From nobody Tue Jun 16 01:16:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35DA92472A2; Tue, 14 Apr 2026 20:49:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199741; cv=none; b=uFtFdt1bJ1JRzimk2Ta7CEzXlEZ1A0Fg7DkoeB651870ofF+v4+GxWVEBKnwqedpuAaxI0Z+FuIEC2rrM206eIfyYTHFxDasnaB1vhJIPbKzIbjx/RFQOWraqiZPmPVvJU9UZykIbsPPk0XhVW8c8vv38UgfM7ROJveZYsE2mos= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199741; c=relaxed/simple; bh=CIgnSUhZM+Rbymb25i8EGATOe7/4cgcm168q46PN6Q4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TT6Q9O7ZT19rpIFp6ejR6SVmIh09aQ5WyZwYqS2MWTT23BZFc6nO9F51+eHo/BTdrW+UeONvRBCkwGXScheYoZXToZKSMtjUY8nfoEkVFQ6R+OQ7rj5nVy9jMO9IPS+T2NJgZ6QeZAbLHyCebiRDmeejzUR/EtCJHwQNCxEMdrk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fgQwuaLP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fgQwuaLP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47560C19425; Tue, 14 Apr 2026 20:48:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776199740; bh=CIgnSUhZM+Rbymb25i8EGATOe7/4cgcm168q46PN6Q4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fgQwuaLP7V1wOrxvS2JTLI26NuPEIxnlcSDYZvp7j+MkU6OyUSY9e1IDxb6VCMIgu FytBWA7g0xXw3D1cfNlhw/JawrvQ+9QyyLj0/QNjlX8K3CeOF4Wfa/zql1Jd35hc9B eIUO5CzCym1MM8BBVR+1LkYM8U5meSU1ESRNRyjbzEgkatZgFA8XwVNQpJCTUFN0v0 hAz/TTeK3MFBN1fXgQQ9TMlwrRyoIiyCji6xe80CMyKdfzJArrg0mSI09TzIkuD0aF FdP4gRulM29kcRHVeDZFRnMSaCxHSFbkLnk5YnEyIQJoYMzMjUgnzyZFSujepOK8jd KPUYy/tq0rPNw== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 1/4] perf header: Add section bounds checking to the fd read path Date: Tue, 14 Apr 2026 17:48:44 -0300 Message-ID: <20260414204847.293557-2-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260414204847.293557-1-acme@kernel.org> References: <20260414204847.293557-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo __do_read_buf() validates reads against ff->size (section size), but __do_read_fd() had no such check, so a malformed perf.data with an understated section size could cause reads past the end of the current section into the next section's data. Add the bounds check in __do_read(), the common caller of both helpers, so it is enforced uniformly for both the fd and buf paths. This requires two supporting changes: - perf_file_section__process(): initialize ff->offset to 0 so it tracks bytes consumed from the section start (consistent with the buf path), rather than the absolute file position. - process_build_id(): use lseek(ff->fd, 0, SEEK_CUR) to discover the current file position instead of reading ff->offset. Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index f30e48eb3fc32da2..13bbf8df15f66cab 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -213,23 +213,23 @@ static int __do_read_fd(struct feat_fd *ff, void *add= r, ssize_t size) =20 if (ret !=3D size) return ret < 0 ? (int)ret : -1; + ff->offset +=3D size; return 0; } =20 static int __do_read_buf(struct feat_fd *ff, void *addr, ssize_t size) { - if (size > (ssize_t)ff->size - ff->offset) - return -1; - memcpy(addr, ff->buf + ff->offset, size); ff->offset +=3D size; =20 return 0; - } =20 static int __do_read(struct feat_fd *ff, void *addr, ssize_t size) { + if (size > (ssize_t)ff->size - ff->offset) + return -1; + if (!ff->buf) return __do_read_fd(ff, addr, size); return __do_read_buf(ff, addr, size); @@ -2713,7 +2713,12 @@ static int process_tracing_data(struct feat_fd *ff _= _maybe_unused, void *data __ =20 static int process_build_id(struct feat_fd *ff, void *data __maybe_unused) { - if (perf_header__read_build_ids(ff->ph, ff->fd, ff->offset, ff->size)) + off_t offset =3D lseek(ff->fd, 0, SEEK_CUR); + + if (offset =3D=3D (off_t)-1) + return -1; + + if (perf_header__read_build_ids(ff->ph, ff->fd, offset, ff->size)) pr_debug("Failed to read buildids, continuing...