From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F00423A574; Thu, 12 Dec 2024 15:58:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734019106; cv=none; b=dWjBjVLeq9UmhzxSK8NT9y0336pjEMFi43F4CF785X1kNJ2jTFr7iicz1mFc0TXWUit0lzPwpEuzmq8KDsr1G2ULKmnnW16BNG8+eqj1kM7bR6TdWGM4sC5EMvdh2fml7r1+kC+kUeP7lnpGc8xAguf/AXOV5lRv4t3WIIS4sX8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734019106; c=relaxed/simple; bh=CVpQDxL6ZHojCOjsTHNAWAOkcj3gCusjhb+CN9ieW/s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VoMIkjjL85tWvkHriXPJFU0yz2Wjl5CX7SMMJEQQb2uO8ZIMQ4KJ3g/dtWq285FHLSDaML55XR6k5gr2dU2csxvMKvY7m8buzEQxpf+Phpb76GRMYN7KSIsOAJS6t0RRRzlkV/kH8m3oqxB7F0O+RPaSh5xVHezHC0d/AH5YMTg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=mlz5Hcju; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="mlz5Hcju" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C71B3C4CEE0; Thu, 12 Dec 2024 15:58:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1734019106; bh=CVpQDxL6ZHojCOjsTHNAWAOkcj3gCusjhb+CN9ieW/s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mlz5HcjuXhkt4VfON5pG78yew7WwU3jB0Jxft/zfNG6+2k+/45PCY4qLobQoqGBxp LITNqWYJlCsQZuTjZO7Ugvs1AvHpKP2d5iW6x/bRGM/ya54tKj/Q9qVsVkZ51jCw95 sg+rm2VkeXuwpIuwsvS49Dkir5/eRI424ruf1A1U= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Reinette Chatre , =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= , Shuah Khan , Sasha Levin Subject: [PATCH 6.1 119/772] selftests/resctrl: Protect against array overrun during iMC config parsing Date: Thu, 12 Dec 2024 15:51:04 +0100 Message-ID: <20241212144354.834658877@linuxfoundation.org> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241212144349.797589255@linuxfoundation.org> References: <20241212144349.797589255@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 6.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Reinette Chatre [ Upstream commit 48ed4e799e8fbebae838dca404a8527763d41191 ] The MBM and MBA tests need to discover the event and umask with which to configure the performance event used to measure read memory bandwidth. This is done by parsing the /sys/bus/event_source/devices/uncore_imc_/events/cas_count_read file for each iMC instance that contains the formatted output: "event=,umask=" Parsing of cas_count_read contents is done by initializing an array of MAX_TOKENS elements with tokens (deliminated by "=,") from this file. Remove the unnecessary append of a delimiter to the string needing to be parsed. Per the strtok() man page: "delimiter bytes at the start or end of the string are ignored". This has no impact on the token placement within the array. After initialization, the actual event and umask is determined by parsing the tokens directly following the "event" and "umask" tokens respectively. Iterating through the array up to index "i < MAX_TOKENS" but then accessing index "i + 1" risks array overrun during the final iteration. Avoid array overrun by ensuring that the index used within for loop will always be valid. Fixes: 1d3f08687d76 ("selftests/resctrl: Read memory bandwidth from perf IMC counter and from resctrl file system") Signed-off-by: Reinette Chatre Reviewed-by: Ilpo Järvinen Signed-off-by: Shuah Khan Signed-off-by: Sasha Levin --- tools/testing/selftests/resctrl/resctrl_val.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/testing/selftests/resctrl/resctrl_val.c b/tools/testing/selftests/resctrl/resctrl_val.c index 00864242d76c6..d2ee8ac8dd8e8 100644 --- a/tools/testing/selftests/resctrl/resctrl_val.c +++ b/tools/testing/selftests/resctrl/resctrl_val.c @@ -102,13 +102,12 @@ void get_event_and_umask(char *cas_count_cfg, int count, bool op) char *token[MAX_TOKENS]; int i = 0; - strcat(cas_count_cfg, ","); token[0] = strtok(cas_count_cfg, "=,"); for (i = 1; i < MAX_TOKENS; i++) token[i] = strtok(NULL, "=,"); - for (i = 0; i < MAX_TOKENS; i++) { + for (i = 0; i < MAX_TOKENS - 1; i++) { if (!token[i]) break; if (strcmp(token[i], "event") == 0) { -- 2.43.0