tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

perf header: Sanity check HEADER_PMU_CAPS

Add upper bound checks in PMU capabilities processing to harden against
malformed perf.data files:

- nr_pmu bounded to MAX_PMU_MAPPINGS (4096) in process_pmu_caps()
- nr_pmu_caps bounded to MAX_PMU_CAPS (512) in __process_pmu_caps()

Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude Code:claude-opus-4-6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>

authored by

Arnaldo Carvalho de Melo and committed by
Namhyung Kim f5722a6b 47c68eb1

+19
+19
tools/perf/util/header.c
··· 66 66 #define MAX_CACHE_ENTRIES 32768 67 67 #define MAX_GROUP_DESC 32768 68 68 #define MAX_NUMA_NODES 4096 69 + #define MAX_PMU_CAPS 512 69 70 #define MAX_PMU_MAPPINGS 4096 70 71 #define MAX_SCHED_DOMAINS 64 71 72 ··· 3678 3677 if (!nr_pmu_caps) 3679 3678 return 0; 3680 3679 3680 + if (nr_pmu_caps > MAX_PMU_CAPS) { 3681 + pr_err("Invalid pmu caps: nr_pmu_caps (%u) > %u\n", 3682 + nr_pmu_caps, MAX_PMU_CAPS); 3683 + return -1; 3684 + } 3685 + 3681 3686 *caps = calloc(nr_pmu_caps, sizeof(char *)); 3682 3687 if (!*caps) 3683 3688 return -1; ··· 3759 3752 if (!nr_pmu) { 3760 3753 pr_debug("pmu capabilities not available\n"); 3761 3754 return 0; 3755 + } 3756 + 3757 + if (nr_pmu > MAX_PMU_MAPPINGS) { 3758 + pr_err("Invalid HEADER_PMU_CAPS: nr_pmu (%u) > %u\n", 3759 + nr_pmu, MAX_PMU_MAPPINGS); 3760 + return -1; 3761 + } 3762 + 3763 + if (ff->size < sizeof(u32) + nr_pmu * sizeof(u32)) { 3764 + pr_err("Invalid HEADER_PMU_CAPS: section too small (%zu) for %u PMUs\n", 3765 + ff->size, nr_pmu); 3766 + return -1; 3762 3767 } 3763 3768 3764 3769 pmu_caps = calloc(nr_pmu, sizeof(*pmu_caps));