Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5276959rdb; Wed, 13 Dec 2023 04:26:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IFZGcYY8lFXK+tPHXGyEl3MGi8mXKxEzutYrcGY6al17dugQYuxeVOIij+sh+bgn/R3nutP X-Received: by 2002:a05:6a00:1ad1:b0:6cd:d6c0:d8d0 with SMTP id f17-20020a056a001ad100b006cdd6c0d8d0mr10137487pfv.24.1702470418377; Wed, 13 Dec 2023 04:26:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702470418; cv=none; d=google.com; s=arc-20160816; b=bxaSrsvlvqh23BermvmTrmHK2qKkTYZmUYnBLDxTjOLu91IpL3E9ysM7JBTaXZo91r FiuWxkv4G46mbDZ0umi+ApiE3gNqBjVyFwr6do+cCTcwvupa1jIp6Plq/WApnviLMjwJ 1RuzjKBztS8uZDc7J9tn2bp2HxnsmCvzMwkYExgJUSZacOZpRJWEMNV4QY1zkzPCzT31 077u0QBE+jBT61A631WYiM7B+i/l1wNdBQr44D/NI8BydpUDTIv1UKGeKQjjPZKSiru9 yDvUoEk2Ytq/riYhCfoy3No2pgqw+FdH9mpwP9t0aFaM1+MJe+Px7t4iDM42h6KQz0/Y WHaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=M9d6ePRTzZiLNbRSrhKettsNPoTADGTq2uEKllllxdk=; fh=bx/Lp9qOt0UuzGERuq/l+gEiUGoqvcSGyJD15vq5eKM=; b=J2qdsNQ8D1A14arR3VT2iUdMs3wWs5NWzk27qsbkpfMGVUkbzpwC0DAzE1yrT5dIah ZHH4xXChTegZ7PLC8eZQxZmMq1wHbRxVBp5OrfjGnkODa1fEdjPTdbDYDnyGgd3KCqo2 Wh4r4Dq2DrmYyQKZuC/xGGf0LuZd8aOoFNj1iEHrdH7i5gB+a5ERdT/XnMBKpWXBo5jg f5bli1V4sldZFUfvJPSRrQJngupMYgvMGCLj0AE4HiY/Eb7O35RgWotrl5KV3+gQmuwm 4UoEe4W7/l5mlVeXLAAxsplDv4idLBbFDnKX6h2D+cZPCtLtobcfZRDWW3fyOiQXk9lm NWLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EkbBsX7j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id u42-20020a056a0009aa00b006ce6f21565fsi9343835pfg.272.2023.12.13.04.26.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Dec 2023 04:26:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EkbBsX7j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id A4F46803D01F; Wed, 13 Dec 2023 04:26:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233392AbjLMM0h (ORCPT + 99 others); Wed, 13 Dec 2023 07:26:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229600AbjLMM0g (ORCPT ); Wed, 13 Dec 2023 07:26:36 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E93993 for ; Wed, 13 Dec 2023 04:26:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702470402; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=M9d6ePRTzZiLNbRSrhKettsNPoTADGTq2uEKllllxdk=; b=EkbBsX7jFojUq5bRHipRefb/scnxvE60F1c3U5O+Op4Vl0dsp/9MfSdF+oy8A5jaGj0nnI AQWArJivdWFNupeEG4lmUMPEcLQ8vb6GhipVZp+tC+dRHT+1FLwUlnnZlFMRuk9IFPObhD JP3/BGvuD6hEK33dxR2KKKSaiJ5O3eo= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-563-MO3X27X-Pbiyo8pFu38rng-1; Wed, 13 Dec 2023 07:26:38 -0500 X-MC-Unique: MO3X27X-Pbiyo8pFu38rng-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A54121011630; Wed, 13 Dec 2023 12:26:37 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1D0A6492C30; Wed, 13 Dec 2023 12:26:37 +0000 (UTC) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Andrew Jones , Mark Brown Subject: [PATCH] KVM: selftests: Fix dynamic generation of configuration names Date: Wed, 13 Dec 2023 07:26:36 -0500 Message-Id: <20231213122636.2684144-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 13 Dec 2023 04:26:54 -0800 (PST) When we dynamically generate a name for a configuration in get-reg-list we use strcat() to append to a buffer allocated using malloc() but we never initialise that buffer. Since malloc() offers no guarantees regarding the contents of the memory it returns this can lead to us corrupting, and likely overflowing, the buffer: vregs: PASS vregs+pmu: PASS sve: PASS sve+pmu: PASS vregs+pauth_address+pauth_generic: PASS X?vr+gspauth_addre+spauth_generi+pmu: PASS The bug is that strcat() should have been strcpy(), and that replacement would be enough to fix it, but there are other things in the function that leave something to be desired. In particular, an (incorrectly) empty config would cause an out of bounds access to c->name[-1]. Since the strcpy() call relies on c->name[0..len-1] being initialized, enforce that invariant throughout the function. Fixes: 2f9ace5d4557 ("KVM: arm64: selftests: get-reg-list: Introduce vcpu configs") Reviewed-by: Andrew Jones Co-developed-by: Mark Brown Signed-off-by: Mark Brown Message-Id: <20231211-kvm-get-reg-list-str-init-v3-1-6554c71c77b1@kernel.org> Signed-off-by: Paolo Bonzini --- tools/testing/selftests/kvm/get-reg-list.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/get-reg-list.c b/tools/testing/selftests/kvm/get-reg-list.c index be7bf5224434..8274ef04301f 100644 --- a/tools/testing/selftests/kvm/get-reg-list.c +++ b/tools/testing/selftests/kvm/get-reg-list.c @@ -71,11 +71,12 @@ static const char *config_name(struct vcpu_reg_list *c) for_each_sublist(c, s) { if (!strcmp(s->name, "base")) continue; - strcat(c->name + len, s->name); - len += strlen(s->name) + 1; - c->name[len - 1] = '+'; + if (len) + c->name[len++] = '+'; + strcpy(c->name + len, s->name); + len += strlen(s->name); } - c->name[len - 1] = '\0'; + c->name[len] = '\0'; return c->name; } -- 2.39.1