selftests/bpf: Fix OOB read in dmabuf_collector

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Dmabuf name allocations can be less than DMA_BUF_NAME_LEN characters,
but bpf_probe_read_kernel always tries to read exactly that many bytes.
If a name is less than DMA_BUF_NAME_LEN characters,
bpf_probe_read_kernel will read past the end. bpf_probe_read_kernel_str
stops at the first NUL terminator so use it instead, like
iter_dmabuf_for_each already does.

Fixes: ae5d2c59ecd7 ("selftests/bpf: Add test for dmabuf_iter")
Reported-by: Jerome Lee <jaewookl@quicinc.com>
Signed-off-by: T.J. Mercier <tjmercier@google.com>
Link: https://lore.kernel.org/r/20260225003349.113746-1-tjmercier@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

T.J. Mercier and committed by

Alexei Starovoitov 3 months ago 6881af27 60e3cbef

+1 -1

1 changed file

expand all

tools

testing

selftests

bpf

progs

dmabuf_iter.c

+1 -1

tools/testing/selftests/bpf/progs/dmabuf_iter.c

··· 48 48 49 49 /* Buffers are not required to be named */ 50 50 if (pname) { 51 - if (bpf_probe_read_kernel(name, sizeof(name), pname)) 51 + if (bpf_probe_read_kernel_str(name, sizeof(name), pname) < 0) 52 52 return 1; 53 53 54 54 /* Name strings can be provided by userspace */

Configure Feed

Configure Feed