From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3D7621ADB7; Fri, 10 Apr 2026 22:09:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858961; cv=none; b=jWbe4bnNJ//P1vbDBNQSnMd6t6ikTTNkmiPHaxRaxWc6XjK1t5lhhVbUVtsffvUvufsTo+Oo8ksmtEMG5FbQ+ej6Y0jT5Pl0qP8Wxo1w/+IpIdy2xfGMKwkjWxm0q25yKFgkCt/3dPvp1v6sv3O9mwwEC7eDXf88kegR7Lohdx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858961; c=relaxed/simple; bh=lIJO53dz/dU74xR+TJ0mkJip/iMvG3Hy7+2H1fVOxzg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WeBmUJk1PvDdzqUtIgMjZTDJXL0UBqktiWW3Z1zrXqiutcblH3IjoHN9NJypbrBGdphdvdUavkpnkNHg0EH2j5p60SPQVVnNkL5hp12AAiM3MnKYWMDrXqln1I0UIwi8MSd4PX7rS+QN8GWlowP3wawh6FRiCHCVGmH1Dhxd53I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cVf8CLci; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cVf8CLci" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 68E49C2BC87; Fri, 10 Apr 2026 22:09:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858961; bh=lIJO53dz/dU74xR+TJ0mkJip/iMvG3Hy7+2H1fVOxzg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cVf8CLciAUd+wd7XnXOrWsk+kOj1R51UnVFifVfeoOtZHdnHpdqT5hJgfbA2QTTQT +Pz4H/bpuNQkQFw4vjMQA4AqIYydSpOdFRvWxnNI+hSdoQ0gPxIIVOd5sqqmAvUdKb 8IxYEke/blAJw3X2SZQcRhwkMRkSyHQy1YcFzuyn7VKzQpeiOJ66SUXmblVYUPnDQ8 J/WMam+0UTkh321GXRb4AfYicKemJj7jPr2WIU9KSNvlzFbO9V0dSTKL5x3gQWBz6q Uf3PqvwzoqTriKwESbgzgnWc9KQlE1sdIrfQ/cTguOgaGT0/x1DOpaRjp/6tsYt8sY MgaCzKL31QDAA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 01/13] perf header: Validate nr_domains when reading HEADER_CPU_DOMAIN_INFO Date: Fri, 10 Apr 2026 19:08:53 -0300 Message-ID: <20260410220905.200051-2-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Further validate the HEADER_CPU_DOMAIN_INFO fields, this time checking the nr_domains field. Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index c6efddb70aee2904..a2796b72adc4d908 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3731,6 +3731,12 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused if (do_read_u32(ff, &nr_domains)) return -1; =20 + if (nr_domains > max_sched_domains) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: nr_domains %u > max_sched_domai= ns (%u)\n", + nr_domains, max_sched_domains); + return -1; + } + cd_map[cpu]->nr_domains =3D nr_domains; =20 cd_map[cpu]->domains =3D calloc(max_sched_domains, sizeof(*d_info)); --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0B5E21ADB7; Fri, 10 Apr 2026 22:09:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858966; cv=none; b=qRhoaX5wZ/a9vZWdmHI514jpbK1HpcY19eiJ5SSrz7kRuWN2yis4Y3husnxpdIaVTh2ulm50GsLp5Odu0QSlSnMQPkJ1JO2fs/Ksz/qakoLyTi9BY1KdryC6MftVa0shvNvD4d2i6XoNibkki25/zTTl2jjTyBBJ4lvXL9xihdo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858966; c=relaxed/simple; bh=nRhrm1ogSjO4p55V7XBisFBFW6sxxtenZ9O/wXP8roI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fMiu623jjDDRCr+JcNOPDI/7suhZV2my7SqHOozNErJ2tPjg3RY7gNPzGCachIqjAfjqt5E4ZHq06qcYVtDCS2FD1al5tJYk2A06VlRkVK2x4MyRbsSA/beDiEAcZcepjoE2rha1wAb02Ur8cggAzDRZACJkF2z6XLHyB0F8XoA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hXKXKYql; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hXKXKYql" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40359C19424; Fri, 10 Apr 2026 22:09:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858965; bh=nRhrm1ogSjO4p55V7XBisFBFW6sxxtenZ9O/wXP8roI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hXKXKYqljS4VSfofQOEdmNJZlAxaZ3rC+PB62kvXoMyspWcNrzCT74FmYI5MfhST/ 6qrV/Yf1ttdfiNZUOz7g0YRBat+JfC8xJYGE4+aDpGbIinNU8U9tqGnhqStg3rkezm e/dCq4dDpF6ipwxNs7uVDSQ0l9tJb6unZ6Ao1t3V7e/gJlP3d1QUedGvrMfBTRkMpF scWukCwe2cXJQrrUJZ1+ddIAa+KEchgWyTogj2+dLbmxwp0CsAwk3/tt9K5OY+nndd c2JEj/I2W59b7JG8efvmxox7ObRUG2p8eEkvXoAwjUl8xDLVTqJXC0F96IRiW1wTuJ wkJjei0jD0nHg== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 02/13] perf header: Bump up the max number of command line args allowed Date: Fri, 10 Apr 2026 19:08:54 -0300 Message-ID: <20260410220905.200051-3-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo We need to do some upper limit validation, bump up the arbitrary limit as per suggestion of Sashiko about command line wildcard expansion ending up with more than 32768 args. Link: https://sashiko.dev/#/patchset/20260408172846.96360-1-acme%40kernel.o= rg Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index a2796b72adc4d908..22c44b6f0b098f95 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -2795,8 +2795,11 @@ process_event_desc(struct feat_fd *ff, void *data __= maybe_unused) return 0; } =20 -// Some reasonable arbitrary max for the number of command line arguments -#define MAX_CMDLINE_NR 32768 +/* + * Some arbitrary max for the number of command line arguments, + * Wildcards can expand and end up with tons