From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Anatoly Burakov <anatoly.burakov@intel.com>
Subject: [PATCH v3 11/16] eal: check for hugefile path overflow
Date: Fri, 5 Dec 2025 12:11:40 -0800 [thread overview]
Message-ID: <20251205201537.251131-12-stephen@networkplumber.org> (raw)
In-Reply-To: <20251205201537.251131-1-stephen@networkplumber.org>
When constructing huge filename path, check for possible
overflow of PATH_MAX.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
lib/eal/common/eal_filesystem.h | 10 ++++++----
lib/eal/linux/eal_memalloc.c | 11 +++++++++--
lib/eal/linux/eal_memory.c | 9 +++++++--
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/lib/eal/common/eal_filesystem.h b/lib/eal/common/eal_filesystem.h
index ce52babb7f..4cc5b22a16 100644
--- a/lib/eal/common/eal_filesystem.h
+++ b/lib/eal/common/eal_filesystem.h
@@ -94,12 +94,14 @@ eal_hugepage_data_path(void)
/** String format for hugepage map files. */
#define HUGEFILE_FMT "%s/%smap_%d"
-static inline const char *
+static inline __rte_warn_unused_result const char *
eal_get_hugefile_path(char *buffer, size_t buflen, const char *hugedir, int f_id)
{
- snprintf(buffer, buflen, HUGEFILE_FMT, hugedir,
- eal_get_hugefile_prefix(), f_id);
- return buffer;
+ if (snprintf(buffer, buflen, HUGEFILE_FMT, hugedir,
+ eal_get_hugefile_prefix(), f_id) >= (int)buflen)
+ return NULL;
+ else
+ return buffer;
}
/** define the default filename prefix for the %s values above */
diff --git a/lib/eal/linux/eal_memalloc.c b/lib/eal/linux/eal_memalloc.c
index 1e60e21620..d9e8ea76b9 100644
--- a/lib/eal/linux/eal_memalloc.c
+++ b/lib/eal/linux/eal_memalloc.c
@@ -260,6 +260,7 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi,
{
int fd;
int *out_fd;
+ const char *huge_path;
struct stat st;
int ret;
const struct internal_config *internal_conf =
@@ -276,12 +277,18 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi,
if (internal_conf->single_file_segments) {
out_fd = &fd_list[list_idx].memseg_list_fd;
- eal_get_hugefile_path(path, buflen, hi->hugedir, list_idx);
+ huge_path = eal_get_hugefile_path(path, buflen, hi->hugedir, list_idx);
} else {
out_fd = &fd_list[list_idx].fds[seg_idx];
- eal_get_hugefile_path(path, buflen, hi->hugedir,
+ huge_path = eal_get_hugefile_path(path, buflen, hi->hugedir,
list_idx * RTE_MAX_MEMSEG_PER_LIST + seg_idx);
}
+ if (huge_path == NULL) {
+ EAL_LOG(DEBUG, "%s(): hugefile path truncated: '%s'",
+ __func__, path);
+ return -1;
+ }
+
fd = *out_fd;
if (fd >= 0)
return fd;
diff --git a/lib/eal/linux/eal_memory.c b/lib/eal/linux/eal_memory.c
index 8e1763e890..2a0a441398 100644
--- a/lib/eal/linux/eal_memory.c
+++ b/lib/eal/linux/eal_memory.c
@@ -337,8 +337,13 @@ map_all_hugepages(struct hugepage_file *hugepg_tbl, struct hugepage_info *hpi,
hf->file_id = i;
hf->size = hugepage_sz;
- eal_get_hugefile_path(hf->filepath, sizeof(hf->filepath),
- hpi->hugedir, hf->file_id);
+ if (eal_get_hugefile_path(hf->filepath, sizeof(hf->filepath),
+ hpi->hugedir, hf->file_id) == NULL) {
+ EAL_LOG(DEBUG, "%s(): huge file path '%s' truncated",
+ __func__, hf->filepath);
+ goto out;
+ }
+
hf->filepath[sizeof(hf->filepath) - 1] = '\0';
/* try to create hugepage file */
--
2.51.0
next prev parent reply other threads:[~2025-12-05 20:16 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-02 17:24 [RFC 0/8] first steps in fixing buffer overflow Stephen Hemminger
2025-12-02 17:24 ` [RFC 1/8] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-02 17:24 ` [RFC 2/8] hash: fix possible ring name overflow Stephen Hemminger
2025-12-02 17:24 ` [RFC 3/8] eal: warn if thread name is truncated Stephen Hemminger
2025-12-02 17:24 ` [RFC 4/8] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-02 17:24 ` [RFC 5/8] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-02 17:24 ` [RFC 6/8] efd: avoid overflowing ring name Stephen Hemminger
2025-12-02 17:24 ` [RFC 7/8] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-02 17:24 ` [RFC 8/8] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 00/14] lib: check for string overflow Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 01/14] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 02/14] test: avoid long hash names Stephen Hemminger
2025-12-05 8:29 ` Bruce Richardson
2025-12-05 17:00 ` Stephen Hemminger
2025-12-05 18:19 ` Bruce Richardson
2025-12-05 2:28 ` [RFC v2 03/14] lpm: restrict name size Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 04/14] hash: avoid possible ring name overflow Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 05/14] graph: avoid overflowing comment buffer Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 06/14] eal: warn if thread name is truncated Stephen Hemminger
2025-12-05 8:32 ` Bruce Richardson
2025-12-05 2:28 ` [RFC v2 07/14] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 08/14] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-05 8:34 ` Bruce Richardson
2025-12-05 2:28 ` [RFC v2 09/14] vhost: check for overflow in xstat name Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 10/14] efd: avoid overflowing ring name Stephen Hemminger
2025-12-05 8:37 ` Bruce Richardson
2025-12-05 2:28 ` [RFC v2 11/14] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 12/14] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-05 8:46 ` Bruce Richardson
2025-12-05 2:28 ` [RFC v2 13/14] eal: check for hugefile path overflow Stephen Hemminger
2025-12-05 2:28 ` [RFC v2 14/14] lib: enable format overflow warnings Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 00/16] lib: find and fix possible string overflows Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 01/16] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 02/16] lpm: restrict name size Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 03/16] hash: add checks for hash name length Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 04/16] graph: avoid overflowing comment buffer Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 05/16] latencystats: add check for string overflow Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 06/16] efd: handle possible name truncation Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 07/16] eal: warn if thread name is truncated Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 08/16] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 09/16] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 10/16] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-05 20:11 ` Stephen Hemminger [this message]
2025-12-05 20:11 ` [PATCH v3 12/16] eal: check tailq length Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 13/16] eal: handle long shared library path Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 14/16] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 15/16] vhost: check for overflow in xstat name Stephen Hemminger
2025-12-05 20:11 ` [PATCH v3 16/16] lib: enable format overflow warnings Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251205201537.251131-12-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).