\n"); return 0; } @@ -4687,7 +4692,7 @@ static int perf_file_section__process(struct perf_fil= e_section *section, .fd =3D fd, .ph =3D ph, .size =3D section->size, - .offset =3D section->offset, + .offset =3D 0, }; =20 if (lseek(fd, section->offset, SEEK_SET) =3D=3D (off_t)-1) { --=20 2.53.0 From nobody Tue Jun 16 01:16:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8209F2701CB; Tue, 14 Apr 2026 20:49:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199745; cv=none; b=TnMPn6qwMSGW/UcTp5crBbKIsOFrXd5YfwmpQiMH5jI28vfqqWqbx/NoFwUCzWQZQ/QZT32/vbJX+fQwvHIBxVgcMSo7mDkh8+XycGfEJJ0ZzaUHq8EFbNN0wIcgryAYKG07M3tpDxEcZhHCoUKHNsrOvRGpmR05tsWzDAJwPp4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199745; c=relaxed/simple; bh=H6liez7WESmbfgSAy1NtmogDKAjTD1AhH+U1x5vV9kQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dpitI6JRzC9lfCVpmmOQ1BwS0VykaWtVZKFfs1tGcW4frDNxFZtuztcbcCFGiQtck8+PGAe8KrbwnvfTJgQ6AyiFArSCToGVVe8bM4ynYSQepUZ3fEAIgyx75cmfD947kxWZpJZEus74tU1HZHJiMRdQNqTXR4NoHVk4dgr9gdE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=suaLpmYW; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="suaLpmYW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8AEA5C2BCB5; Tue, 14 Apr 2026 20:49:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776199745; bh=H6liez7WESmbfgSAy1NtmogDKAjTD1AhH+U1x5vV9kQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=suaLpmYWDxUR4L3YpLyTrPKEKkoslggBsWb94Kx2bhK/ilV3jLdnWQPWfVc1JOSvG Aok3iFWJa4Al/cH829Ud2lLx57XfTR0YslcRhyi8GgDJAY0yHwcI4IZJ2xDQbYZCIv QaE1LlAMNMHCbCLqRnswDVF7VfoCg70zuWG2xpYd/9bPV/K4s3JtwE7pPjSX3YH6Tn khB7tS2qE8iTUri27E4E6EBm9a3tEulMchzbM0x7FQLaVniOLd19/u3cjj9RiysKLC VhTv70O64FaqoDpKuGvGULWmty1LIgze87/ZqVFpf1Fx3rdCgJa10nHhOrk4Dgc7rZ UlgcHZ8F2w7SA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 2/4] perf header: Validate string length before allocating in do_read_string() Date: Tue, 14 Apr 2026 17:48:45 -0300 Message-ID: <20260414204847.293557-3-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260414204847.293557-1-acme@kernel.org> References: <20260414204847.293557-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo do_read_string() reads a u32 length from the file and immediately allocates that many bytes. A crafted perf.data could claim a huge string length, triggering a large allocation that would only be freed moments later when __do_read() rejects the read against the section bounds. Check len against the remaining section size before the malloc(). Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 13bbf8df15f66cab..c27ed90727ea6629 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -269,6 +269,9 @@ static char *do_read_string(struct feat_fd *ff) if (do_read_u32(ff, &len)) return NULL; =20 + if (len > ff->size - ff->offset) + return NULL; + buf =3D malloc(len); if (!buf) return NULL; --=20 2.53.0 From nobody Tue Jun 16 01:16:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD13E25A2C9; Tue, 14 Apr 2026 20:49:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199749; cv=none; b=HC2D2ncYnUNMURpNefqDzRxnbaIFTqlQKK8v4YDdEumI50GbnVik2nCjSQYc8L1Re3y00sV1TYhpJFA6w9j6Ct7+W8DU3NAr4d1LVVY4iPsvlWgg1Uy8mxvxfFWwEKPJi6kdGnscJLHHpM4hah3GqFS58l7ZppJpz/FCEtbB8N0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199749; c=relaxed/simple; bh=bm3oJ/JS6e4E9s6WCF4O1PS1zkEWdUb9lIYo23abs3k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=taHqVWY2oskU0hHpPZkz9cO4PNrcjZ2EeIk4zfLP7o9BbXU/1WBgbHEQgUKUYk9Fm5WsWsO/2RVtrYJMP265RBL5APxYp9FIiqDrkXFBz/qDUiyEBidlhrIxt+Lnj1QF0VFnjgyoM9sL0uK+6Zla/sVc3Cxfa8inyAM3ZW8inIA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=p2TegSh3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="p2TegSh3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 128D2C2BCB5; Tue, 14 Apr 2026 20:49:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776199749; bh=bm3oJ/JS6e4E9s6WCF4O1PS1zkEWdUb9lIYo23abs3k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p2TegSh3T5FYP7MImASUG/enWwZ7nA9Ix44dX/F64eZ2zf9BmR/pk1Ae3xGKirZ/C kvRZqxkaT7Kkm3B0m9sEFwg3P2EM/s/f9hAk9ky6kwXFq2T6CW5LnMClR4Xr0vLIu1 q5+Gl5Dn0fUVqbUMtMPVi4r0LsOM1HBu83cAEcElk9oHHX5fLqob63n1+MAA/Hxbjw E5nwnaJc5T4UIWllzwyUYsOXanS18KWixjaUI1jtvqSsOoT1WGGln0gAh3t7CgG8bq Yb32wEmom44b7yJK+6Fff70KRDeEXpYnm6tYOxPx8JwDfiCVGxsZLhWeZwPL3TS5oE brxAhE7ck0CJA== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 3/4] perf header: Sanity check HEADER_EVENT_DESC Date: Tue, 14 Apr 2026 17:48:46 -0300 Message-ID: <20260414204847.293557-4-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260414204847.293557-1-acme@kernel.org> References: <20260414204847.293557-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo read_event_desc() reads nre (event count), sz (attr size), and nr (IDs per event) from the file and uses them to control allocations and loops without validating them against the section size. A crafted perf.data could trigger large allocations or many loop iterations before __do_read() eventually rejects the reads. Add bounds checks: - Reject sz =3D=3D 0 or sz exceeding the section size. - Check that nre events fit in the remaining section, using the minimum per-event footprint of sz + sizeof(u32). - Check that nr IDs fit in the remaining section before allocating. Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index c27ed90727ea6629..3302748bac786fdf 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -2141,6 +2141,13 @@ static struct evsel *read_event_desc(struct feat_fd = *ff) if (do_read_u32(ff, &sz)) goto error; =20 + /* + * The minimum section footprint per event is sz bytes for the attr + * plus a u32 for the id count, check that nre events fit. + */ + if (sz =3D=3D 0 || sz > ff->size || nre > (ff->size - ff->offset) / (sz += sizeof(u32))) + goto error; + /* buffer to hold on file attr struct */ buf =3D malloc(sz); if (!buf) @@ -2186,6 +2193,9 @@ static struct evsel *read_event_desc(struct feat_fd *= ff) if (!nr) continue; =20 + if (nr > (ff->size - ff->offset) / sizeof(*id)) + goto error; + id =3D calloc(nr, sizeof(*id)); if (!id) goto error; --=20 2.53.0 From nobody Tue Jun 16 01:16:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF70B2701CB; Tue, 14 Apr 2026 20:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199754; cv=none; b=ARo0K6AJJJWBNG4SA/q5OsiSuqY/5VVvXlpjxIyykjUKH49mGlXY3oPJY2awdm+MyW4hCdNR6PwG4lern7NhUGqPdJQ0Fsii3ZsyQ6YV+p5SEmw9MPZNoaIb6jInh5IKN+EJQNEpXET4GrmKg9KqLoZAyjz0OW7TCkE0UWM0HHI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776199754; c=relaxed/simple; bh=b9KuWLHGp4d6LPrZIWdIc5EMU8/nY2xzH90YL8LFwok=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gdmll7k6HCjm38+KAavqlb3Nff7O16xz9hyYEM370XzE85dBtmIGfIamO7FQE/i8oB72GXMqJGU+dlpIO5FNdh5VwMn7jsFXvrXxaXizwmI2vhGb4y19AfANIFwRZyx82PumoPjyMrw6tw0spzpmOzNBYqxPuvFwxZEC/iNshnM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=odWpkxnR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="odWpkxnR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B81AC19425; Tue, 14 Apr 2026 20:49:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776199754; bh=b9KuWLHGp4d6LPrZIWdIc5EMU8/nY2xzH90YL8LFwok=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=odWpkxnRPEfBrAX7eGw8R5rN1uxpqc5tRFrnXpXTh5VRcYPW8kNhAaNmBqTMyZa3B gFJ+clfjoTV6Sixr9VBCopYNDzft184BQPuscJU72rtPEiPXUXzt46FTSHPt1TgFHx mHlCbEVT1A7wpK37MoEQsh3ZxyIdDgQ56Er6mzFOB86TP6jSNzTggkItDPNhKyyJIF NhejKfZnXzIuwsuxDhhThYRnxmwa82fS7VyNXw4d3Gs1zgsW1j9yVEfNOdbj8ad00/ MKRI4C9E8xeGF3XvVcb4P9h4yzIrpS5QUSSoq8L77rEPVmR6tZyzRgqAdHPsESWFv+ MQq1Ps7SwmEZQ== From: Arnaldo Carvalho de Melo To: Namhyung Kim Cc: Ingo Molnar , Thomas Gleixner , James Clark , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo Subject: [PATCH 4/4] perf header: Validate bitmap size before allocating in do_read_bitmap() Date: Tue, 14 Apr 2026 17:48:47 -0300 Message-ID: <20260414204847.293557-5-acme@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260414204847.293557-1-acme@kernel.org> References: <20260414204847.293557-1-acme@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnaldo Carvalho de Melo do_read_bitmap() reads a u64 bit count from the file and passes it to bitmap_zalloc() without checking it against the remaining section size. A crafted perf.data could trigger a large allocation that would only fail later when the per-element reads exceed section bounds. Check that the data needed (BITS_TO_U64(size) u64 values) fits in the remaining section before allocating. Currently used by process_mem_topology() for HEADER_MEM_TOPOLOGY. Cc: Jiri Olsa Cc: Ian Rogers Assisted-by: Claude Code:claude-opus-4-6 Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/header.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 3302748bac786fdf..f2d0b8408cc29744 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -300,6 +300,9 @@ static int do_read_bitmap(struct feat_fd *ff, unsigned = long **pset, u64 *psize) if (ret) return ret; =20 + if (BITS_TO_U64(size) > (ff->size - ff->offset) / sizeof(u64)) + return -1; + set =3D bitmap_zalloc(size); if (!set) return -ENOMEM; --=20 2.53.0