of command line args. + */ +#define MAX_CMDLINE_NR 1048576 =20 static int process_cmdline(struct feat_fd *ff, void *data __maybe_unused) { --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E96E93DE430; Fri, 10 Apr 2026 22:09:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858970; cv=none; b=CQ7jD7Y96XQrLrTNH6MmCazami+WCjZz+hHsVI8PXRfjzvaApTv8mzEVuA5pnkwVOjn0ziVGpXbE6c+wxCjxq+Hu3f9/U48DgXhM59MjzWh9yN2Wbzq8w9pPWMddsgPYucBNoquK3W1lswzMq8OEpaVPKA+LRIfyIdArh1OLH3Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858970; c=relaxed/simple; bh=j30A9Z5L6IXnN9QgiWMvhJQBeVzj+KCfg9Y217D22Z4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XFn42X9/HLyB920UMfbdQKwkn7NVoEtPZ5a6/KyF5mluiWPRibDSf11xSi+6zCminAJ0rHPE5uDeRISKVjUNpNBBeeW+BUhj1LqdsN0lV/k2LvNQUccb6B7lc+fejbN8MxSqaDWAaavfi6lOXjNAs+RBi32XzZ9AkXGJHwf/VCU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Oy+d2ZAj; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Oy+d2ZAj" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 169BEC19421; Fri, 10 Apr 2026 22:09:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858969; bh=j30A9Z5L6IXnN9QgiWMvhJQBeVzj+KCfg9Y217D22Z4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Oy+d2ZAjFInF2ss8Z9cZDCkxRXemJDcVKY6XU2Fu4HDeMgai/guPej3ZoqgUvSLIH 7jMPNSA2dHt2wzGy8hmnGL+7ZDE7DLaSxeLXrMgVUdsEOVVXTeGZzdNKLpsWDMo8Yt 5dr7KbbGkgG0I3C4eOZNmORQwBO/rW2gFWqtkVCDQf3VMamWrtI9Zu8iT+jNFx6J+N HQBxKIpJVSmlmu50dkJTejd5NoKHPr58gUNZ2WQnoSKPBNOkrCquGEJBY+FJ1eueTy wmK5WKQTBjESErNDWzu9saIMKrQFYlJwnHNjOOML8rOTIawpO+wXG+49Hog0VPUnxH yiiHjMmrZJqeA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Swapnil Sapkal Subject: [PATCH 03/13] perf header: Sanity check HEADER_NRCPUS and HEADER_CPU_DOMAIN_INFO Date: Fri, 10 Apr 2026 19:08:55 -0300 Message-ID: <20260410220905.200051-4-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo While working on some cleanups sashiko questioned about pre-existing issues, namely lacking sanity checks for perf.data headers, add some with the help of Claude. Cc: Ian Rogers Cc: Swapnil Sapkal Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 45 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 22c44b6f0b098f95..4cb748763c8a0741 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -63,6 +63,8 @@ #include #endif =20 +#define MAX_SCHED_DOMAINS 64 + /* * magic2 =3D "PERFILE2" * must be a numerical value to let the endianness @@ -2722,6 +2724,13 @@ static int process_nrcpus(struct feat_fd *ff, void *= data __maybe_unused) ret =3D do_read_u32(ff, &nr_cpus_online); if (ret) return ret; + + if (nr_cpus_online > nr_cpus_avail) { + pr_err("Invalid HEADER_NRCPUS: nr_cpus_online (%u) > nr_cpus_avail (%u)\= n", + nr_cpus_online, nr_cpus_avail); + return -1; + } + env->nr_cpus_avail =3D (int)nr_cpus_avail; env->nr_cpus_online =3D (int)nr_cpus_online; return 0; @@ -3698,6 +3707,17 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused nra =3D env->nr_cpus_avail; nr =3D env->nr_cpus_online; =20 + if (nra =3D=3D 0 || nr =3D=3D 0) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: missing HEADER_NRCPUS\n"); + return -1; + } + + if (ff->size < 2 * sizeof(u32) + nr * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: section too small (%zu) for %u C= PUs\n", + (size_t)ff->size, nr); + return -1; + } + cd_map =3D calloc(nra, sizeof(*cd_map)); if (!cd_map) return -1; @@ -3714,6 +3734,18 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused if (ret) return ret; =20 + /* + * Sanity check: real systems have at most ~10 sched domain levels + * (SMT, CLS, MC, PKG + NUMA hops). Reject obviously bogus values + * from malformed perf.data files before they cause excessive + * allocation in the per-CPU loop. + */ + if (max_sched_domains > MAX_SCHED_DOMAINS) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: max_sched_domains %u > %u\n", + max_sched_domains, MAX_SCHED_DOMAINS); + return -1; + } + env->max_sched_domains =3D max_sched_domains; =20 for (i =3D 0; i < nr; i++) { @@ -3725,6 +3757,11 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused return -1; } =20 + if (cd_map[cpu]) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: duplicate cpu %u\n", cpu); + return -1; + } + cd_map[cpu] =3D zalloc(sizeof(*cd_map[cpu])); if (!cd_map[cpu]) return -1; @@ -3760,7 +3797,13 @@ static int process_cpu_domain_info(struct feat_fd *f= f, void *data __maybe_unused if (!d_info) return -1; =20 - assert(cd_map[cpu]->domains[domain] =3D=3D NULL); + if (cd_map[cpu]->domains[domain]) { + pr_err("Invalid HEADER_CPU_DOMAIN_INFO: duplicate domain %u for cpu %u= \n", + domain, cpu); + free(d_info); + return -1; + } + cd_map[cpu]->domains[domain] =3D d_info; d_info->domain =3D domain; =20 --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A8E23DBD41; Fri, 