From nobody Mon Apr  6 09:11:36 2026
Received: from mail-dl1-f74.google.com (mail-dl1-f74.google.com
 [74.125.82.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05674349B15
	for <linux-kernel@vger.kernel.org>; Sat,  4 Apr 2026 03:44:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1775274278; cv=none;
 b=RWmlqKpdDCf0vyGCagX+L1KTD8XT3snhB6J0LSiI3GxRKb+vETdRwNHkbyCgObkdlMC10AmHqeYbWz8GMg7RLphKsV7+JiL7mqfFn74Zx8L6aO6X02ya5Kuen9ICK24feYQTabQ3TdRzy3Dnhm3Zk8JTy8HLU8xrU7Rxx7V2Wq4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1775274278; c=relaxed/simple;
	bh=dx5HgIGGhqnvfj2keHd/IWfkicfFg95KhLIVi2C5jhg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=k7KchoM4zFDzoe5T/PWlLO91vEjakNYtq1QBw2INtismi5pWLBurlwD2SVsRyJg26UvUm6LN9jW+/USDY8tOLHJmmJIO6/PPJoOvQfLeaB8fzRRbPbdTMx87UmOBpe93htZZklm/jMcvFFx9f64k9e7v2m7vD7U1PvjfgQ7Bmgg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=NVGLQFwB; arc=none smtp.client-ip=74.125.82.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--irogers.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="NVGLQFwB"
Received: by mail-dl1-f74.google.com with SMTP id
 a92af1059eb24-127133794b6so3726528c88.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 03 Apr 2026 20:44:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1775274276; x=1775879076;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=a7VGO43VnRAVL9zGAQ9Zlx3k+gPhIb04E0ubKH9cAnA=;
        b=NVGLQFwBIhyRu6VYbVAbm5tJ2FACVSpaODeAqnkHkftZnHv/hNbstWyuJNU90/44SJ
         179FJECwlWIzc0RLeccaLJqkg/jjQahgncm3OS8BtNfZ29QO6kY+dY7HnhUB5ooNvTz2
         5OA98tXAG2dcqck1KPuL3NbAIOyM5Cm9pnzs0CGx/zFTAWrIBUU+to1dOL6+G/SLjrpm
         oRMqWZ/7mDX4ScMQDF4QtTMtV0IbUTVjGeuXz6pdr3WQ9e9kpa61976up9FXLX0wS1+b
         4keDvu+OA3084Aw5w1HTdrghI51XQMfFgwC6KV5oenbsfiXa6a5KhFdUSVnUSsvUVZHt
         85vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1775274276; x=1775879076;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=a7VGO43VnRAVL9zGAQ9Zlx3k+gPhIb04E0ubKH9cAnA=;
        b=e+YMBjLUiFh0K91bgeotPxCXcapVvMibhvjljD87WbSPE+GiygUvay/JJcUSKXDhBu
         Sq/02sNwZtTuggTwEMgaIiQBwmpq9/wq6KCt3CWRHPR8sXqdAactR30ULcAgb5huiem1
         FGvsX1jJeWpx+S5LlNq27KNrKC6SN/FF3kBD7DaSPuRUTkF405WLnO/BQFuX9TXflEYq
         JQjOdbA6BSjd+dniXvOmFObo16paqEIZKjilll8ceqlehu+UI1AunBOCCxAUDjoXRusy
         OfxwU8TSn7w7l3ksT4j81bUQgUJXiI6h3NmvcZj6E+aBxDdkyNowt4KIWBR4xgCOzrbt
         538Q==
X-Forwarded-Encrypted: i=1;
 AJvYcCXkXcNDvBUPj2C+em1FrYfcc6uO3w1bpoWWTgbtyX3PBzEsHjyugT44hoxgSV2ePwQ2WUHRstoCz49E7gs=@vger.kernel.org
X-Gm-Message-State: AOJu0YxYI5ppGTedD+UdNc4MPALnSRpBhy2E200A6SA81ZLyhX98skc6
	aAsWgonNOWvYF1ECaXR71NrSINPCmgzQ9NDxHWIAECaSauzYg03zjL/L20+/2PfiP/l+0vPC+4S
	dtYK7+H09Xw==
X-Received: from dlbur5.prod.google.com
 ([2002:a05:7022:ea45:b0:12a:c5dd:73f9])
 (user=irogers job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:7022:43a8:b0:11b:9b98:aa4b
 with SMTP id a92af1059eb24-12bfb6ec461mr2615000c88.6.1775274275815; Fri, 03
 Apr 2026 20:44:35 -0700 (PDT)
Date: Fri,  3 Apr 2026 20:43:25 -0700
In-Reply-To: <20260404034325.3172592-1-irogers@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260403204017.2919994-1-irogers@google.com>
 <20260404034325.3172592-1-irogers@google.com>
X-Mailer: git-send-email 2.53.0.1213.gd9a14994de-goog
Message-ID: <20260404034325.3172592-26-irogers@google.com>
Subject: [PATCH v6 25/25] perf evsel: Don't pass evsel with sample
From: Ian Rogers <irogers@google.com>
To: acme@kernel.org, namhyung@kernel.org
Cc: irogers@google.com, adrian.hunter@intel.com, ajones@ventanamicro.com,
	ak@linux.intel.com, alex@ghiti.fr, alexander.shishkin@linux.intel.com,
	anup@brainfault.org, aou@eecs.berkeley.edu, atrajeev@linux.ibm.com,
	blakejones@google.com, ctshao@google.com, dapeng1.mi@linux.intel.com,
	derek.foreman@collabora.com, dvyukov@google.com, howardchu95@gmail.com,
	hrishikesh123s@gmail.com, james.clark@linaro.org, jolsa@kernel.org,
	krzysztof.m.lopatowski@gmail.com, leo.yan@arm.com,
	linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
	linux@treblig.org, mingo@redhat.com, nichen@iscas.ac.cn, palmer@dabbelt.com,
	peterz@infradead.org, pjw@kernel.org, ravi.bangoria@amd.com,
	swapnil.sapkal@amd.com, tanze@kylinos.cn, thomas.falcon@intel.com,
	tianyou.li@intel.com, yujie.liu@intel.com, zhouquan@iscas.ac.cn
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Arrange for the sample to contain the evsel and so it is unnecessary
to pass the evsel as well. This is done for uniformity, although
parsing of the sample is arguably a special case. Add missing bound
check in perf_evsel__parse_id_sample.

Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/evsel.c | 53 ++++++++++++++++++++++++++++++++---------
 1 file changed, 42 insertions(+), 11 deletions(-)

diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index b653e683d7a1..1e0bb4cb995d 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -3003,24 +3003,39 @@ int evsel__open_per_thread(struct evsel *evsel, str=
uct perf_thread_map *threads)
 	return ret;
 }
=20
-static int perf_evsel__parse_id_sample(const struct evsel *evsel,
-				       const union perf_event *event,
+static int perf_evsel__parse_id_sample(const union perf_event *event,
 				       struct perf_sample *sample)
 {
+	const struct evsel *evsel =3D sample->evsel;
 	u64 type =3D evsel->core.attr.sample_type;
-	const __u64 *array =3D event->sample.array;
+	const __u64 *array, *array_begin =3D event->sample.array;
 	bool swapped =3D evsel->needs_swap;
 	union u64_swap u;
=20
-	array +=3D ((event->header.size -
-		   sizeof(event->header)) / sizeof(u64)) - 1;
+	if ((type & (PERF_SAMPLE_IDENTIFIER |
+		     PERF_SAMPLE_CPU |
+		     PERF_SAMPLE_STREAM_ID |
+		     PERF_SAMPLE_ID |
+		     PERF_SAMPLE_TIME |
+		     PERF_SAMPLE_TID)) =3D=3D 0)
+		return 0;
+
+	if (event->header.size < sizeof(event->header) + sizeof(u64))
+		return -EFAULT;
=20
+	array =3D array_begin + ((event->header.size - sizeof(event->header)) / s=
izeof(u64)) - 1;
 	if (type & PERF_SAMPLE_IDENTIFIER) {
+		if (array < array_begin)
+			return -EFAULT;
+
 		sample->id =3D *array;
 		array--;
 	}
=20
 	if (type & PERF_SAMPLE_CPU) {
+		if (array < array_begin)
+			return -EFAULT;
+
 		u.val64 =3D *array;
 		if (swapped) {
 			/* undo swap of u64, then swap on individual u32s */
@@ -3033,21 +3048,33 @@ static int perf_evsel__parse_id_sample(const struct=
 evsel *evsel,
 	}
=20
 	if (type & PERF_SAMPLE_STREAM_ID) {
+		if (array < array_begin)
+			return -EFAULT;
+
 		sample->stream_id =3D *array;
 		array--;
 	}
=20
 	if (type & PERF_SAMPLE_ID) {
+		if (array < array_begin)
+			return -EFAULT;
+
 		sample->id =3D *array;
 		array--;
 	}
=20
 	if (type & PERF_SAMPLE_TIME) {
+		if (array < array_begin)
+			return -EFAULT;
+
 		sample->time =3D *array;
 		array--;
 	}
=20
 	if (type & PERF_SAMPLE_TID) {
+		if (array < array_begin)
+			return -EFAULT;
+
 		u.val64 =3D *array;
 		if (swapped) {
 			/* undo swap of u64, then swap on individual u32s */
@@ -3244,15 +3271,18 @@ int evsel__parse_sample(struct evsel *evsel, union =
perf_event *event,
=20
 		data->deferred_cookie =3D event->callchain_deferred.cookie;
=20
-		if (evsel->core.attr.sample_id_all)
-			perf_evsel__parse_id_sample(evsel, event, data);
-
+		if (evsel->core.attr.sample_id_all) {
+			if (perf_evsel__parse_id_sample(event, data))
+				goto out_efault;
+		}
 		return 0;
 	}
=20
 	if (event->header.type !=3D PERF_RECORD_SAMPLE) {
-		if (evsel->core.attr.sample_id_all)
-			perf_evsel__parse_id_sample(evsel, event, data);
+		if (evsel->core.attr.sample_id_all) {
+			if (perf_evsel__parse_id_sample(event, data))
+				goto out_efault;
+		}
 		return 0;
 	}
=20
@@ -3614,12 +3644,13 @@ int evsel__parse_sample_timestamp(struct evsel *evs=
el, union perf_event *event,
=20
 	if (event->header.type !=3D PERF_RECORD_SAMPLE) {
 		struct perf_sample data =3D {
+			.evsel =3D evsel,
 			.time =3D -1ULL,
 		};
=20
 		if (!evsel->core.attr.sample_id_all)
 			return -1;
-		if (perf_evsel__parse_id_sample(evsel, event, &data))
+		if (perf_evsel__parse_id_sample(event, &data))
 			return -1;
=20
 		*timestamp =3D data.time;
--=20
2.53.0.1213.gd9a14994de-goog