summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorArnaldo Carvalho de Melo <acme@redhat.com>2026-06-13 21:25:11 +0300
committerArnaldo Carvalho de Melo <acme@redhat.com>2026-06-17 15:21:03 +0300
commit5ebf4137d23a4fd6c0cc6a6fb766ee60d2b09193 (patch)
tree493ac2afc88c448f6433b8fa40aaff80c1ee9605 /scripts
parentfe68cf349fb343c0a7cb6c4fe6c3de4f4afe8d1c (diff)
downloadlinux-5ebf4137d23a4fd6c0cc6a6fb766ee60d2b09193.tar.xz
perf bpf: Validate array presence before casting BPF prog info pointers
Several functions cast bpf_prog_info fields (jited_ksyms, jited_func_lens, jited_prog_insns) from u64 to pointers and dereference them. These fields are only valid pointers if bpil_offs_to_addr() converted their file offsets to addresses, which only happens when the corresponding PERF_BPIL_* bits are set in info_linear->arrays. A crafted perf.data can leave these bits unset while setting non-zero counts and offset values, causing the functions to dereference raw file offsets as pointers. Add array bitmask validation to all perf.data processing paths: - __bpf_event__print_bpf_prog_info(): check JITED_KSYMS and JITED_FUNC_LENS (changed to take struct perf_bpil *) - machine__process_bpf_event_load(): check JITED_KSYMS - bpf_read(): check JITED_INSNS before memcpy from jited_prog_insns - dso__disassemble_filename(): check JITED_INSNS before returning jited_prog_insns pointer Fixes: f8dfeae009effc0b ("perf bpf: Show more BPF program info in print_bpf_prog_info()") Reported-by: sashiko-bot <sashiko-bot@kernel.org> Cc: Song Liu <songliubraving@fb.com> Assisted-by: Claude:claude-opus-4.6 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions