From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 901582765F5; Fri, 10 Apr 2026 00:40:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781628; cv=none; b=tDQVUfPTN7cnC2U94UAj4+Up1oC17y/Mtmff+R6qAAmUe77hb68+4gy2EF/fJPaFLJc/11v+16MDAvjyyaKMP67ZBz97mAcvs8GLXdRWeFgdY1/1z2RTRi30UcbwQuPdhJryfaK5PHFwwqvoGf4q8NgCillAZavmif++1pGKzYo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781628; c=relaxed/simple; bh=lIJO53dz/dU74xR+TJ0mkJip/iMvG3Hy7+2H1fVOxzg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lWxq8k7kNBHubb18O2TQ+Bds/JluMp2Av9d1+TLbdT3jl7R49ijscqplPQo0zg3wwiRaGqdrUyYMm4Z+mVw3txMJdy4MsTV/hsGDBxbCFcBu8QfwhYv45izr0IrrbHNe4A75KxUhBtoNps7OtNTKwZ7TY9p6fiU9o7cnAjiNIhg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uTVMxaP1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uTVMxaP1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8741FC2BC87; Fri, 10 Apr 2026 00:40:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781628; bh=lIJO53dz/dU74xR+TJ0mkJip/iMvG3Hy7+2H1fVOxzg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uTVMxaP13l00gIBW8vf7eHtgfRRHYUiYK6E/R+GjwpTGMtp9wF1hUXgBjt8cofRfr ys1ua5qU6SKj8Hoh6YaPE59lclJ038MSTtMJ3G8MXEcTL5t+hF22hhPvirQypGZYOd V2h+SmHRM0QG/se4BKAaGLulDsUbNeUvlW9vUCQDqo47qXjuO8m6NPs168C68goPKC xYtu1HFWOe5o+XmcxRmw2VAwJN/0D2CWeV2xeo5kiMhE7LA0JxmH7ffJpf+jFYz8hh icG/RyvWCyUdoi8xFJ7BzDqeFOWUhOxcVspM0OmQDWPJv7F9piMYz5vTOlcMlyWbo3 YXhfcaUW7ASqg== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 01/13] perf header: Validate nr_domains when reading HEADER_CPU_DOMAIN_INFO Date: Thu, 9 Apr 2026 21:39:48 -0300 Message-ID: <20260410004000.148138-2-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Further validate the HEADER_CPU_DOMAIN_INFO fields, this time checking the nr_domains field. Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index c6efddb70aee2904..a2796b72adc4d908 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3731,6 +3731,12 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused if (do_read_u32(ff, &nr_domains)) return -1; =20 + if (nr_domains > max_sched_domains) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: nr_domains %u > max_sched_domai= ns (%u)\n", + nr_domains, max_sched_domains); + return -1; + } + cd_map[cpu]->nr_domains =3D nr_domains; =20 cd_map[cpu]->domains =3D calloc(max_sched_domains, sizeof(*d_info)); --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F4852D9EF0; Fri, 10 Apr 2026 00:40:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781633; cv=none; b=QdZzsBCLJTFlyvkgzHUyXTWE2U9w0qWjMt/yn6FVzLMTX7TgU0BXD1/ezF89ZrfCPddsYc+sxDgQZO6vRBtoLShrMpYyG7XHZ/2rAIMQeGPv9j6aaMKwcpn/RQUL6LhhO2HOpd2UdMnJllQVnn6JAmlwid887fkk8dXjtZbNxSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781633; c=relaxed/simple; bh=nRhrm1ogSjO4p55V7XBisFBFW6sxxtenZ9O/wXP8roI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PSiA6OaTTrpVMpPBqEehEmPdiLTWXvX5/GKV95nORhEDmUn40Me8rg2c4ftryGZz4B5o0K2TfWi6pa9Z9sgav8N6h5bXimG0s004TVoZJZUpbIBkIAKVr8QiedFI7Vf04HDc3nfpymGqGxLCjaXqMeUsNDo2N90xd09Ot5k9Mg4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=eNmys/lU; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="eNmys/lU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B43E4C2BC87; Fri, 10 Apr 2026 00:40:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781633; bh=nRhrm1ogSjO4p55V7XBisFBFW6sxxtenZ9O/wXP8roI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eNmys/lUBj2VKlaIp3b/P6fGFwOEH8De8ZHO0o4oYh9pCp+RkAWsMfKAHMpo3TJDs 3vXGPGzhXlO5SY3s9Ga+Q0UsI1L1e5indpPSCoWrdreHkyMfeLMgTN4tvoTjcaCxcM rSAfreS9Ows91bkAVlKR4zMGvP1VfigJHEU99ueMVwH0qn7bxvLIf+uEbksmTrsNqH iFy/uAtF7RNtLRHmHhvT/2Wfw0opp3C9QKSKi2Hq1qsCypTWE4h+hjacz2tDoLEdGg fKIutIr6TKYKLNSy4mvAlM7jL5Ma0T1Z//yGNSSQ/HEo8AKJVosZanteGbTI0S51Ks 4sJxLCXulvXuQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 02/13] perf header: Bump up the max number of command line args allowed Date: Thu, 9 Apr 2026 21:39:49 -0300 Message-ID: <20260410004000.148138-3-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo We need to do some upper limit validation, bump up the arbitrary limit as per suggestion of Sashiko about command line wildcard expansion ending up with more than 32768 args. Link: https://sashiko.dev/#/patchset/20260408172846.96360-1-acme%40kernel.o= rg Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index a2796b72adc4d908..22c44b6f0b098f95 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -2795,8 +2795,11 @@ process_event_desc(struct feat_fd *ff, void *data __= maybe_unused) return 0; } =20 -// Some reasonable arbitrary max for the number of command line arguments -#define MAX_CMDLINE_NR 32768 +/* + * Some arbitrary max for the number of command line arguments, + * Wildcards can expand and end up with tons of command line args. + */ +#define MAX_CMDLINE_NR 1048576 =20 static int process_cmdline(struct feat_fd *ff, void *data __maybe_unused) { --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 439B52D9EF0; Fri, 10 Apr 2026 00:40:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781639; cv=none; b=aHZLI9YfMLNvvoA8D24QRVEfyKzXzOGi1isAqRq4jLcwcNFJw0V0JkPHLBm0qDKKXgudTRBxjrR+Yk2KgzElQcKKmWO52HjGXOMy0bI9cEYriexGcQPjgIAX0K519Cx9JMYm/m5MxpjMgAZEzBo5v1bo34czCNFm1ZPznb0Cb2c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781639; c=relaxed/simple; bh=biYJmZbXc6Vv/jraHHe4RTvMieVhQJsZQN/flam6bRc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ab3FU++tjcv+GlWm46WMy9/sdJicEaBaM2doJjyh4SAn1fwjxjZK71bFKPfO3wiV0p0Vi723OyEksP7664vOC4scPV69BpQeIc4k/Wyx7Hq2xsmS0ZKqwwOYWvtDOSfmvsOgUdBLL3uBHupyFBu86GhLwybPmj0/Woq6HheSp94= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=H5vXy6MG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="H5vXy6MG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 01E3DC4CEF7; Fri, 10 Apr 2026 00:40:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781638; bh=biYJmZbXc6Vv/jraHHe4RTvMieVhQJsZQN/flam6bRc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H5vXy6MGkCkZ4c+HRRHhb47sFCpEnm33jwf8fLAzocrMeVME6xe+Zw48PPjUn58+9 GRNbeX+PO69UO0pLOcBBskIczUhFcdXgcajJ5gf7yDy4Aw92TDuM4+3HHLJdlyKjRO JrbzMxP933TOMKCre9eVjitryCA5oU/BDVZx4B/LNGyKMhk+88mDgYEtmREy1kupb5 5TaCOigsRMrlmwZbKd/6vMH3CivMI3rQ6lnVw2QDeVx1Z06u0T0KGSDI8eQODflzli N9iyzWfhOx/Ri0x1LG6M+Vy6gUHh3IugixxHnZWGMKyUg6pu9QGZuA4u/q/xjx88rs YK5+8QdYHfsDA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Swapnil Sapkal Subject: [PATCH 03/13] perf header: Sanity check HEADER_NRCPUS and HEADER_CPU_DOMAIN_INFO Date: Thu, 9 Apr 2026 21:39:50 -0300 Message-ID: <20260410004000.148138-4-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo While working on some cleanups sashiko questioned about pre-existing issues, namely lacking sanity checks for perf.data headers, add some with the help of Claude. Cc: Ian Rogers Cc: Swapnil Sapkal Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 44 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 22c44b6f0b098f95..2d23dbc666b676be 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -2722,6 +2722,13 @@ static int process_nrcpus(struct feat_fd *ff, void *= data __maybe_unused) ret =3D do_read_u32(ff, &nr_cpus_online); if (ret) return ret; + + if (nr_cpus_online > nr_cpus_avail) { + pr_err("Invalid HEADER_NRCPUS: nr_cpus_online (%u) > nr_cpus_avail (%u)\= n", + nr_cpus_online, nr_cpus_avail); + return -1; + } + env->nr_cpus_avail =3D (int)nr_cpus_avail; env->nr_cpus_online =3D (int)nr_cpus_online; return 0; @@ -3698,6 +3705,17 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused nra =3D env->nr_cpus_avail; nr =3D env->nr_cpus_online; =20 + if (nra =3D=3D 0 || nr =3D=3D 0) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: missing HEADER_NRCPUS\n"); + return -1; + } + + if (ff->size < 2 * sizeof(u32) + nr * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: section too small (%zu) for %u C= PUs\n", + (size_t)ff->size, nr); + return -1; + } + cd_map =3D calloc(nra, sizeof(*cd_map)); if (!cd_map) return -1; @@ -3714,6 +3732,19 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused if (ret) return ret; =20 + /* + * Sanity check: real systems have at most ~10 sched domain levels + * (SMT, CLS, MC, PKG + NUMA hops). Reject obviously bogus values + * from malformed perf.data files before they cause excessive + * allocation in the per-CPU loop. + */ +#define MAX_SCHED_DOMAINS 64 + if (max_sched_domains > MAX_SCHED_DOMAINS) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: max_sched_domains %u > %u\n", + max_sched_domains, MAX_SCHED_DOMAINS); + return -1; + } + env->max_sched_domains =3D max_sched_domains; =20 for (i =3D 0; i < nr; i++) { @@ -3725,6 +3756,11 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused return -1; } =20 + if (cd_map[cpu]) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: duplicate cpu %u\n", cpu); + return -1; + } + cd_map[cpu] =3D zalloc(sizeof(*cd_map[cpu])); if (!cd_map[cpu]) return -1; @@ -3760,7 +3796,13 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused if (!d_info) return -1; =20 - assert(cd_map[cpu]->domains[domain] =3D=3D NULL); + if (cd_map[cpu]->domains[domain]) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: duplicate domain %u for cpu %u= \n", + domain, cpu); + free(d_info); + return -1; + } + cd_map[cpu]->domains[domain] =3D d_info; d_info->domain =3D domain; =20 --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E3612D9EF0; Fri, 10 Apr 2026 00:40:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781644; cv=none; b=VTWs8he3bwTYyWcAHKENt0SdFkBDmLYlFUtvQ8rqCAZI00tm0um9T/6FizummoxB4LUR4zZAo/b6QAFg/zbz5k/Hzn3PPPhkpyF+vfMKiXI0pN/fuTmhb20Wmyk77bw39dx4N41hg02P3phGyWLhxKEkSseKLUljHS3mByEdwoY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781644; c=relaxed/simple; bh=Jp9ziUk5X76/b2jCuzlaqwh1cSCiY99GdmNG2gPISJQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IC78YXVtGv47JOHyHTKhXvcpErt80WX/7tckSSCThkif+WBlp1EH2GV1cYrZlrFkED8RWHy8xulKaCYRHBWKMqha7cPl/ND4Lc2o5/iwFvBlXFCEDsio2qvCnYzfb4TekWtdIRPEMR86fnIHAr6SStq9KBNQzpZNAl8gB6Ijizo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ucuKUn0s; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ucuKUn0s" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 69BDAC4CEF7; Fri, 10 Apr 2026 00:40:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781644; bh=Jp9ziUk5X76/b2jCuzlaqwh1cSCiY99GdmNG2gPISJQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ucuKUn0spmd3qonplG883bMrsGnNaTLSBwO+mLoumVorCf1Em37hP5Ssx02ie9EOD 72A+h+DZg46aKsiPIaOxnfblra/2aa77KPSXyz4mTdqpndPTMLT80U3CxJa+nxzqRZ eSPpcv1nCwccCjXLW0GWYTFQDN8kS31bsogOhVEZ92o1td2lMGmXxCRcIjb6IsG0bt 9jkcdb9HKWuVOLE7gt6RZcO0v/l6Mp8/uag2Txrphmc6sYBQ31cbOpcYUqwz0kvnP9 wWhiUWN5a1RgYypsHkQvyQtNzzQ1pcoBkhWihhIO4u+SSgD7LX7ReHvpuUKy0z1azP luMuH1NvkXeDw== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 04/13] perf header: Sanity check HEADER_CPU_TOPOLOGY Date: Thu, 9 Apr 2026 21:39:51 -0300 Message-ID: <20260410004000.148138-5-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_cpu_topology() to harden against malformed perf.data files: - Verify nr_cpus_avail was initialized (HEADER_NRCPUS processed first) - Bounds check sibling counts (cores, threads, dies) against nr_cpus_avail - Fix two bare 'return -1' that leaked env->cpu by using 'goto free_cpu' Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 2d23dbc666b676be..a7df8ed9a69e9231 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -2859,6 +2859,11 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) int cpu_nr =3D env->nr_cpus_avail; u64 size =3D 0; =20 + if (cpu_nr =3D=3D 0) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: missing HEADER_NRCPUS\n"); + return -1; + } + env->cpu =3D calloc(cpu_nr, sizeof(*env->cpu)); if (!env->cpu) return -1; @@ -2866,6 +2871,12 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) if (do_read_u32(ff, &nr)) goto free_cpu; =20 + if (nr > (u32)cpu_nr) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: nr_sibling_cores (%u) > nr_cpus_ava= il (%d)\n", + nr, cpu_nr); + goto free_cpu; + } + env->nr_sibling_cores =3D nr; size +=3D sizeof(u32); if (strbuf_init(&sb, 128) < 0) @@ -2885,7 +2896,13 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) env->sibling_cores =3D strbuf_detach(&sb, NULL); =20 if (do_read_u32(ff, &nr)) - return -1; + goto free_cpu; + + if (nr > (u32)cpu_nr) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: nr_sibling_threads (%u) > nr_cpus_a= vail (%d)\n", + nr, cpu_nr); + goto free_cpu; + } =20 env->nr_sibling_threads =3D nr; size +=3D sizeof(u32); @@ -2934,7 +2951,13 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) return 0; =20 if (do_read_u32(ff, &nr)) - return -1; + goto free_cpu; + + if (nr > (u32)cpu_nr) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: nr_sibling_dies (%u) > nr_cpus_avai= l (%d)\n", + nr, cpu_nr); + goto free_cpu; + } =20 env->nr_sibling_dies =3D nr; size +=3D sizeof(u32); --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9466A2DB7BB; Fri, 10 Apr 2026 00:40:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781649; cv=none; b=VcDBgxu+GreeZI1WpiEXBpV5H93FW4gvDzcMcfccyi1/Gzzq8WYA7oK5+UacE5ftdgYLgQHEUuE9NE/ByNtI7h9RvsufVmoOKasSbZqtLLj1WhWcBlLY6z0RB6M99Z8+tAoyShJUj8kZFp6O/dTmqj3K5dZkbqHNdp3ePuYOaKo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781649; c=relaxed/simple; bh=folCP2Wb/5RUUpetgte4BJuOPZbK5f7MP/6iR0y7jJ8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ax3HGU5wsV8PkuSVm4p5KHw+Z2TfZATGgwaDSVl1xVMkrPqk8q67b9ldDQzJ2l9Z0kixOlAyppVFFgtS+vFxSZLWM0rxB9XNuiPeAelNfihOL/XLn3iWXMWm6Rf2F6cEDu+HkTvPK781WTCQ3XAgo8vBOO1X25JQS1UuUPrrdio= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=r9KVevOw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="r9KVevOw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 86EC9C2BC9E; Fri, 10 Apr 2026 00:40:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781649; bh=folCP2Wb/5RUUpetgte4BJuOPZbK5f7MP/6iR0y7jJ8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r9KVevOw+fJtqTfesgkKcjES75kjBNDdz5SSyD2Bb6YHA2Xy4jBc67sVE+hJ6knDM