tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

perf header: Sanity check HEADER_MEM_TOPOLOGY

Add validation to process_mem_topology() to harden against malformed
perf.data files:

- Upper bound check on nr_nodes (reuses MAX_NUMA_NODES, 4096)
- Minimum section size check before allocating

This is particularly important here since nr is u64, making unbounded
values especially dangerous.

Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude Code:claude-opus-4-6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>

authored by

Arnaldo Carvalho de Melo and committed by
Namhyung Kim a881fc56 4ba22301

+12
+12
tools/perf/util/header.c
··· 3308 3308 if (do_read_u64(ff, &nr)) 3309 3309 return -1; 3310 3310 3311 + if (nr > MAX_NUMA_NODES) { 3312 + pr_err("Invalid HEADER_MEM_TOPOLOGY: nr_nodes (%llu) > %u\n", 3313 + (unsigned long long)nr, MAX_NUMA_NODES); 3314 + return -1; 3315 + } 3316 + 3317 + if (ff->size < 3 * sizeof(u64) + nr * 2 * sizeof(u64)) { 3318 + pr_err("Invalid HEADER_MEM_TOPOLOGY: section too small (%zu) for %llu nodes\n", 3319 + ff->size, (unsigned long long)nr); 3320 + return -1; 3321 + } 3322 + 3311 3323 nodes = calloc(nr, sizeof(*nodes)); 3312 3324 if (!nodes) 3313 3325 return -1;