diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-04-11 01:08:57 +0300 |
|---|---|---|
| committer | Namhyung Kim <namhyung@kernel.org> | 2026-04-14 09:21:53 +0300 |
| commit | 4ba223016b0be7ec11aad63f480cd251cecad594 (patch) | |
| tree | b39a806f5bc0c723a2bfe59a2a12146a651edb25 | |
| parent | 22a2e2b29217455cf337c765fc26ad2f55d7291a (diff) | |
| download | linux-4ba223016b0be7ec11aad63f480cd251cecad594.tar.xz | |
perf header: Sanity check HEADER_NUMA_TOPOLOGY
Add validation to process_numa_topology() to harden against malformed
perf.data files:
- Upper bound check on nr_nodes (max 4096)
- Minimum section size check before allocating
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude Code:claude-opus-4-6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
| -rw-r--r-- | tools/perf/util/header.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index acd6b07528e0..2f405776e501 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -63,6 +63,7 @@ #include <event-parse.h> #endif +#define MAX_NUMA_NODES 4096 #define MAX_SCHED_DOMAINS 64 /* @@ -3005,6 +3006,18 @@ static int process_numa_topology(struct feat_fd *ff, void *data __maybe_unused) if (do_read_u32(ff, &nr)) return -1; + if (nr > MAX_NUMA_NODES) { + pr_err("Invalid HEADER_NUMA_TOPOLOGY: nr_nodes (%u) > %u\n", + nr, MAX_NUMA_NODES); + return -1; + } + + if (ff->size < sizeof(u32) + nr * (sizeof(u32) + 2 * sizeof(u64))) { + pr_err("Invalid HEADER_NUMA_TOPOLOGY: section too small (%zu) for %u nodes\n", + ff->size, nr); + return -1; + } + nodes = calloc(nr, sizeof(*nodes)); if (!nodes) return -ENOMEM; |