e11AkHFIbwa2uT/ZvrHAv5ROMKi8n62CxPSW+OMSFprb32tvXQfpZzcIOh3weYugK4 G8bkmUaILXSSLq4dx679ceAFpTLb8TczlfVHvdf7yZLZ3+bW1lGRtydOkJnZcxm05e pc36IzZTU0220Vg404fzDwM3WgVuy9Y4PB2D8dM38WQ/leFX7Ro0F30GoZaP3vi0Ps xnvwTWwB40R1TKtJ/xXYkx6Sl1+/TndJgvvz5pL9gQL0leuwaKJWysfIdsVjm2m/Yh 2jSUzjQHc9amw== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 05/13] perf header: Sanity check HEADER_NUMA_TOPOLOGY Date: Thu, 9 Apr 2026 21:39:52 -0300 Message-ID: <20260410004000.148138-6-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_numa_topology() to harden against malformed perf.data files: - Upper bound check on nr_nodes (max 4096) - Minimum section size check before allocating Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index a7df8ed9a69e9231..2c6f7c96e2dccaf1 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3003,6 +3003,19 @@ static int process_numa_topology(struct feat_fd *ff,= void *data __maybe_unused) if (do_read_u32(ff, &nr)) return -1; =20 +#define MAX_NUMA_NODES 4096 + if (nr > MAX_NUMA_NODES) { + pr_err("Invalid HEADER_NUMA_TOPOLOGY: nr_nodes (%u) > %u\n", + nr, MAX_NUMA_NODES); + return -1; + } + + if (ff->size < sizeof(u32) + nr * (sizeof(u32) + 2 * sizeof(u64))) { + pr_err("Invalid HEADER_NUMA_TOPOLOGY: section too small (%zu) for %u nod= es\n", + ff->size, nr); + return -1; + } + nodes =3D calloc(nr, sizeof(*nodes)); if (!nodes) return -ENOMEM; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE3232E03EA; Fri, 10 Apr 2026 00:40:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781654; cv=none; b=BP+JY5fBhBMC7wq0Awp2E/5UjJGwXMu1satycXohFLvgsykSL7J3XMf3UK/gdp0wpLrbyQD1a7e/f0kXl0djUGgWMbJs/R5o9I9Qo0wx3wc8roufoqBepJsQ3kn+kYouT2O7ev6XMCVS4kJS+43jFvO9Pxng2GKxQ+2ZPbfNmqI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781654; c=relaxed/simple; bh=bSjw0l7vsHYRjhidUpSEWJ8ORo5VTXLn7Q7VZAsN0i8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=U3HmhtmOZ0T1vFRVN4Pfq1JOoRm2Z2200kDpStCU3ZNvznMTRV+WvYVGZkMDctvjk7RvPxGyIpoF1C8wpzqWT9uknimKzyRZYRVS2/q/OFTIWSEKLfh5GlGT7D3MEXBdT2DmbcgShxFcl/MU+3qZA0RNaNVHTvFCkB2d4MhHBXY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QZfaHl5b; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QZfaHl5b" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D66DDC2BC9E; Fri, 10 Apr 2026 00:40:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781654; bh=bSjw0l7vsHYRjhidUpSEWJ8ORo5VTXLn7Q7VZAsN0i8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QZfaHl5bixkxXQsQE77cc+Ue187tCbBThcJKo7+avpqOXLiCZNQpHWwspSwXgDTgO b8Mza/VUsGOHJ28zE7LydIMqCsuMfAUgbridNgUNnmCrkFbei8EJEVZ/F9vdPbCIel +2OFLOMlSjCSBwLPtuLiEuVZ/dvHsH5G8oD5tPHzstCGUadP2ykDDNhXZAAjVaEdeb 8Ody26PdrJ1UYH0hhdB/MtMs+gqqj5jd/d7nGLJVU8ZPNaSwlRuW9Sa4cvKO51BkD6 l5IP2iZnfj4Q0djkmzD8w4tiHQRf644D63o9fl3Zkl/7ibwOyW9A4zjhqPvcwaMSjW ADjyeEaG+864A== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 06/13] perf header: Sanity check HEADER_MEM_TOPOLOGY Date: Thu, 9 Apr 2026 21:39:53 -0300 Message-ID: <20260410004000.148138-7-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_mem_topology() to harden against malformed perf.data files: - Upper bound check on nr_nodes (reuses MAX_NUMA_NODES, 4096) - Minimum section size check before allocating This is particularly important here since nr is u64, making unbounded values especially dangerous. Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 2c6f7c96e2dccaf1..45f533fbb8fdc3c6 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3306,6 +3306,18 @@ static int process_mem_topology(struct feat_fd *ff, if (do_read_u64(ff, &nr)) return -1; =20 + if (nr > MAX_NUMA_NODES) { + pr_err("Invalid HEADER_MEM_TOPOLOGY: nr_nodes (%llu) > %u\n", + (unsigned long long)nr, MAX_NUMA_NODES); + return -1; + } + + if (ff->size < 3 * sizeof(u64) + nr * 2 * sizeof(u64)) { + pr_err("Invalid HEADER_MEM_TOPOLOGY: section too small (%zu) for %llu no= des\n", + ff->size, (unsigned long long)nr); + return -1; + } + nodes =3D calloc(nr, sizeof(*nodes)); if (!nodes) return -1; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D00932DB7BB; Fri, 10 Apr 2026 00:41:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781660; cv=none; b=LZAtFSqKub8oBVDAlJZ6fvvXgkXtwMFzChUmHe9f/w3uSNCOrQpvgrxDaXwKZgCjon8IkvZWPC+Myvwme6M0g28UCqMvjNLml52QtjMbjJO7yh9fK6JLqHoDG/5cMkoFKU1wrrTkafAEywmZ2QYqjB+xEfF3bLMwpAoy9CVJNrE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781660; c=relaxed/simple; bh=x+HdZV5eWrspVCMl80WA2cJnwuIvxZP37vU4Ee9YRzc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GdPkLnKbi09uFtABXS4XLHy9O5dBhM6ASZbdKtGHFg0Zq1vttx7pxjbEi1wlqlOoYgG8CNGBHdcniFZVOx7WkHSk494SgwkmHdK70abH5oJjs+ExKMvsgnZTuVxYv7/m2dsmBh5X8xFLiQ6jQeLJ6ZTxwqtJ9yYar54qYfF3G4I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mN6yYfkK; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mN6yYfkK" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4BE74C4CEF7; Fri, 