| Message ID | 5e17ed39ffb8d6bd530c057aa04e3ffb997573a9.1695369120.git.maciej.wieczor-retman@intel.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | selftests/resctrl: Bug fix and optimization | expand |
Hi Maciej, On 9/22/2023 1:10 AM, Maciej Wieczor-Retman wrote: > Writing bitmasks to the schemata can fail when the bitmask doesn't > adhere to constraints defined by what a particular CPU supports. > Some example of constraints are max length or having contiguous bits. > The driver should properly return errors when any rule concerning > bitmask format is broken. > > Resctrl FS returns error codes from fprintf() only when fclose() is > called. Current error checking scheme allows invalid bitmasks to be > written into schemata file and the selftest doesn't notice because the > fclose() error code isn't checked. > > Substitute fopen(), flose() and fprintf() with open(), close() and > write() to avoid error code buffering between fprintf() and fclose(). > > Remove newline character from the schema string after writing it to > the schemata file so it prints correctly before function return. > > Pass the string generated with strerror() to the "reason" buffer so > the error message is more verbose. Extend "reason" buffer so it can hold > longer messages. > > Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com> > --- > Changelog v4: > - Unify error checking between open() and write(). (Reinette) > - Add fcntl.h for glibc backward compatiblitiy. (Reinette) > > Changelog v3: > - Rename fp to fd. (Ilpo) > - Remove strlen, strcspn and just use the snprintf value instead. (Ilpo) > > Changelog v2: > - Rewrite patch message. > - Double "reason" buffer size to fit longer error explanation. > - Redo file interactions with syscalls instead of stdio functions. > > tools/testing/selftests/resctrl/resctrlfs.c | 30 ++++++++++++--------- > 1 file changed, 17 insertions(+), 13 deletions(-) > > diff --git a/tools/testing/selftests/resctrl/resctrlfs.c b/tools/testing/selftests/resctrl/resctrlfs.c > index 3a8111362d26..edc8fc6e44b0 100644 > --- a/tools/testing/selftests/resctrl/resctrlfs.c > +++ b/tools/testing/selftests/resctrl/resctrlfs.c > @@ -8,6 +8,7 @@ > * Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>, > * Fenghua Yu <fenghua.yu@intel.com> > */ > +#include <fcntl.h> > #include <limits.h> > > #include "resctrl.h" > @@ -490,9 +491,8 @@ int write_bm_pid_to_resctrl(pid_t bm_pid, char *ctrlgrp, char *mongrp, > */ > int write_schemata(char *ctrlgrp, char *schemata, int cpu_no, char *resctrl_val) > { > - char controlgroup[1024], schema[1024], reason[64]; > - int resource_id, ret = 0; > - FILE *fp; > + char controlgroup[1024], schema[1024], reason[128]; > + int resource_id, fd, schema_len = -1, ret = 0; I am trying to understand the schema_len initialization. Could you please elaborate why you chose -1? I'm a bit concerned with the robustness here with it being used as an unsigned integer in write() and also the negative array index later. > > if (strncmp(resctrl_val, MBA_STR, sizeof(MBA_STR)) && > strncmp(resctrl_val, MBM_STR, sizeof(MBM_STR)) && > @@ -520,27 +520,31 @@ int write_schemata(char *ctrlgrp, char *schemata, int cpu_no, char *resctrl_val) > > if (!strncmp(resctrl_val, CAT_STR, sizeof(CAT_STR)) || > !strncmp(resctrl_val, CMT_STR, sizeof(CMT_STR))) > - sprintf(schema, "%s%d%c%s", "L3:", resource_id, '=', schemata); > + schema_len = snprintf(schema, sizeof(schema), "%s%d%c%s\n", > + "L3:", resource_id, '=', schemata); > if (!strncmp(resctrl_val, MBA_STR, sizeof(MBA_STR)) || > !strncmp(resctrl_val, MBM_STR, sizeof(MBM_STR))) > - sprintf(schema, "%s%d%c%s", "MB:", resource_id, '=', schemata); > + schema_len = snprintf(schema, sizeof(schema), "%s%d%c%s\n", > + "MB:", resource_id, '=', schemata); > > - fp = fopen(controlgroup, "w"); > - if (!fp) { > - sprintf(reason, "Failed to open control group"); > + fd = open(controlgroup, O_WRONLY); > + if (!fd) { Be careful ... the error checking appropriate to the original pointer needs a double check with this new usage. According to "man 2 open" - open() returns -1 on error so I expect that this should rather be: if (fd < 0) { or if (fd == -1) { The rest looks good to me. Reinette
Hi Maciej, On 9/27/2023 11:46 PM, Maciej Wieczór-Retman wrote: > On 2023-09-27 at 15:15:06 -0700, Reinette Chatre wrote: >> On 9/22/2023 1:10 AM, Maciej Wieczor-Retman wrote: >>> diff --git a/tools/testing/selftests/resctrl/resctrlfs.c b/tools/testing/selftests/resctrl/resctrlfs.c >>> index 3a8111362d26..edc8fc6e44b0 100644 >>> --- a/tools/testing/selftests/resctrl/resctrlfs.c >>> +++ b/tools/testing/selftests/resctrl/resctrlfs.c >>> @@ -8,6 +8,7 @@ >>> * Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>, >>> * Fenghua Yu <fenghua.yu@intel.com> >>> */ >>> +#include <fcntl.h> >>> #include <limits.h> >>> >>> #include "resctrl.h" >>> @@ -490,9 +491,8 @@ int write_bm_pid_to_resctrl(pid_t bm_pid, char *ctrlgrp, char *mongrp, >>> */ >>> int write_schemata(char *ctrlgrp, char *schemata, int cpu_no, char *resctrl_val) >>> { >>> - char controlgroup[1024], schema[1024], reason[64]; >>> - int resource_id, ret = 0; >>> - FILE *fp; >>> + char controlgroup[1024], schema[1024], reason[128]; >>> + int resource_id, fd, schema_len = -1, ret = 0; >> >> I am trying to understand the schema_len initialization. Could >> you please elaborate why you chose -1? I'm a bit concerned with >> the robustness here with it being used as an unsigned integer >> in write() and also the negative array index later. > > My idea was that if the initial value for schema_len was 0, then if > resctrl_val wouldn't equal any of MBA_STR, MBM_STR, CAT_STR, CMT_STR Ensuring that resctrl_val is equal to one of these seems to be the first thing write_schemata() does. > values schema_len would stay zero and write nothing. Your alternative writes "-1". write() is declared as: ssize_t write(int fd, const void *buf, size_t count); note that "count" is size_t, which is an unsigned value. Providing it -1 is thus a very large number and likely to cause overflow. In fact if I even try to compile a program where the compiler can figure out count will be -1 it fails the compile (stringop-overflow). > I think it would be difficult to debug such an error because even later > in ksft_print_msg the requested schema would get printed as if there was > no error. In the case I mentioned above the function will just error out > which I assume could be helpful. You seem to rely on write() to cleanly catch giving it bad data. > Other solutions that can accomplish the same goal would be checking > write() not only for negative values but also for zero (since in > here this is pretty much an error). Or checking schema_len for only > positive values after the block of code where it gets assigned a > value from sprintf. > > Are any of the above safer or more logical in your opinion? There is no error checking on schema_len. After it has been initialized it can be checked for errors and write_schemata() can be exited immediately if an error was encountered without attempting the write(). Reinette