10 Apr 2026 22:09:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858973; cv=none; b=iZP5+p5L0NnS1iZpJ6eR5PpFBLaBbd+3BzQE+/ZRlyIb/d4J0uM0OrgP3I88hOCye5qVAkqschkJpqUtvRk55fa9wmV/ogo1iZvSgnFnDDWnSzuRiLZbB2UmbFIYW0G5plyV0NC9EUlhsuJaEhCcCKH+rwxDVxRzSknHjbqGEG0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858973; c=relaxed/simple; bh=9tBE5rnu1zSYpmohReFZ3WZHY+jkTYGMyy6ZAi7z448=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F2Bh0KyIYjrDmQben41GPBngkmK2BD4ffQFc4lGI9KT5kCBWI//ExBiNsOapnA6FWg+TVBftLMrn8qB03YdYGNvjJ3koScXUIBZOWmfnyjEtPttsZH3Sf8ELPzYtNq+fX/H3tOnhFSC5DqKZkiX4ih/BKkNf8Mq0IxkiI+vVkUE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=p30pfaan; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="p30pfaan" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1FF81C19421; Fri, 10 Apr 2026 22:09:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858973; bh=9tBE5rnu1zSYpmohReFZ3WZHY+jkTYGMyy6ZAi7z448=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p30pfaan8iAFKpM51HeswUxEcAp+thkkTIZcc1LGUC4PDotUk9I9lz6hil49sAxuD 51QxULz9wRUI+MQAKDlRG4oJchmqHxdCZDGVYTmS/Y54GTfa8l8CJ0rZoVBeD555Ve nPjp+JBCop7L68mZRfHUNR2NalySaAGXl4bjP7+wMtuSMjMI5o9AGxYL963LUf7TB+ 7nlBpvoI6K1AbpgwiDFwWEwd3ewU8OrXooXazHd1+tv/RM6TYDhoDIMEwvOhFRXIJx rX0a2fd4biLF5MGBn1/k9E2dd1vDnPtgGLVaXfSlA87xTn9cvXpng0LRBZ384+5WSj vJ1ivpMxCcnmQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 04/13] perf header: Sanity check HEADER_CPU_TOPOLOGY Date: Fri, 10 Apr 2026 19:08:56 -0300 Message-ID: <20260410220905.200051-5-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_cpu_topology() to harden against malformed perf.data files: - Verify nr_cpus_avail was initialized (HEADER_NRCPUS processed first) - Bounds check sibling counts (cores, threads, dies) against nr_cpus_avail - Fix two bare 'return -1' that leaked env->cpu by using 'goto free_cpu' Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 4cb748763c8a0741..acd6b07528e013a4 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -2861,6 +2861,11 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) int cpu_nr =3D env->nr_cpus_avail; u64 size =3D 0; =20 + if (cpu_nr =3D=3D 0) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: missing HEADER_NRCPUS\n"); + return -1; + } + env->cpu =3D calloc(cpu_nr, sizeof(*env->cpu)); if (!env->cpu) return -1; @@ -2868,6 +2873,12 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) if (do_read_u32(ff, &nr)) goto free_cpu; =20 + if (nr > (u32)cpu_nr) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: nr_sibling_cores (%u) > nr_cpus_ava= il (%d)\n", + nr, cpu_nr); + goto free_cpu; + } + env->nr_sibling_cores =3D nr; size +=3D sizeof(u32); if (strbuf_init(&sb, 128) < 0) @@ -2887,7 +2898,13 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) env->sibling_cores =3D strbuf_detach(&sb, NULL); =20 if (do_read_u32(ff, &nr)) - return -1; + goto free_cpu; + + if (nr > (u32)cpu_nr) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: nr_sibling_threads (%u) > nr_cpus_a= vail (%d)\n", + nr, cpu_nr); + goto free_cpu; + } =20 env->nr_sibling_threads =3D nr; size +=3D sizeof(u32); @@ -2936,7 +2953,13 @@ static int process_cpu_topology(struct feat_fd *ff, = void *data __maybe_unused) return 0; =20 if (do_read_u32(ff, &nr)) - return -1; + goto free_cpu; + + if (nr > (u32)cpu_nr) { + pr_err("Invalid HEADER_CPU_TOPOLOGY: nr_sibling_dies (%u) > nr_cpus_avai= l (%d)\n", + nr, cpu_nr); + goto free_cpu; + } =20 env->nr_sibling_dies =3D nr; size +=3D sizeof(u32); --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EF133DEFE2; Fri, 10 Apr 2026 22:09:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858977; cv=none; b=hE1qq/n3LBIL53u3VwbNSMpWhDRJaejEFDnC6wi3+GdE3G67hDs7djL/p1M9K01/9tcyS3V5EIFOFMFNjChpuaXqwNqoozefhtZ6u/TnfvX7OfCWzPP4PfBDVJfS4uzeYitLw+JcExUc4+f0scVJh/7oWUu8jpjH5H5wOTwaXfY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858977; c=relaxed/simple; bh=I850MQwAMB7j3L+RfWOch7LqtUKcjsXIQ8MP7NKk09g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dC5Cbs1sIszULxlSxSB1BkUsZfid9QlxG90aovlDnAX5Gseapv+tG5Z14fzk/ptEZCrQw2f3zfR0LVjqkikYZ+b1YM7JLTSpqKfWMiDhPqspl0i/Cp80NMNfVk/ZLqMjEuNyV84e2eSoMtbRmd4PjaryXEMze+bqR+5NeggVmxs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=K+BT0YuV; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="K+BT0YuV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E999CC19424; Fri, 10 Apr 2026 22:09:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858977; bh=I850MQwAMB7j3L+RfWOch7LqtUKcjsXIQ8MP7NKk09g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K+BT0YuVXFloKc+PHG3g3UfxiD8leE1nmqtecstwPs2WD75j8+I40O08douPdgdWV lTgY0KkQXYJq+hsDffh7f/iIPvx0FbmaQqH71XEDgqOYP8jRbpE6cJ9au3SLyvAuMP qdKgKc8kxeoUjuFj4MrozoigIuSYpQJDera5vslxVHxhyaLs1lUQ0TpZ8zU4+T2zOD +lcXFPG0J5NnBfbLmIvEx7Z9jtDtr1G4tERuxcPSoIL5rKIitLjMzMa6SAOS9WFWsa c5IV44NbETyCvE3qkyjPOE/EeWVHMqulgjLcoZIduUIgH15XTnkkw+adInxPqldNht FeAgLb9Z51DpQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 05/13] perf header: Sanity check HEADER_NUMA_TOPOLOGY Date: Fri, 10 Apr 2026 19:08:57 -0300 Message-ID: <20260410220905.200051-6-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_numa_topology() to harden against malformed perf.data files: - Upper bound check on nr_nodes (max 4096) - Minimum section size check before allocating Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index acd6b07528e013a4..2f405776e5013c13 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -63,6 +63,7 @@ #include #endif =20 +#define MAX_NUMA_NODES 4096 #define MAX_SCHED_DOMAINS 64 =20 /* @@ -3005,6 +3006,18 @@ static int process_numa_topology(struct feat_fd *ff,= void *data __maybe_unused) if (do_read_u32(ff, &nr)) return -1; =20 + if (nr > MAX_NUMA_NODES) { + pr_err("Invalid HEADER_NUMA_TOPOLOGY: nr_nodes (%u) > %u\n", + nr, MAX_NUMA_NODES); + return -1; + } + + if (ff->size < sizeof(u32) + nr * (sizeof(u32) + 2 * sizeof(u64))) { + pr_err("Invalid HEADER_NUMA_TOPOLOGY: section too small (%zu) for %u nod= es\n", + ff->size, nr); + return -1; + } + nodes =3D calloc(nr, sizeof(*nodes)); if (!nodes) return -ENOMEM; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 725B43DEFE2; Fri, 10 Apr 2026 22:09:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858981; cv=none; b=Tu/+Q40LoIyHWOPzU41CyrlxKpctHGTbg4X6MD6FcIBGAs9I/diH3cNEw0EugHNVh04EwYK5zbKmPpR6CqRf6JyEpbJOBQZ5qD4u5FdOl9bNb6NJpHiNWXgw++vHpkVJhLntiYmgVk7cPc9OOXbjAZfw8805QYcXAk7gcFEQ5o4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858981; c=relaxed/simple; bh=G4yfJ6TsvEzJY4YRueew+vZgDD6Hdn7BTpARzeBUI+A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=joI5HqdZJFfhmxymuHf1+D4ZGtmZG837B6AT+a1Ib0TiHSfb+atZ1V/cfSuA5/1MIvxZbm7Wf2MDlIVTlXtPLksRFxnk4YfErCDv8Y8XJLGe7UDN6Lh7XTDfmoR7jiJB8tdPECtFzA5XPGMr8nCK3P7BEC/Sozr6NladnbmzZ1w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ezryqw0g; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ezryqw0g" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BF6E5C19421; Fri, 10 Apr 2026 22:09:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858981; bh=G4yfJ6TsvEzJY4YRueew+vZgDD6Hdn7BTpARzeBUI+A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ezryqw0gGroytcAZxEesRtXMEV0GvdJ1+M0vbAmyj5kF53FRjFlr/bE4gci+MgWv7 R6BxRno9s+XOtoePdHdhiNM+rzx43jbkdFindYWkOFe9SWnxboWzKJZHTizP3Qk3ho b38MXMCrMqGFhj3WCPNd+P4ZgZls8joAcAHxoyItFspbufwABL1IG4eHcvoQw0/xyz 4uinpjaDCRjgjxshLuXqhpVT9M9zUTkoBVEHsdDruUFPwjqKOqAXn421mZyFC9+XAz +KuKAVRfRYA/r3enOzSqlLTjjPcAfsxVmzxC+PHYGgZs283OX1PEqv4lxfKwvifDrf bFLU+aVF9yGMQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 06/13] perf header: Sanity check HEADER_MEM_TOPOLOGY Date: Fri, 10 Apr 2026 19:08:58 -0300 Message-ID: <20260410220905.200051-7-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_mem_topology() to harden against malformed perf.data files: - Upper bound check on nr_nodes (reuses MAX_NUMA_NODES, 4096) - Minimum section size check before allocating This is particularly important here since nr is u64, making unbounded values especially dangerous. Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 2f405776e5013c13..2eb909672f826ca4 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3308,6 +3308,18 @@ static int process_mem_topology(struct feat_fd *ff, if (do_read_u64(ff, &nr)) return -1; =20 + if (nr > MAX_NUMA_NODES) { + pr_err("Invalid HEADER_MEM_TOPOLOGY: nr_nodes (%llu) > %u\n", + (unsigned long long)nr, MAX_NUMA_NODES); + return -1; + } + + if (ff->size < 3 * sizeof(u64) + nr * 2 * sizeof(u64)) { + pr_err("Invalid HEADER_MEM_TOPOLOGY: section too small (%zu) for %llu no= des\n", + ff->size, (unsigned long long)nr); + return -1; + } + nodes =3D calloc(nr, sizeof(*nodes)); if (!nodes) return -1; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F8F43DFC7F; Fri, 10 Apr 2026 22:09:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858985; cv=none; b=I9jjDEDkPfXgNLFHrpDDH8VrWvn9lxK40xoJ77QwLmv2WkFpL6ZnEcSVeHRty53QPlD52Gk2sG8SjFqukHN51kZG5Z7Wmz00xG+rGxSUsMg3RoLIYUpgy3bjiwKqkYmSQKZ6Q7DxReNbTQRrTIjeBgbeN2no5Bilejg04tfE6n8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858985; c=relaxed/simple; bh=y5muVBclDDD5JHumd2ZKnBINCZzJgClZlIqyrILwvDQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KgIcvv9t5Cav763SK1ZtG91CwvO3nnZmHKUVTk2EgjySAMtXs0vyCDdsGYnVxsLQK57S5oo1tx0FBSY6dVC2iQpDHWH4WaOIwLiKSa2AGr8r7midNEEDwbaAT4WNBBet/shnGMirBeMtk8dgsBczcwDCGzST/SH4xHst8Q6zoAo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rIDJiEFp; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rIDJiEFp" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96C46C19421; Fri, 