FWhLhW/SCM4 0llicFSoWPjU+v8u4Lg4F4gkXrP2GXfgkTunAcFjXYntRkR9eqMMc+/hbk1YdVP7YZji nvioSibzOLIeCq1zml+O03gVN+xsNLIpJHqrcq+UHenc8RKx6cdtNi/cpkHk8m5IBI2l DKpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c9si7428110edl.424.2020.09.14.05.48.49; Mon, 14 Sep 2020 05:49:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726474AbgINMoe (ORCPT + 99 others); Mon, 14 Sep 2020 08:44:34 -0400 Received: from mx2.suse.de ([195.135.220.15]:55446 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726585AbgINMns (ORCPT ); Mon, 14 Sep 2020 08:43:48 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 97D09B13F; Mon, 14 Sep 2020 11:57:40 +0000 (UTC) Date: Mon, 14 Sep 2020 13:57:24 +0200 From: Michal Hocko To: Muchun Song Cc: Andrew Morton , Johannes Weiner , Vladimir Davydov , Cgroups , Linux Memory Management List , LKML Subject: Re: [External] Re: [PATCH] mm: memcontrol: Fix out-of-bounds on the buf returned by memory_stat_format Message-ID: <20200914115724.GO16999@dhcp22.suse.cz> References: <20200912155100.25578-1-songmuchun@bytedance.com> <20200912174241.eeaa771755915f27babf9322@linux-foundation.org> <20200914091844.GE16999@dhcp22.suse.cz> <20200914103205.GI16999@dhcp22.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 14-09-20 19:46:36, Muchun Song wrote: > On Mon, Sep 14, 2020 at 6:32 PM Michal Hocko wrote: > > > > On Mon 14-09-20 17:43:42, Muchun Song wrote: > > > On Mon, Sep 14, 2020 at 5:18 PM Michal Hocko wrote: > > > > > > > > On Mon 14-09-20 12:02:33, Muchun Song wrote: > > > > > On Sun, Sep 13, 2020 at 8:42 AM Andrew Morton wrote: > > > > > > > > > > > > On Sat, 12 Sep 2020 23:51:00 +0800 Muchun Song wrote: > > > > > > > > > > > > > The memory_stat_format() returns a format string, but the return buf > > > > > > > may not including the trailing '\0'. So the users may read the buf > > > > > > > out of bounds. > > > > > > > > > > > > That sounds serious. Is a cc:stable appropriate? > > > > > > > > > > > > > > > > Yeah, I think we should cc:stable. > > > > > > > > Is this a real problem? The buffer should contain 36 lines which makes > > > > it more than 100B per line. I strongly suspect we are not able to use > > > > that storage up. > > > > > > Before memory_stat_format() return, we should call seq_buf_putc(&s, '\0'). > > > Otherwise, the return buf string has no trailing null('\0'). But users treat buf > > > as a string(and read the string oob). It is wrong. Thanks. > > > > I am not sure I follow you. vsnprintf which is used by seq_printf will > > add \0 if there is a room for that. And I argue there is a lot of room > > in the buffer so a corner case where the buffer gets full doesn't happen > > with the current code. > > Thanks for your explanation. Yeah, seq_printf will add \0 if there is a > room for that. So I agree with you that the "Fixes" tag is wrong. There > is nothing to fix. Sorry for the noise. > > I think that if someone uses seq_buf_putc(maybe in the feature) at the > end of memory_stat_format(). It will break the rule and there is no \0. > So this patch can just make the code robust but need to change the > commit log and remove the Fixes tag. Please see my other reply. Adding \0 is not really sufficient. If we want to have a robust code to handle the small buffer then we need to make sure that all counters will make it to the userspace. Short output is simply a broken result. Implementing this properly is certainly possible, the question is whether this is worth addressing. It is not like we are adding a lot of output into this file and it is quite likely that the code is good as it is. -- Michal Hocko SUSE Labs