git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Lang Xu <xulang@uniontech.com>
	Thu, 2 Apr 2026 07:42:36 +0000 (15:42 +0800)
committer	Alexei Starovoitov <ast@kernel.org>
	Sun, 12 Apr 2026 20:36:32 +0000 (13:36 -0700)
commit	171609f047552b51b8ed78f338cbffb84b7f5e8f
tree	fd468ce818d0cf5616ceaf8049d269169b974127	tree \| snapshot
parent	576afddfee8d1108ee299bf10f581593540d1a36	commit \| diff

selftests/bpf: Add test for cgroup storage OOB read

Add a test case to reproduce the out-of-bounds read issue when copying
from a cgroup storage map to a pcpu map with a value_size not rounded
up to 8 bytes.

The test creates:
1. A CGROUP_STORAGE map with 4-byte value (not 8-byte aligned)
2. A LRU_PERCPU_HASH map with 4-byte value (same size)

When a socket is created in the cgroup, the BPF program triggers
bpf_map_update_elem() which calls copy_map_value_long(). This function
rounds up the copy size to 8 bytes, but the cgroup storage buffer is
only 4 bytes, causing an OOB read (before the fix).

Signed-off-by: Lang Xu <xulang@uniontech.com>
Link: https://lore.kernel.org/r/D63BF0DBFF1EA122+20260402074236.2187154-2-xulang@uniontech.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

tools/testing/selftests/bpf/prog_tests/cgroup_storage.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/progs/cgroup_storage.c		diff \| blob \| blame \| history