diff --git a/tools/testing/selftests/resctrl/resctrlfs.c b/tools/testing/selftests/resctrl/resctrlfs.c index 3a8111362d26..edc8fc6e44b0 100644 --- a/tools/testing/selftests/resctrl/resctrlfs.c +++ b/tools/testing/selftests/resctrl/resctrlfs.c @@ -8,6 +8,7 @@ * Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>, * Fenghua Yu <fenghua.yu@intel.com> */ +#include <fcntl.h> #include <limits.h> #include "resctrl.h" @@ -490,9 +491,8 @@ int write_bm_pid_to_resctrl(pid_t bm_pid, char *ctrlgrp, char *mongrp, */ int write_schemata(char *ctrlgrp, char *schemata, int cpu_no, char *resctrl_val) { - char controlgroup[1024], schema[1024], reason[64]; - int resource_id, ret = 0; - FILE *fp; + char controlgroup[1024], schema[1024], reason[128]; + int resource_id, fd, schema_len = -1, ret = 0; if (strncmp(resctrl_val, MBA_STR, sizeof(MBA_STR)) && strncmp(resctrl_val, MBM_STR, sizeof(MBM_STR)) && @@ -520,27 +520,31 @@ int write_schemata(char *ctrlgrp, char *schemata, int cpu_no, char *resctrl_val) if (!strncmp(resctrl_val, CAT_STR, sizeof(CAT_STR)) || !strncmp(resctrl_val, CMT_STR, sizeof(CMT_STR))) - sprintf(schema, "%s%d%c%s", "L3:", resource_id, '=', schemata); + schema_len = snprintf(schema, sizeof(schema), "%s%d%c%s\n", + "L3:", resource_id, '=', schemata); if (!strncmp(resctrl_val, MBA_STR, sizeof(MBA_STR)) || !strncmp(resctrl_val, MBM_STR, sizeof(MBM_STR))) - sprintf(schema, "%s%d%c%s", "MB:", resource_id, '=', schemata); + schema_len = snprintf(schema, sizeof(schema), "%s%d%c%s\n", + "MB:", resource_id, '=', schemata); - fp = fopen(controlgroup, "w"); - if (!fp) { - sprintf(reason, "Failed to open control group"); + fd = open(controlgroup, O_WRONLY); + if (!fd) { + snprintf(reason, sizeof(reason), + "open() failed : %s", strerror(errno)); ret = -1; goto out; } - - if (fprintf(fp, "%s\n", schema) < 0) { - sprintf(reason, "Failed to write schemata in control group"); - fclose(fp); + if (write(fd, schema, schema_len) < 0) { + snprintf(reason, sizeof(reason), + "write() failed : %s", strerror(errno)); + close(fd); ret = -1; goto out; } - fclose(fp); + close(fd); + schema[schema_len - 1] = 0; out: ksft_print_msg("Write schema \"%s\" to resctrl FS%s%s\n",
Writing bitmasks to the schemata can fail when the bitmask doesn't adhere to constraints defined by what a particular CPU supports. Some example of constraints are max length or having contiguous bits. The driver should properly return errors when any rule concerning bitmask format is broken. Resctrl FS returns error codes from fprintf() only when fclose() is called. Current error checking scheme allows invalid bitmasks to be written into schemata file and the selftest doesn't notice because the fclose() error code isn't checked. Substitute fopen(), flose() and fprintf() with open(), close() and write() to avoid error code buffering between fprintf() and fclose(). Remove newline character from the schema string after writing it to the schemata file so it prints correctly before function return. Pass the string generated with strerror() to the "reason" buffer so the error message is more verbose. Extend "reason" buffer so it can hold longer messages. Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com> --- Changelog v4: - Unify error checking between open() and write(). (Reinette) - Add fcntl.h for glibc backward compatiblitiy. (Reinette) Changelog v3: - Rename fp to fd. (Ilpo) - Remove strlen, strcspn and just use the snprintf value instead. (Ilpo) Changelog v2: - Rewrite patch message. - Double "reason" buffer size to fit longer error explanation. - Redo file interactions with syscalls instead of stdio functions. tools/testing/selftests/resctrl/resctrlfs.c | 30 ++++++++++++--------- 1 file changed, 17 insertions(+), 13 deletions(-)