selftests/resctrl: Fix memory overflow due to unhandled wraparound

rchatre · gregkh · commit 9d46744f7773 · 2024-12-05T14:01:33.000+01:00
[ Upstream commit caf0262 ] alloc_buffer() allocates and initializes (with random data) a buffer of requested size. The initialization starts from the beginning of the allocated buffer and incrementally assigns sizeof(uint64_t) random data to each cache line. The initialization uses the size of the buffer to control the initialization flow, decrementing the amount of buffer needing to be initialized after each iteration. The size of the buffer is stored in an unsigned (size_t) variable s64 and the test "s64 > 0" is used to decide if initialization is complete. The problem is that decrementing the buffer size may wrap around if the buffer size is not divisible by "CL_SIZE / sizeof(uint64_t)" resulting in the "s64 > 0" test being true and memory beyond the buffer "initialized". Use a signed value for the buffer size to support all buffer sizes. Fixes: a2561b1 ("selftests/resctrl: Add built in benchmark") Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
diff --git a/tools/testing/selftests/resctrl/fill_buf.c b/tools/testing/selftests/resctrl/fill_buf.c
@@ -127,7 +127,7 @@ unsigned char *alloc_buffer(size_t buf_size, int memflush)
 {
 	void *buf = NULL;
 	uint64_t *p64;
-	size_t s64;
+	ssize_t s64;
 	int ret;
 
 	ret = posix_memalign(&buf, PAGE_SIZE, buf_size);

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ unsigned char *alloc_buffer(size_t buf_size, int memflush)`
`127`	`127`	`{`
`128`	`128`	`void *buf = NULL;`
`129`	`129`	`uint64_t *p64;`
`130`		`- size_t s64;`
	`130`	`+ ssize_t s64;`
`131`	`131`	`int ret;`
`132`	`132`
`133`	`133`	`ret = posix_memalign(&buf, PAGE_SIZE, buf_size);`