10 Apr 2026 22:09:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858984; bh=y5muVBclDDD5JHumd2ZKnBINCZzJgClZlIqyrILwvDQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rIDJiEFprirRebflUb0XZjZ9Ddwf70S5DAjbSvg26yGXW18oABlYjSyeijiBfXyhV VTPoLwOwSUht6eQeW4qTB3YQ96bvfKrGF23406JFwshtmRf5Y7iD+C16thcB5KjPV3 EA16nF36uqAN9OFfjQpwai3v5cZMYVWb9NmZ6eFO+islMQVu25mr9OefdmQy+nbOVe bDdsV4HJhFoqGcnOXb8NZkMTPOod2PLHCHB5Se3ltGufWYkjFNh9Xkl30MvMFmtj/1 iFInyvM92yCiO+pfKxaBiMesgR/IrvDwIDwIxYbJA4jEUBZaDU9f/nXTVX+5pJJARL 9Xg6gjcvoGw8g== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 07/13] perf header: Sanity check HEADER_PMU_MAPPINGS Date: Fri, 10 Apr 2026 19:08:59 -0300 Message-ID: <20260410220905.200051-8-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on pmu_num in process_pmu_mappings() to harden against malformed perf.data files (max 4096). Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 2eb909672f826ca4..77035d9b138cb3cd 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -64,6 +64,7 @@ #endif =20 #define MAX_NUMA_NODES 4096 +#define MAX_PMU_MAPPINGS 4096 #define MAX_SCHED_DOMAINS 64 =20 /* @@ -3069,6 +3070,18 @@ static int process_pmu_mappings(struct feat_fd *ff, = void *data __maybe_unused) return 0; } =20 + if (pmu_num > MAX_PMU_MAPPINGS) { + pr_err("Invalid HEADER_PMU_MAPPINGS: pmu_num (%u) > %u\n", + pmu_num, MAX_PMU_MAPPINGS); + return -1; + } + + if (ff->size < sizeof(u32) + pmu_num * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_PMU_MAPPINGS: section too small (%zu) for %u PMUs= \n", + ff->size, pmu_num); + return -1; + } + env->nr_pmu_mappings =3D pmu_num; if (strbuf_init(&sb, 128) < 0) return -1; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44B093DEFE2; Fri, 10 Apr 2026 22:09:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858989; cv=none; b=hw76RAvBdI3KOQHsv2lIrsDm5D/WylFEO/eu3sjeCcV7BbEz9JRrUSKIkNWn8QbaX26O3vtCIreN+5a9oPG2BkNy6Js8XBGEmpcu3Wq2YjSCH/Om6MfI1xJ9gw+7KYQza+L2k+qDFDGISFYi5lMLsDJ21bg6NAoAhY8eGlKJY0U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858989; c=relaxed/simple; bh=2hUb5eNHqfrZmUcZOh9XjAuEIZTrIReRRL5XVkTRAdQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=E2S8JN2AgwzWfBcHyNqYelTJ7/xdTLiCnbOePHkLnAhayMxO45K1QmOFKAO3n9NsNF/sASPQkKMd7W+ptQtKvJJrg1Eba5CvmoAvsgvxvVEcUJ2WbzhDpjS6DwnsfvXMuoxEgkHfhCxdxaMUw8VxFUrm4ukZtx1tUC+5K0/W7sk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WdXFLilY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WdXFLilY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C44BC19424; Fri, 10 Apr 2026 22:09:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858988; bh=2hUb5eNHqfrZmUcZOh9XjAuEIZTrIReRRL5XVkTRAdQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WdXFLilY4AEyipaoMLVEpmcpkz23PsksuI7k6bbsidEm2pXjR1UBRUeXhv1YMC+t/ 1lq1kS0gtSFLjYeZ7PZBpI+u+nJaPnwUj2riBe4WeeeY3N33i440v27djiR9vDfJxo Xg7YRcaskuvIc1W0FA7LMoi1qJEdyEKnOoj/ul7m7ucmHiwa0+2XmDy8l9QLzTBq+/ x5ruy2fmSZVPGK4aG9oGosILJISvzVTQaSJhNGn51Y0d/8MhYT3o5ig2uQfyn2hx4n xh4Meyqx9lQMLD9UJSU+jnykplbsMc/SRc2gShC8UpC1TEw8zJDXKfa3w7KvnAKGn/ 19d8PT577IxiA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 08/13] perf header: Sanity check HEADER_GROUP_DESC Date: Fri, 10 Apr 2026 19:09:00 -0300 Message-ID: <20260410220905.200051-9-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on nr_groups in process_group_desc() to harden against malformed perf.data files (max 32768), and move the env assignment after validation. Cc: Namhyung Kim Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 77035d9b138cb3cd..993e20debd5ca315 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -63,6 +63,7 @@ #include #endif =20 +#define MAX_GROUP_DESC 32768 #define MAX_NUMA_NODES 4096 #define MAX_PMU_MAPPINGS 4096 #define MAX_SCHED_DOMAINS 64 @@ -3132,12 +3133,25 @@ static int process_group_desc(struct feat_fd *ff, v= oid *data __maybe_unused) if (do_read_u32(ff, &nr_groups)) return -1; =20 - env->nr_groups =3D nr_groups; if (!nr_groups) { pr_debug("group desc not available\n"); return 0; } =20 + if (nr_groups > MAX_GROUP_DESC) { + pr_err("Invalid HEADER_GROUP_DESC: nr_groups (%u) > %u\n", + nr_groups, MAX_GROUP_DESC); + return -1; + } + + if (ff->size < sizeof(u32) + nr_groups * 3 * sizeof(u32)) { + pr_err("Invalid HEADER_GROUP_DESC: section too small (%zu) for %u groups= \n", + ff->size, nr_groups); + return -1; + } + + env->nr_groups =3D nr_groups; + desc =3D calloc(nr_groups, sizeof(*desc)); if (!desc) return -1; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E49273DFC7F; Fri, 10 Apr 2026 