This is a note to let you know that I've just added the patch titled selftests/resctrl: Ensure the benchmark commands fits to its array to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: selftests-resctrl-ensure-the-benchmark-commands-fits.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 955fee01b3b81a9193909804e6c64f481679c2b3 Author: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx> Date: Mon Sep 4 12:53:32 2023 +0300 selftests/resctrl: Ensure the benchmark commands fits to its array [ Upstream commit 4a28c7665c2a1ac0400864eabb0c641e135f61aa ] Benchmark command is copied into an array in the stack. The array is BENCHMARK_ARGS items long but the command line could try to provide a longer command. Argument size is also fixed by BENCHMARK_ARG_SIZE (63 bytes of space after fitting the terminating \0 character) and user could have inputted argument longer than that. Return error in case the benchmark command does not fit to the space allocated for it. Fixes: ecdbb911f22d ("selftests/resctrl: Add MBM test") Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx> Tested-by: Shaopeng Tan <tan.shaopeng@xxxxxxxxxxxxxx> Reviewed-by: Shaopeng Tan <tan.shaopeng@xxxxxxxxxxxxxx> Reviewed-by: "Wieczor-Retman, Maciej" <maciej.wieczor-retman@xxxxxxxxx> Reviewed-by: Reinette Chatre <reinette.chatre@xxxxxxxxx> Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/tools/testing/selftests/resctrl/resctrl_tests.c b/tools/testing/selftests/resctrl/resctrl_tests.c index 3e7cdf1125df4..e9895ebd2a2d0 100644 --- a/tools/testing/selftests/resctrl/resctrl_tests.c +++ b/tools/testing/selftests/resctrl/resctrl_tests.c @@ -224,9 +224,14 @@ int main(int argc, char **argv) return ksft_exit_fail_msg("Not running as root, abort testing.\n"); if (has_ben) { + if (argc - ben_ind >= BENCHMARK_ARGS) + ksft_exit_fail_msg("Too long benchmark command.\n"); + /* Extract benchmark command from command line. */ for (i = ben_ind; i < argc; i++) { benchmark_cmd[i - ben_ind] = benchmark_cmd_area[i]; + if (strlen(argv[i]) >= BENCHMARK_ARG_SIZE) + ksft_exit_fail_msg("Too long benchmark command argument.\n"); sprintf(benchmark_cmd[i - ben_ind], "%s", argv[i]); } benchmark_cmd[ben_count] = NULL;