From nobody Mon Nov 25 21:42:56 2024 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B2A82178F4; Thu, 24 Oct 2024 21:08:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729804086; cv=none; b=E6QVtjBlTo7YzzGA8dOLWr2+PfCgtf6eu7vGLXhdERJoaSwrjL1JU/OvQKE2K6BF46Ln2wfZlJFLJWTqHLa9i8dEyTqI8jZmeHh3KHBpyWbL0DM0wHI8BiyUvvL1/7Zx6XUP+4thnYYENu2wxCKsAhiTU5b18CEu04GI2z1xvIg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729804086; c=relaxed/simple; bh=8igkGI9MOLwE1u4y4oKvZ2ckKq/pi4qsR/V3GdFGBdM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=k/0v3cAXHghpSeV+6SblOKCuR0TLAsdw0xiyLwmXNd0TYJxznocGY7drhKx8KUZwYpYgNXmXq8+4NI8HuydJ4yhyaa6yyvJvbgl8CvH8iT2HqIkgUFRN8wCF2e2z3HgHiBcb0xwfmlAMynns0Jk3zXq0IvohYuOai0OLPGPBUaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FpFoeMjb; arc=none smtp.client-ip=192.198.163.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FpFoeMjb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1729804084; x=1761340084; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8igkGI9MOLwE1u4y4oKvZ2ckKq/pi4qsR/V3GdFGBdM=; b=FpFoeMjbjI4pj9wZYOIdnZO1c9helsSH75YllEDZYZAmMny26Zp1KE2l yh01vaf0hU+fzjqVtk4vCw2ffzrndyIUwlBExkb8ohKwhBVlK41pgSl6V j3yEcR1LX61WCaMgD90EnSkU7bUJcDT/UUV6UjmrQxiAT+yAavgfwrS5I 0h8/qe3W0jzPatf1B6xWim1veCEEIUAN7u04EuYub+BsQ/0v5OTGLfITD REmqqehERFVFYB4fkhTrHbVZJNorGBJiQ7sjEgxyL5HcpoGxaHHKMSbnC C2baEe0gNLXGFmpthozQkbUzOwt3wZVyLu7ZKsxWhwnSAbLywRzsFZwN5 w==; X-CSE-ConnectionGUID: kUn6JhIfRqW8dHXwPbqMbw== X-CSE-MsgGUID: cxq3mvxKRtiNLm4kocCkow== X-IronPort-AV: E=McAfee;i="6700,10204,11235"; a="17090892" X-IronPort-AV: E=Sophos;i="6.11,230,1725346800"; d="scan'208";a="17090892" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Oct 2024 14:08:01 -0700 X-CSE-ConnectionGUID: eB/4x2gRShSQmgSSkulvyw== X-CSE-MsgGUID: OPEcho7IQ0SrduZcKQWWvw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="85488029" Received: from rchatre-desk1.jf.intel.com ([10.165.154.99]) by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Oct 2024 14:08:00 -0700 From: Reinette Chatre To: fenghua.yu@intel.com, shuah@kernel.org, tony.luck@intel.com, peternewman@google.com, babu.moger@amd.com, ilpo.jarvinen@linux.intel.com Cc: maciej.wieczor-retman@intel.com, reinette.chatre@intel.com, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH V4 04/15] selftests/resctrl: Protect against array overrun during iMC config parsing Date: Thu, 24 Oct 2024 14:18:41 -0700 Message-ID: X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The MBM and MBA tests need to discover the event and umask with which to configure the performance event used to measure read memory bandwidth. This is done by parsing the /sys/bus/event_source/devices/uncore_imc_/events/cas_count_re= ad file for each iMC instance that contains the formatted output: "event=3D,umask=3D" Parsing of cas_count_read contents is done by initializing an array of MAX_TOKENS elements with tokens (deliminated by "=3D,") from this file. Remove the unnecessary append of a delimiter to the string needing to be parsed. Per the strtok() man page: "delimiter bytes at the start or end of the string are ignored". This has no impact on the token placement within the array. After initialization, the actual event and umask is determined by parsing the tokens directly following the "event" and "umask" tokens respectively. Iterating through the array up to index "i < MAX_TOKENS" but then accessing index "i + 1" risks array overrun during the final iteration. Avoid array overrun by ensuring that the index used within for loop will always be valid. Fixes: 1d3f08687d76 ("selftests/resctrl: Read memory bandwidth from perf IM= C counter and from resctrl file system") Signed-off-by: Reinette Chatre Reviewed-by: Ilpo J=C3=A4rvinen --- Changes since V2: - Rephrase changelog. (Ilpo) - Add Ilpo's Reviewed-by tag. Changes since V1: - New patch. --- tools/testing/selftests/resctrl/resctrl_val.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/testing/selftests/resctrl/resctrl_val.c b/tools/testing/= selftests/resctrl/resctrl_val.c index 70e8e31f5d1a..e88d5ca30517 100644 --- a/tools/testing/selftests/resctrl/resctrl_val.c +++ b/tools/testing/selftests/resctrl/resctrl_val.c @@ -83,13 +83,12 @@ static void get_event_and_umask(char *cas_count_cfg, in= t count, bool op) char *token[MAX_TOKENS]; int i =3D 0; =20 - strcat(cas_count_cfg, ","); token[0] =3D strtok(cas_count_cfg, "=3D,"); =20 for (i =3D 1; i < MAX_TOKENS; i++) token[i] =3D strtok(NULL, "=3D,"); =20 - for (i =3D 0; i < MAX_TOKENS; i++) { + for (i =3D 0; i < MAX_TOKENS - 1; i++) { if (!token[i]) break; if (strcmp(token[i], "event") =3D=3D 0) { --=20 2.47.0