22:09:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858993; cv=none; b=LX6ZzVq8c2PM/OGcBrBHJyLslQmHdxkbERjbEpEbZE7rDrQcmIBiXIEBuzFSJEv70LXqrKrbqcDspsueRZSA9AqP4vIwHPbqhQcRsaGzoAPt6GxdEPILlU5hsMKrtO91NM9ofCEUVL1Tiw6LMSM9sQoj2XXXGz8+H0R0dZLEj1Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858993; c=relaxed/simple; bh=Qvl6itdDYe7T41pkFxvKgw4wkWxik7cNcspL+cGnelM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jsLAMq3s9lFOxBZeeP5kE68AS51lU2fjZkVDxtz0v9OQIO4Uu1MGE189TU+YIQLm4fFsqLBZ+VPEQ+ZMnNbAWHFR6FIm67ghwGiTNoMcoXEeMPMoHtJTD02CZ3TC2MK7GQvM1gnLEic/TRMtnmEaAY2+A29jnTVJ+hUk5cY8Ldw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OBO1C1PM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OBO1C1PM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42A44C2BC87; Fri, 10 Apr 2026 22:09:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858992; bh=Qvl6itdDYe7T41pkFxvKgw4wkWxik7cNcspL+cGnelM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OBO1C1PMJ/SqQUb2yGRAVSypFMwqWseik6kk2wmmVEIeZwSjCjr/0F4cQAqphTRpY fjQ+ouFCD6tySG69ARtFv82Q4Q/bTxTPCnKe2uCW3MjCbv81PSrzNG92tHSAaZe0y/ gfSYKEBZB7fJ2MNlgMaW+0weHCG23ZyY0x0rwor+2w15w0y+Xe65UCtHRzGqkUhBkU FxHe2PTJO9rIUY2dFqLMtJLWHwf2J+kjJHReRwT/uQdGvwWLED72arxH6zWlLGPOy5 O6PtpTN3kqsryidLOF02ldGyE8oupSDOBWndIC/VDuvd8Ul0KoRybLSkRHWhTD+Uou zNCMTb1AujmJg== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 09/13] perf header: Sanity check HEADER_CACHE Date: Fri, 10 Apr 2026 19:09:01 -0300 Message-ID: <20260410220905.200051-10-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on cache entry count in process_cache() to harden against malformed perf.data files (max 32768). Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 993e20debd5ca315..749a522fe057e739 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -63,6 +63,7 @@ #include #endif =20 +#define MAX_CACHE_ENTRIES 32768 #define MAX_GROUP_DESC 32768 #define MAX_NUMA_NODES 4096 #define MAX_PMU_MAPPINGS 4096 @@ -3243,6 +3244,18 @@ static int process_cache(struct feat_fd *ff, void *d= ata __maybe_unused) if (do_read_u32(ff, &cnt)) return -1; =20 + if (cnt > MAX_CACHE_ENTRIES) { + pr_err("Invalid HEADER_CACHE: cnt (%u) > %u\n", + cnt, MAX_CACHE_ENTRIES); + return -1; + } + + if (ff->size < 2 * sizeof(u32) + cnt * 7 * sizeof(u32)) { + pr_err("Invalid HEADER_CACHE: section too small (%zu) for %u entries\n", + ff->size, cnt); + return -1; + } + caches =3D calloc(cnt, sizeof(*caches)); if (!caches) return -1; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 83B693DFC7F; Fri, 10 Apr 2026 22:09:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858996; cv=none; b=iH0sADBxab9/T0ko/J/6fscY8xOHMn6J7yCsc4ia3Gr8E+layG85dLDtS75bq1cmVto3ZNStucx6EYsr4yCQFnmpvT2qtxN/6L+vPGWdTy4NV0CtfClz2tlw8jzonQowPTDztMCBfw+OjJoR6p+8K4Mqt2QRL/Tv9uknHEuEAx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775858996; c=relaxed/simple; bh=nTVueE5sivSHveP+KHEDhryCMxE648En1ksQQHY7Jgs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bo/8DtyaWRBvHVQ+6oaSYJqjoiktordjNKUenebb6jTcjSdhi7vySlFsjHesNVsLPenZ0Lkw8GJoN3Mj/frZO67TAiRvQc0gPWgCQdvBlO3u22AuRT13RMBdmHvqRyN4jIr/ARR0mxAFL/fLfyIVys/fh3t3sc9U6miOw0qiYuU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jnv1Qcyd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jnv1Qcyd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18E83C19421; Fri, 10 Apr 2026 22:09:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775858996; bh=nTVueE5sivSHveP+KHEDhryCMxE648En1ksQQHY7Jgs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jnv1QcydL7ECC03ntPctojrO7tz66Jk2d9VFIc3khbpwOfARcRzsFZdYtWnqziHIO hZuEkn79E+nrMV4DsPla9bh+jNAwm+Lnem4yFbgMiiABQp48YPgsY/hSAp7PzSUAoF IfuUStITh906CcQWD1dRqd1qw42xkLlJVSy8b7Ah3BXB93/Fif9vXpZAMyP6kZGrUR 1XpiBEbSFshRZQ1fU5tJFxrfpYL9yzT+x3rxvliFUDH9h+N2EbxG9aNqNUYeTUdSJ3 umJtUJooBuAHAkrLwITMMwGfNYEKCyxVDYCn0FmuLDuN4mLdXcdRD4JrpRDW8HilIM 1pbMqVBsxGy1Q== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 10/13] perf header: Sanity check HEADER_HYBRID_TOPOLOGY Date: Fri, 10 Apr 2026 19:09:02 -0300 Message-ID: <20260410220905.200051-11-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound check on nr_nodes in process_hybrid_topology() to harden against malformed perf.data files (reuses MAX_PMU_MAPPINGS, 4096). Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 749a522fe057e739..a609fc7d959fae04 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3450,6 +3450,18 @@ static int process_hybrid_topology(struct feat_fd *f= f, if (do_read_u32(ff, &nr)) return -1; =20 + if (nr > MAX_PMU_MAPPINGS) { + pr_err("Invalid HEADER_HYBRID_TOPOLOGY: nr_nodes (%u) > %u\n", + nr, MAX_PMU_MAPPINGS); + return -1; + } + + if (ff->size < sizeof(u32) + nr * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_HYBRID_TOPOLOGY: section too small (%zu) for %u n= odes\n", + ff->size, nr); + return -1; + } + nodes =3D calloc(nr, sizeof(*nodes)); if (!nodes) return -ENOMEM; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4DD33E0259; Fri, 10 Apr 2026 22:10:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775859000; cv=none; b=F2Lr5h/ojiKI3f//QYyEFBQ0m5TzuCgyU/Lgm31gq9hzn+541UNJwgkTaFBtwQJ8hGwMtTE7dgR0qAUzGx1V2n/8tIZpPy35ZRxr3Rk9LubhMclNqj6wsjL9odO6NhByWPpXnnEu+J8TuNEumgvWJ30b3QR+whluB4prnY/ggPY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775859000; c=relaxed/simple; bh=DGanuo7H1Cz0/iclidenEyL10ERjkYfUFJF7X9lfhus=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=s4whjor1/ZJSPr2UDR4ed+bJHr6Uvi3vIH7L1+o+5CEiR7Z9d28qxEhvFYhHVgzo6a8Gog9iKenujV2iQtfxV58PYD0d/j4URnZGLwjN8rogWijUitixE/jNebraO06k2sdM2fvcSULUfvdQMD//TT/6mMcqu/KNOqipgp+qmKU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=eO8aW/f3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="eO8aW/f3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E57FDC2BC87; Fri, 10 Apr 2026 22:09:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775859000; bh=DGanuo7H1Cz0/iclidenEyL10ERjkYfUFJF7X9lfhus=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eO8aW/f3k46yzxHjQTPVatlcK9ODnFUOg4ACs4PzRRAAfWlfOEUGc45QcPE0EBq2V CudnTYHBlRMvQy/dlYNCEWcUCSiLJ3LS3eciOOrwpDTdswfgJSfekAtbh6m04x+Buf kwidKVre5oQ5vSdI9JKSbxIFsW7U+ohOq0JHFmDUSxY/6hbgZ/Jz8wGjCi0DmfAWDu Y0Vs3TYlwdqZiYY1qbpLa+t2qYTxzIaw43q8zFAPVf0VEnc7wnTay+eFGsdmnGfsrX Uz2BST2OXXHyIicVSj62Hb+t2kRYt6e020E7raBfKtV0+BFFoLmrTrKm4s6ifzrSZX yUT/cVyvQqBBQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Ravi Bangoria Subject: [PATCH 11/13] perf header: Sanity check HEADER_PMU_CAPS Date: Fri, 10 Apr 2026 19:09:03 -0300 Message-ID: <20260410220905.200051-12-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add upper bound checks in PMU capabilities processing to harden against malformed perf.data files: - nr_pmu bounded to MAX_PMU_MAPPINGS (4096) in process_pmu_caps() - nr_pmu_caps bounded to MAX_PMU_CAPS (512) in __process_pmu_caps() Cc: Ravi Bangoria Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index a609fc7d959fae04..37c1afbc081672f1 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -66,6 +66,7 @@ #define MAX_CACHE_ENTRIES 32768 #define MAX_GROUP_DESC 32768 #define MAX_NUMA_NODES 4096 +#define MAX_PMU_CAPS 512 #define MAX_PMU_MAPPINGS 4096 #define MAX_SCHED_DOMAINS 64 =20 @@ -3677,6 +3678,12 @@ static int __process_pmu_caps(struct feat_fd *ff, in= t *nr_caps, if (!nr_pmu_caps) return 0; =20 + if (nr_pmu_caps > MAX_PMU_CAPS) { + pr_err("Invalid pmu caps: nr_pmu_caps (%u) > %u\n", + nr_pmu_caps, MAX_PMU_CAPS); + return -1; + } + *caps =3D calloc(nr_pmu_caps, sizeof(char *)); if (!*caps) return -1; @@ -3754,6 +3761,18 @@ static int process_pmu_caps(struct feat_fd *ff, void= *data __maybe_unused) return 0; } =20 + if (nr_pmu > MAX_PMU_MAPPINGS) { + pr_err("Invalid HEADER_PMU_CAPS: nr_pmu (%u) > %u\n", + nr_pmu, MAX_PMU_MAPPINGS); + return -1; + } + + if (ff->size < sizeof(u32) + nr_pmu * sizeof(u32)) { + pr_err("Invalid HEADER_PMU_CAPS: section too small (%zu) for %u PMUs\n", + ff->size, nr_pmu); + return -1; + } + pmu_caps =3D calloc(nr_pmu, sizeof(*pmu_caps)); if (!pmu_caps) return -ENOMEM; --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9613B3E0259; Fri, 10 Apr 2026 22:10:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775859004; cv=none; b=Rte4WSSPVfC2qVN8AIIsklAk/FC1LK0eDofAwr8Z6psHoxRB2N5DXomOEZXt3NiL2Zp8Smg2hhB2McTa5ctCxYJ1kT8tuLIXovKQlxkirfepvh5r3EZK61NNeCMDK3uoKmZRhzKJAPpDBDUQxmmB0AYgVL5hn4FGSqJ45sk2wHo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775859004; c=relaxed/simple; bh=blZeH2Qw9AjfE50oYXpvhhJWGNn8yGA9s1VmBHAPuh0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FbTi7BV8Ond5i3uDqAFzxEy6vDfWZVRC87J+2ktMVwFY/gXO2f8LBnlcRkl1Dh9vWSRxUXTePb1ZryUUAkz8CeWY3BlRI+nw3Njus5AeypuAg9GaFBdme+7DPq92wzGLPmd9szbG54j3XLm1p3pP4SE2IOd1YiXYdwV1jQJf2Js= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JNxwe/hw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JNxwe/hw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED5EFC19424; Fri, 10 Apr 2026 22:10:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775859004; bh=blZeH2Qw9AjfE50oYXpvhhJWGNn8yGA9s1VmBHAPuh0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JNxwe/hwy0n8+mhKvBqXYYn1qBGr+QvbnpCuh1zgMIePzAWiRE2j5Ovyy6vcVDAt+ GdbThvvh9YpVfM5/3NaIYcpp6CaS6rUEPEXlRjH2J7F1rTSUclueWBhIjQ0OKzhg1e 3+L3t08dh/YdKf98LiksuJa/1wtYHwyjq4OepXYW8dhMN2dayyRNwxDEsibcnoxwWP rLjEkTts6JaG9sK7BSp96GOFsF8pUskIZwhWhJScWpWZKl3Jy59rg2T4lK2MH5A11v UwO+ByDw/X0NaMoTOLRSAKjMJRpMknvj7VFSoanOQcLB2cRnoRXITinvmvhee9n1Sj AhU57AqfqAY6Q== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 12/13] perf header: Sanity check HEADER_BPF_PROG_INFO Date: Fri, 10 Apr 2026 19:09:04 -0300 Message-ID: <20260410220905.200051-13-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Add validation to process_bpf_prog_info() to harden against malformed perf.data files: - Upper bound on BPF program count (max 131072) - Upper bound on per-program data_len (max 256MB) Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 37c1afbc081672f1..705f1ab44bc93486 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -63,6 +63,8 @@ #include #endif =20 +#define MAX_BPF_DATA_LEN (256 * 1024 * 1024) +#define MAX_BPF_PROGS 131072 #define MAX_CACHE_ENTRIES 32768 #define MAX_GROUP_DESC 32768 #define MAX_NUMA_NODES 4096 @@ -3525,6 +3527,18 @@ static int process_bpf_prog_info(struct feat_fd *ff = __maybe_unused, void *data _ if (do_read_u32(ff, &count)) return -1; =20 + if (count > MAX_BPF_PROGS) { + pr_err("Invalid HEADER_BPF_PROG_INFO: count (%u) > %u\n", + count, MAX_BPF_PROGS); + return -1; + } + + if (ff->size < sizeof(u32) + count * (2 * sizeof(u32) + sizeof(u64))) { + pr_err("Invalid HEADER_BPF_PROG_INFO: section too small (%zu) for %u ent= ries\n", + ff->size, count); + return -1; + } + down_write(&env->bpf_progs.lock); =20 for (i =3D 0; i < count; ++i) { @@ -3542,6 +3556,12 @@ static int process_bpf_prog_info(struct feat_fd *ff = __maybe_unused, void *data _ goto out; } =20 + if (data_len > MAX_BPF_DATA_LEN) { + pr_warning("Invalid HEADER_BPF_PROG_INFO: data_len (%u) too large\n", + data_len); + goto out; + } + info_linear =3D malloc(sizeof(struct perf_bpil) + data_len); if (!info_linear) --=20 2.53.0 From nobody Sat Jun 20 19:55:10 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71F133E0259; Fri, 10 Apr 2026 22:10:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775859008; cv=none; b=uaia6nXTQlgDBp8asSYT1zy/A6Vd5y50pzit8ohyUL58t6PH6DORTyvwgUHE1PC/i+5jhKnHbtNm3z9cQF1FpBg0Z3iTdSyQ9jzpZRO6ahJdG0YhjAkFkfAv8xFAFFQeCUndT0vAwYtSPhVjl3x8v5NeLwku5cSF+XuWrbiI6kE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775859008; c=relaxed/simple; bh=SVo3R3WcxD6tKYAhSh+q4Dq63jZnP4Dt711T1CWLA5o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sP2MsPABl3/JogXKmeM4+HeFdf3yZYi2i+esIFLCS855wtzAP/30BzAEnQYWuMnyMWd9YmPDw4lJOVRRaWCAaL2CsfPhcYDGDS7uVQisZyEixrLuRk+XV+cXNMdSe8f9u3Sy/NEShgeNXbD9xTXMxMV1Do+txRtbMAD8VU4Bhww= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Fx+Hig+4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Fx+Hig+4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C47E0C19421; Fri, 10 Apr 2026 22:10:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775859008; bh=SVo3R3WcxD6tKYAhSh+q4Dq63jZnP4Dt711T1CWLA5o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Fx+Hig+4WuWOLODjjQEJRvd4wysGljxFWgCsStdd8q1+UZjfTnASLZybs0/ir/v2g gxMkKqtpD+XLILhXbgpzAhXHpNn/1KwZGtblRccuPryVdcwoedUeFjI6Lj/IF11Zyj FmZXKC1t+g1t/lRlWb5WlRkt4RnRXNz8MYD43L30I2qvrmb+XcmV/Ne5/XxZAuaodJ MlEjR1XN5e1r9icDu656tyA2VVXNEoOc8mbd8/OE4gumnf7GfdxiBqLj1fy2ZZJ0Fk 8oHyHskeS+MgMttHKiVGPLn2cfWoTHGc3I9ZCJrWf93lzly03Hs0Tq5AGEPv2ArHR3 6mK13TncuFLww== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Song Liu Subject: [PATCH 13/13] perf header: Add sanity checks to HEADER_BPF_BTF processing Date: Fri, 10 Apr 2026 19:09:05 -0300 Message-ID: <20260410220905.200051-14-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410220905.200051-1-acme@kernel.org> References: <20260410220905.200051-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo Validate the BTF entry count and individual data sizes when reading HEADER_BPF_BTF from perf.data files to prevent excessive memory allocation from malformed files. Reuses the MAX_BPF_PROGS (131072) and MAX_BPF_DATA_LEN (256 MB) limits from HEADER_BPF_PROG_INFO processing. Cc: Song Liu Cc: Jiri Olsa Cc: Namhyung Kim Cc: Ian Rogers Cc: Adrian Hunter Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 705f1ab44bc93486..f30e48eb3fc32da2 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3622,6 +3622,17 @@ static int process_bpf_btf(struct feat_fd *ff __may= be_unused, void *data __mayb if (do_read_u32(ff, &count)) return -1; =20 + if (count > MAX_BPF_PROGS) { + pr_err("bpf btf count %u too large (max %u)\n", count, MAX_BPF_PROGS); + return -1; + } + + if (ff->size < sizeof(u32) + count * 2 * sizeof(u32)) { + pr_err("Invalid HEADER_BPF_BTF: section too small (%zu) for %u entries\n= ", + ff->size, count); + return -1; + } + down_write(&env->bpf_progs.lock); =20 for (i =3D 0; i < count; ++i) { @@ -3632,6 +3643,12 @@ static int process_bpf_btf(struct feat_fd *ff __may= be_unused, void *data __mayb if (do_read_u32(ff, &data_size)) goto out; =20 + if (data_size > MAX_BPF_DATA_LEN) { + pr_err("bpf btf data size %u too large (max %u)\n", + data_size, MAX_BPF_DATA_LEN); + goto out; + } + node =3D malloc(sizeof(struct btf_node) + data_size); if (!node) goto out; --=20 2.53.0