All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] media: bpf: do not copy more entries than user space requested
@ 2021-06-23 21:37 Sean Young
  2021-06-24  9:21 ` Sean Young
  2021-06-24 13:40 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Sean Young @ 2021-06-23 21:37 UTC (permalink / raw)
  To: linux-media, Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, bpf

The syscall bpf(BPF_PROG_QUERY, &attr) should the prog_cnt field to see
how many entries user space provided and return ENOSPC if there are
more programs than that. Before this patch, this is not checked and
ENOSPC is never returned.

Note that one lirc device is limited to 64 bpf programs, and user space
I'm aware of -- ir-keytable -- always gives enough space for 64 entries
already. However, we should not copy program ids than are requested.

Signed-off-by: Sean Young <sean@mess.org>
---
 drivers/media/rc/bpf-lirc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c
index 3fe3edd80876..afae0afe3f81 100644
--- a/drivers/media/rc/bpf-lirc.c
+++ b/drivers/media/rc/bpf-lirc.c
@@ -326,7 +326,8 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr)
 	}
 
 	if (attr->query.prog_cnt != 0 && prog_ids && cnt)
-		ret = bpf_prog_array_copy_to_user(progs, prog_ids, cnt);
+		ret = bpf_prog_array_copy_to_user(progs, prog_ids,
+						  attr->query.prog_cnt);
 
 unlock:
 	mutex_unlock(&ir_raw_handler_lock);
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] media: bpf: do not copy more entries than user space requested
  2021-06-23 21:37 [PATCH] media: bpf: do not copy more entries than user space requested Sean Young
@ 2021-06-24  9:21 ` Sean Young
  2021-06-24 13:40 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Sean Young @ 2021-06-24  9:21 UTC (permalink / raw)
  To: linux-media, Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, bpf

On Wed, Jun 23, 2021 at 10:37:54PM +0100, Sean Young wrote:
> The syscall bpf(BPF_PROG_QUERY, &attr) should the prog_cnt field to see

s/should the/should use the/

> how many entries user space provided and return ENOSPC if there are
> more programs than that. Before this patch, this is not checked and
> ENOSPC is never returned.
> 
> Note that one lirc device is limited to 64 bpf programs, and user space
> I'm aware of -- ir-keytable -- always gives enough space for 64 entries
> already. However, we should not copy program ids than are requested.
> 
> Signed-off-by: Sean Young <sean@mess.org>
> ---
>  drivers/media/rc/bpf-lirc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c
> index 3fe3edd80876..afae0afe3f81 100644
> --- a/drivers/media/rc/bpf-lirc.c
> +++ b/drivers/media/rc/bpf-lirc.c
> @@ -326,7 +326,8 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr)
>  	}
>  
>  	if (attr->query.prog_cnt != 0 && prog_ids && cnt)
> -		ret = bpf_prog_array_copy_to_user(progs, prog_ids, cnt);
> +		ret = bpf_prog_array_copy_to_user(progs, prog_ids,
> +						  attr->query.prog_cnt);
>  
>  unlock:
>  	mutex_unlock(&ir_raw_handler_lock);
> -- 
> 2.31.1

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] media: bpf: do not copy more entries than user space requested
  2021-06-23 21:37 [PATCH] media: bpf: do not copy more entries than user space requested Sean Young
  2021-06-24  9:21 ` Sean Young
@ 2021-06-24 13:40 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-06-24 13:40 UTC (permalink / raw)
  To: Sean Young; +Cc: linux-media, ast, daniel, andrii, bpf

Hello:

This patch was applied to bpf/bpf-next.git (refs/heads/master):

On Wed, 23 Jun 2021 22:37:54 +0100 you wrote:
> The syscall bpf(BPF_PROG_QUERY, &attr) should the prog_cnt field to see
> how many entries user space provided and return ENOSPC if there are
> more programs than that. Before this patch, this is not checked and
> ENOSPC is never returned.
> 
> Note that one lirc device is limited to 64 bpf programs, and user space
> I'm aware of -- ir-keytable -- always gives enough space for 64 entries
> already. However, we should not copy program ids than are requested.
> 
> [...]

Here is the summary with links:
  - media: bpf: do not copy more entries than user space requested
    https://git.kernel.org/bpf/bpf-next/c/647d446d66e4

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-24 13:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-23 21:37 [PATCH] media: bpf: do not copy more entries than user space requested Sean Young
2021-06-24  9:21 ` Sean Young
2021-06-24 13:40 ` patchwork-bot+netdevbpf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.