On Wed, Jun 23, 2021 at 10:37:54PM +0100, Sean Young wrote: > The syscall bpf(BPF_PROG_QUERY, &attr) should the prog_cnt field to see s/should the/should use the/ > how many entries user space provided and return ENOSPC if there are > more programs than that. Before this patch, this is not checked and > ENOSPC is never returned. > > Note that one lirc device is limited to 64 bpf programs, and user space > I'm aware of -- ir-keytable -- always gives enough space for 64 entries > already. However, we should not copy program ids than are requested. > > Signed-off-by: Sean Young <sean@xxxxxxxx> > --- > drivers/media/rc/bpf-lirc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c > index 3fe3edd80876..afae0afe3f81 100644 > --- a/drivers/media/rc/bpf-lirc.c > +++ b/drivers/media/rc/bpf-lirc.c > @@ -326,7 +326,8 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr) > } > > if (attr->query.prog_cnt != 0 && prog_ids && cnt) > - ret = bpf_prog_array_copy_to_user(progs, prog_ids, cnt); > + ret = bpf_prog_array_copy_to_user(progs, prog_ids, > + attr->query.prog_cnt); > > unlock: > mutex_unlock(&ir_raw_handler_lock); > -- > 2.31.1
