From: Andrii Nakryiko <andrii@kernel.org>
Date: Tue, 30 Apr 2024 20:19:51 +0000 (-0700)
Subject: libbpf: fix potential overflow in ring__consume_n()
X-Git-Tag: v6.10-rc1~153^2~13^2~33
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=00f0e08f23fc007f4a5a71cd7e37fcdb15af0c1b;p=thirdparty%2Fkernel%2Flinux.git

libbpf: fix potential overflow in ring__consume_n()

ringbuf_process_ring() return int64_t, while ring__consume_n() assigns
it to int. It's highly unlikely, but possible for ringbuf_process_ring()
to return value larger than INT_MAX, so use int64_t. ring__consume_n()
does check INT_MAX before returning int result to the user.

Fixes: 4d22ea94ea33 ("libbpf: Add ring__consume_n / ring_buffer__consume_n")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20240430201952.888293-1-andrii@kernel.org
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
---

diff --git a/tools/lib/bpf/ringbuf.c b/tools/lib/bpf/ringbuf.c
index 99e44cf023212..37c5a2d86a782 100644
--- a/tools/lib/bpf/ringbuf.c
+++ b/tools/lib/bpf/ringbuf.c
@@ -405,7 +405,7 @@ int ring__map_fd(const struct ring *r)
 
 int ring__consume_n(struct ring *r, size_t n)
 {
-	int res;
+	int64_t res;
 
 	res = ringbuf_process_ring(r, n);
 	if (res < 0)