diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-06-13 20:40:36 +0300 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-06-17 15:21:03 +0300 |
| commit | 78d8ba680126f3545e8d0fba667e12d79fd4353b (patch) | |
| tree | e403b0037ec2d517c277c2fbb317d8d6286da6e4 /scripts/Makefile.thinlto | |
| parent | 312d91329b8fc6989a916a3f9a12d0674167b7e4 (diff) | |
| download | linux-78d8ba680126f3545e8d0fba667e12d79fd4353b.tar.xz | |
perf cs-etm: Require full global header in auxtrace_info size check
cs_etm__process_auxtrace_info() checks that header.size covers
event_header_size + INFO_HEADER_SIZE (16 bytes total), but then
accesses ptr[CS_PMU_TYPE_CPUS] at offset 24 from the start of the
event. A crafted 16-byte auxtrace_info event passes the size check
but reads out-of-bounds.
Include CS_ETM_HEADER_SIZE in the minimum size check so that the
global header entries (version, pmu_type_cpus, snapshot) are
guaranteed to fit within the event.
Fixes: 55c1de9973d66516 ("perf cs-etm: Print auxtrace info even if OpenCSD isn't linked")
Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: James Clark <james.clark@arm.com>
Cc: Leo Yan <leo.yan@linaro.org>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'scripts/Makefile.thinlto')
0 files changed, 0 insertions, 0 deletions