10 Apr 2026 00:40:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781660; bh=x+HdZV5eWrspVCMl80WA2cJnwuIvxZP37vU4Ee9YRzc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mN6yYfkKZfYLP0SSSv32s/fnK4yEwE1RcYxFqDhiDwsF4jXvaLkwCG3yRwudf5nPa KsyOIM0/zQm4GPuazXX8biTkG3uSZkxEai24lvB8KSMyZ9kPiI/STDao2wzyBSqLSY H0l2pFIBVAwWWwTIO/4yjMR0XZDzOWbWC03y0DhshCXn6arijMIKWklkmrV3W81kD+ upQ8GHDoir2ugFHXJhFsOgD5dFpyInOvpsuxGNTLNaef6eq4WvPyEXXxRgoygWyv2K pYmwqa+QwBaqTVIHOAbDhmaQlqL229Ac8lxIQA4t6qDs6T35uL8aw9WYlMuhDfi6kM hW8yGTduWeMuQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 07/13] perf header: Sanity check HEADER_PMU_MAPPINGS Date: Thu, 9 Apr 2026 21:39:54 -0300 Message-ID: <20260410004000.148138-8-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on pmu_num in process_pmu_mappings() to harden against malformed perf.data files (max 4096). Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 45f533fbb8fdc3c6..1d7ca467acf32bd4 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3067,6 +3067,19 @@ static int process_pmu_mappings(struct feat_fd *ff, = void *data __maybe_unused) return 0; } =20 +#define MAX_PMU_MAPPINGS 4096 + if (pmu_num > MAX_PMU_MAPPINGS) { + pr_err("Invalid HEADER_PMU_MAPPINGS: pmu_num (%u) > %u\n", + pmu_num, MAX_PMU_MAPPINGS); + return -1; + } + + if (ff->size < sizeof(u32) + pmu_num * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_PMU_MAPPINGS: section too small (%zu) for %u PMUs= \n", + ff->size, pmu_num); + return -1; + } + env->nr_pmu_mappings =3D pmu_num; if (strbuf_init(&sb, 128) < 0) return -1; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 981BFF9E8; Fri, 10 Apr 2026 00:41:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781665; cv=none; b=IveAJVA75HrF9oYTvsk6s0DXLiy0TyG8VIRCbKsZEpyYEpUR5orTNE51x5gh+wbTq9xcKa9OIbJ5qg7LaKovvxCDpZcUEu0Ez9la1KkZBX0HhvoF0x3sUR1I32oyg4O5R1NGdqO9VWTwdtsvwBNoo6crvZ894yDYQyDSiJQQFrA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781665; c=relaxed/simple; bh=J6pfbxHxQLDL7TxpbgBQsOkgpWk08x9y63tTQ4+L6Z4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eyQQKoonVinxSbi+txzWKg7b6xabDDSt61eIPtCx57oOb3Taw8I+FEIpmbLHjk0v2MUD+8n027FU0/NvuTPRb2eVeZjqJBaOKBmDzF3CR1uAZnLVtqRu3fuGKAmsmLcjEEFYlfyHXePhIM6UoCBS7hzAiIx7wa4E5xgRT5+kYDw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cSXFqK3d; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cSXFqK3d" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23C5CC4CEF7; Fri, 10 Apr 2026 00:41:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781665; bh=J6pfbxHxQLDL7TxpbgBQsOkgpWk08x9y63tTQ4+L6Z4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cSXFqK3dgLHqhvQCpuiDfbaaoGJsOAtsvmom2lCZJKHW1PP7zEwBEl4hpizc4TXZb 18UMtlmTsDVS3EvfPBgAZMrZSUWkMg8Jayri+rC4KVmJ3ge4nkJrs1Sk0qGo+jWU4a 7CuaLyYtjplB8UwktvFFjr+HtJP3X54P0VM3199w0Zez3zm5cyxDMkm+aNLOWfCpn7 uqDPQKXIxsFvvzTZjavkrQ79Wh9Ddb6j1l+IdBi9XPhxwr3dghiyZQXtX2fdwwCBtY oMGHEnmvK2L669C/ZScsF/Kb9Q9opyPJKZp9ue21Q1/mAcK2OPgkuakjuyW4RqDc5/ mgO+V1M+GMivg== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 08/13] perf header: Sanity check HEADER_GROUP_DESC Date: Thu, 9 Apr 2026 21:39:55 -0300 Message-ID: <20260410004000.148138-9-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on nr_groups in process_group_desc() to harden against malformed perf.data files (max 32768), and move the env assignment after validation. Cc: Namhyung Kim Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 1d7ca467acf32bd4..8e3f4655fbacc6dd 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3130,12 +3130,26 @@ static int process_group_desc(struct feat_fd *ff, v= oid *data __maybe_unused) if (do_read_u32(ff, &nr_groups)) return -1; =20 - env->nr_groups =3D nr_groups; if (!nr_groups) { pr_debug("group desc not available\n"); return 0; } =20 +#define MAX_GROUP_DESC 32768 + if (nr_groups > MAX_GROUP_DESC) { + pr_err("Invalid HEADER_GROUP_DESC: nr_groups (%u) > %u\n", + nr_groups, MAX_GROUP_DESC); + return -1; + } + + if (ff->size < sizeof(u32) + nr_groups * 3 * sizeof(u32)) { + pr_err("Invalid HEADER_GROUP_DESC: section too small (%zu) for %u groups= \n", + ff->size, nr_groups); + return -1; + } + + env->nr_groups =3D nr_groups; + desc =3D calloc(nr_groups, sizeof(*desc)); if (!desc) return -1; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDA08F9E8; Fri, 10 Apr 2026 00:41:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781671; cv=none; b=mCEbzava0Ys2WtzX0gsYPwrJOYPS4LSUzq68sOpdSlQMgYbi0+068nL+DXmkjsfuIIprBtt06Tr/Nh9tuDqrRpcLWOOHXH5guzQqMJUQncwpE5jIQS/clRhB+6TEgGXa77c4txkyZHffV6BFZRtsncYnsX2fmWEF8afTio2HXdg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781671; c=relaxed/simple; bh=zbjev4o8ff7AtZRO8LAMGt/VrUTSo8XGaRWLhgsNGag=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ufhZ1vzK1ID6l5E5qkwEagL6BlWtkN8BDsRtn9degE9N8+V4qyL+rVQlyO7gAgaK2EWeKPjoM0dO+dcwQtOYM+cUzHMMjkLArHpWKd29+6KZdLq4ejDsUhSeeO038crhOx2Mqo+R1cXsEBZE5NofSfCy2A3520Xh/6pf0YPQg/s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=crvv7SHO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="crvv7SHO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 296C5C4CEF7; Fri, 10 Apr 2026 00:41:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781670; bh=zbjev4o8ff7AtZRO8LAMGt/VrUTSo8XGaRWLhgsNGag=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=crvv7SHO0KpTrAs7U9epXQczzegxxHD9wY8K7ELvJVPG6R6Cl1pSgfRvKy6aCvXlf IRXoaNsaEfuTCzUyYX1RgEZR6X23/oUTX6+0pAAF7bjaSo7dAr7Xs6ad7X6U/JHmw8 uIEpeOC9uYasUyJEr4U9CqCvML+NTntR1tdbQBVdWQ2xo1m2B2D5z9rjGFi4VigzDZ t5dBXvNbX0Ex18dlxtvJFjgWFgdbz86hWr/TpjArCprheA18vrgcNPdBfpauRCC1vN Z5fw9cuFlph/xJZf/U/OXJh6v4i7SL5gLc0DdDokc6bANivIklR3g84WcajDcOTlm6 Wg73jaQ0t4QTQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 09/13] perf header: Sanity check HEADER_CACHE Date: Thu, 9 Apr 2026 21:39:56 -0300 Message-ID: <20260410004000.148138-10-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on cache entry count in process_cache() to harden against malformed perf.data files (max 32768). Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 8e3f4655fbacc6dd..494206faeb250956 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3241,6 +3241,19 @@ static int process_cache(struct feat_fd *ff, void *d= ata __maybe_unused) if (do_read_u32(ff, &cnt)) return -1; =20 +#define MAX_CACHE_ENTRIES 32768 + if (cnt > MAX_CACHE_ENTRIES) { + pr_err("Invalid HEADER_CACHE: cnt (%u) > %u\n", + cnt, MAX_CACHE_ENTRIES); + return -1; + } + + if (ff->size < 2 * sizeof(u32) + cnt * 7 * sizeof(u32)) { + pr_err("Invalid HEADER_CACHE: section too small (%zu) for %u entries\n", + ff->size, cnt); + return -1; + } + caches =3D calloc(cnt, sizeof(*caches)); if (!caches) return -1; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36C552EA749; Fri, 10 Apr 2026 00:41:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781676; cv=none; b=WcMk4jET8YfriTTVo2iMugB24PKWjFLEPQycWz/XJkr1qJRA36Qx6+jliJDpoHhd2oMtw9ucgmahfCZ+j7BH3OaX+TwK3KQfPuNFqq46sMSE4pGfmAcYXBg8NHGQqBZ8dM5IbImzrx8m9IlOEI8T0KlH9HFwrG37DvhfJebNHdc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781676; c=relaxed/simple; bh=kcCt8KLANRhZti7x7N45YPBBSZhkbpritvjXyabvHfY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RRVRJ+kASHoRmkTLRulWZ/cixfsJDl9LRIXexxkVMpz31p5dYGGVqGVjAYJ1cxPRBo/4cbsGnGKt8IP+tRrQPYZDDedVMUeEq5fWiuIyhSMEhGHSMfqhQg9axQWk0lSEmsogPgTOD5jNJe89c8lpzrsMuyFvqszvBze3BMxqLl0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uRe+HQ3B; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uRe+HQ3B" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 44027C2BCAF; Fri, 10 Apr 2026 00:41:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781675; bh=kcCt8KLANRhZti7x7N45YPBBSZhkbpritvjXyabvHfY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uRe+HQ3BEEt97ZnRmYKOsMvojM/fX0CqMNuXoH/tbOZAtqKjNt6RUz6/GLA/fUUAT CMEdhv44bOaDRHg+ulgYiUOLfF6hslscpAvAvuRDtiL8GQ4CjKLb/RldVjsU6PQsis GtxKXnggx79uSFYTh+gECVD4fWONjkcsB10HzgF4YaxK+Rhm3YORUZyITJMFROAutv WAHleSl5CEFTPUVyrDY/i50XEihSc0vA6uOLsK+YtKOpZvI210tfYWosUZ+XvmeuQT 6PDqB+FT9usHQHmT+fMjjeudPhWANBX2zP2yn/A4c57crRQvQzPub+RfByFU7I0qXW pyeGSu7jFn4kA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 10/13] perf header: Sanity check HEADER_HYBRID_TOPOLOGY Date: Thu, 9 Apr 2026 21:39:57 -0300 Message-ID: <20260410004000.148138-11-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on nr_nodes in process_hybrid_topology() to harden against malformed perf.data files (reuses MAX_PMU_MAPPINGS, 4096). Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 494206faeb250956..a1f19c1954774e9d 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3448,6 +3448,18 @@ static int process_hybrid_topology(struct feat_fd *f= f, if (do_read_u32(ff, &nr)) return -1; =20 + if (nr > MAX_PMU_MAPPINGS) { + pr_err("Invalid HEADER_HYBRID_TOPOLOGY: nr_nodes (%u) > %u\n", + nr, MAX_PMU_MAPPINGS); + return -1; + } + + if (ff->size < sizeof(u32) + nr * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_HYBRID_TOPOLOGY: section too small (%zu) for %u n= odes\n", + ff->size, nr); + return -1; + } + nodes =3D calloc(nr, sizeof(*nodes)); if (!nodes) return -ENOMEM; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A84C2E6CB8; Fri, 10 Apr 2026 00:41:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781681; cv=none; b=j9iFrBKCTOLuOZzQ/7ww3Itc7XdtMO05yg4zE+oJCgQZjLm+WXrsr6EsgfIy0cwLCsC5UX4AgI04TNpWImJd3ek1SrhUeTJ/rXglaClSJHagLdY8kfpaGv1TYzAHIYOkZiUy3VJv1uPFmN2kr9LJObuAUB6Xte3QXMgFVWfHPCc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781681; c=relaxed/simple; bh=23b3ktY195gom8zEVfi/bEPp4pW7LBt2UeMxag3zm/4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R9kZd6odqRRw23C7Vu/pWJxic8LqFUZXNuxVgQfVzdAQBlB2T6BXjv4as70AIlScSqyswmEeChZBIQToWj6ptSr80vUAwrXPJ5YlOuR4iw4bLemxLy0Iaa5ypO/wzCr5bB5hssk2wHP0Bqjh6XYa6yMYz170evqrCZ6BMP1wOSI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NOaxeGlK; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NOaxeGlK" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6124BC4CEF7; Fri, 10 Apr 2026 00:41:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781681; bh=23b3ktY195gom8zEVfi/bEPp4pW7LBt2UeMxag3zm/4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NOaxeGlKYAlYqPjs/aYA9NAoRnAPnMTIZWaavJ6ItVwzWMqEJINwXu/J1OZ49q4pC dBu3Ys/wJUqda2wzNXIDM2R/J0pXhseUoD3XAuWd0tBeNliMVbJKhYt9O8Y+/4n0+Y P/2nSDXbhFBql8bpEalXiZerumcIfppy1rDr6G4becfO5dK6kSiNJUyAl/i4Mg0LUS Il+HHcozXicUpLWh8aB/29NaOhqiMld4z1p7IFp47vVvCWoo12OYeGrv3DHoS0lq/t TL+G9DhflZ0AsTRaHdUvAAb9DX5buROS2qGgBOIIfdEoPARTG564WQ0tzwlKfDCLk9 u4abgKJLT5OrA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Ravi Bangoria Subject: [PATCH 11/13] perf header: Sanity check HEADER_PMU_CAPS Date: Thu, 9 Apr 2026 21:39:58 -0300 Message-ID: <20260410004000.148138-12-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound checks in PMU capabilities processing to harden against malformed perf.data files: - nr_pmu bounded to MAX_PMU_MAPPINGS (4096) in process_pmu_caps() - nr_pmu_caps bounded to MAX_PMU_CAPS (512) in __process_pmu_caps() Cc: Ravi Bangoria Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index a1f19c1954774e9d..03426132e58dc933 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3675,6 +3675,13 @@ static int __process_pmu_caps(struct feat_fd *ff, in= t *nr_caps, if (!nr_pmu_caps) return 0; =20 +#define MAX_PMU_CAPS 512 + if (nr_pmu_caps > MAX_PMU_CAPS) { + pr_err("Invalid pmu caps: nr_pmu_caps (%u) > %u\n", + nr_pmu_caps, MAX_PMU_CAPS); + return -1; + } + *caps =3D calloc(nr_pmu_caps, sizeof(char *)); if (!*caps) return -1; @@ -3752,6 +3759,18 @@ static int process_pmu_caps(struct feat_fd *ff, void= *data __maybe_unused) return 0; } =20 + if (nr_pmu > MAX_PMU_MAPPINGS) { + pr_err("Invalid HEADER_PMU_CAPS: nr_pmu (%u) > %u\n", + nr_pmu, MAX_PMU_MAPPINGS); + return -1; + } + + if (ff->size < sizeof(u32) + nr_pmu * sizeof(u32)) { + pr_err("Invalid HEADER_PMU_CAPS: section too small (%zu) for %u PMUs\n", + ff->size, nr_pmu); + return -1; + } + pmu_caps =3D calloc(nr_pmu, sizeof(*pmu_caps)); if (!pmu_caps) return -ENOMEM; --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E16C32EB5A1; Fri, 10 Apr 2026 00:41:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781687; cv=none; b=egEvms2KRqUf1w6gjJzssyFjQClSI5TKo6vwYtHlbU0+7S8HDP4FeI1S7s/yIv4e9Zmv9pNzOeRDk0Aj17lg2Emm4Z6yHGpzg9lRjeR1HcA6u+naPBGk580ao+CYQw8E2oCHFg3lC8tharruK/Y4MIHe+LWGE9776+P28H24dzU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781687; c=relaxed/simple; bh=I5wH84ne+msWd16qa86r2JztEi9n3JfJCGkKESKylck=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ragazyHTTiGkjinaZo9LiBguoXDS59TjA07E7oNnowduHg4SpgmtHuiMAuwm3Wy1z+z5VYUgRBWrZyyHYUo0E3JUnOfr/uVqDs27cW05DsVGCxVVCRqVlcuPpHL5DDuAQN19HNQzhOdryXaT/g2fdBzkI4DVlFDDSOGJJcM6gvA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=L+52n158; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="L+52n158" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 080F7C2BCAF; Fri, 10 Apr 2026 00:41:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781686; bh=I5wH84ne+msWd16qa86r2JztEi9n3JfJCGkKESKylck=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=L+52n158dv6rdAJUc0tR/zmsW6mGUrbxK04xNV/ifIxJ3Z8xmcTir08sW2ovHr3Is RrXftgfIpYdAU8Y5rLDfZjnSnktRpL6UzHmE9voDfWL0WI+4BOQR8cWkWAWCCHqVum cHBG1sqqqzprepp0Fg0WfSBGCIn4WJNuu6NuJrEIr6296dLJuI+tgvCwdm5rq+TFEf aYSx7JsAPcniZHrvK9lOYyA4Ay2hbze7ANqpO7TVJ/CoeSY9qcIxEuCrtQNe++3jNB 9VHNPFwhODAnGnHKCYoeU3Uy/plgzAS6mZC4fm0ujUSVqr8RnipN3GX9sKLTRSbLTw MK7G7pfmFTrnw== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 12/13] perf header: Sanity check HEADER_BPF_PROG_INFO Date: Thu, 9 Apr 2026 21:39:59 -0300 Message-ID: <20260410004000.148138-13-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_bpf_prog_info() to harden against malformed perf.data files: - Upper bound on BPF program count (max 131072) - Upper bound on per-program data_len (max 256MB) Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 03426132e58dc933..628d091658c8c40e 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3522,6 +3522,19 @@ static int process_bpf_prog_info(struct feat_fd *ff = __maybe_unused, void *data _ if (do_read_u32(ff, &count)) return -1; =20 +#define MAX_BPF_PROGS 131072 + if (count > MAX_BPF_PROGS) { + pr_err("Invalid HEADER_BPF_PROG_INFO: count (%u) > %u\n", + count, MAX_BPF_PROGS); + return -1; + } + + if (ff->size < sizeof(u32) + count * (2 * sizeof(u32) + sizeof(u64))) { + pr_err("Invalid HEADER_BPF_PROG_INFO: section too small (%zu) for %u ent= ries\n", + ff->size, count); + return -1; + } + down_write(&env->bpf_progs.lock); =20 for (i =3D 0; i < count; ++i) { @@ -3539,6 +3552,13 @@ static int process_bpf_prog_info(struct feat_fd *ff = __maybe_unused, void *data _ goto out; } =20 +#define MAX_BPF_DATA_LEN (256 * 1024 * 1024) + if (data_len > MAX_BPF_DATA_LEN) { + pr_warning("Invalid HEADER_BPF_PROG_INFO: data_len (%u) too large\n", + data_len); + goto out; + } + info_linear =3D malloc(sizeof(struct perf_bpil) + data_len); if (!info_linear) --=20 2.53.0 From nobody Sat Jun 20 20:52:35 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B463271471; Fri, 10 Apr 2026 00:41:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781693; cv=none; b=m+2ahYPzN4GPqufxnB8QUhdYIODMGXxgTgWHZsL/LKMx20v9ZQFJ7XEolZKJd29qnuEqTHp6LKC9Lf88qCNNXO/UVR7ZjHFOegc7RNlucSy94C+fyYKkVMsg6ZeDpPPyMXVjzJrjt0mMzzUi7b82/6QZgBruSA/zvpGc3tsyTS0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775781693; c=relaxed/simple; bh=akNYq1Yn19Qgx2qs2DWJrh+BFDtfahAZB0/XJt9XasM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PfmTG+5onvfHixBeBck05/4ep3KTfrXGWv+nK+1OJUQWN55m6Vtf6IShqE1IwPstOFnxC9kRsDxRRLMSau2gjwgaMHOjUKRitarDnyJaF6c995g1g+ILEPioRXvNroGFMGpJDtSYV525eRVSl1xPg9twKKRJMjZudMN/d6/ch7Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qe2deoEI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qe2deoEI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6FB78C2BC87; Fri, 10 Apr 2026 00:41:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775781693; bh=akNYq1Yn19Qgx2qs2DWJrh+BFDtfahAZB0/XJt9XasM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qe2deoEIfpWTEW29zU3B9r270MrD6qGYZLhEShJYSVr2mKaagG3ueGfkU6N+UNkhL P0zEpDi/C3YrVmQ7kbFyGxe2AKG9VwZrVHfAhYctNHsBq2D0Z87ieWp5Aw9v0nvp1a 5eM9clWp67FFXUYc0Ozb5nsBY4bZdjE/2IXNzRI4UjkA+rGSgzLHUFgWdyu3ZyFaNE 2k+iKxLB17wG3zi5zfhxnQwLX4qLHCr+4pX/m70/I+ClZWlhMGpeZjBS4/R9eHJY6/ jOvM6ArJIS6Tg+XVlQkXRspNUmYDYgVPsBTt3lh9Psm73/r7SpUxwT/gZDnlxYRO2y qO9fb9Yt4GiVA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Song Liu Subject: [PATCH 13/13] perf header: Add sanity checks to HEADER_BPF_BTF processing Date: Thu, 9 Apr 2026 21:40:00 -0300 Message-ID: <20260410004000.148138-14-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410004000.148138-1-acme@kernel.org> References: <20260410004000.148138-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Validate the BTF entry count and individual data sizes when reading HEADER_BPF_BTF from perf.data files to prevent excessive memory allocation from malformed files. Reuses the MAX_BPF_PROGS (131072) and MAX_BPF_DATA_LEN (256 MB) limits from HEADER_BPF_PROG_INFO processing. Cc: Song Liu Cc: Jiri Olsa Cc: Namhyung Kim Cc: Ian Rogers Cc: Adrian Hunter Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 628d091658c8c40e..f47b040b76292c81 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3619,6 +3619,17 @@ static int process_bpf_btf(struct feat_fd *ff __may= be_unused, void *data __mayb if (do_read_u32(ff, &count)) return -1; =20 + if (count > MAX_BPF_PROGS) { + pr_err("bpf btf count %u too large (max %u)\n", count, MAX_BPF_PROGS); + return -1; + } + + if (ff->size < sizeof(u32) + count * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_BPF_BTF: section too small (%zu) for %u entries\n= ", + ff->size, count); + return -1; + } + down_write(&env->bpf_progs.lock); =20 for (i =3D 0; i < count; ++i) { @@ -3629,6 +3640,12 @@ static int process_bpf_btf(struct feat_fd *ff __may= be_unused, void *data __mayb if (do_read_u32(ff, &data_size)) goto out; =20 + if (data_size > MAX_BPF_DATA_LEN) { + pr_err("bpf btf data size %u too large (max %u)\n", + data_size, MAX_BPF_DATA_LEN); + goto out; + } + node =3D malloc(sizeof(struct btf_node) + data_size); if (!node) goto out; --=20 2.53.0