From: Yichong Chen <chenyichong@uniontech.com>
To: akpm@linux-foundation.org
Cc: vishal.moola@gmail.com, ye.liu@linux.dev, zhen.ni@easystack.cn,
chenyichong@uniontech.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v5 3/3] tools/mm/page_owner_sort: bound pattern output copies
Date: Mon, 29 Jun 2026 09:43:16 +0800 [thread overview]
Message-ID: <20260629014316.130307-4-chenyichong@uniontech.com> (raw)
In-Reply-To: <20260629014316.130307-1-chenyichong@uniontech.com>
search_pattern() copies a regex capture into caller-provided buffers
without knowing their sizes. Several callers pass fixed-size buffers,
including FIELD_BUFF and TASK_COMM_LEN.
Pass the destination size to search_pattern(), reject captures that do
not fit before copying them, and terminate the output string inside
search_pattern().
Signed-off-by: Yichong Chen <chenyichong@uniontech.com>
---
tools/mm/page_owner_sort.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/tools/mm/page_owner_sort.c b/tools/mm/page_owner_sort.c
index 4c9be28abe3b..35d3d254941c 100644
--- a/tools/mm/page_owner_sort.c
+++ b/tools/mm/page_owner_sort.c
@@ -237,7 +237,8 @@ static int remove_pattern(regex_t *pattern, char *buf, int len)
return len - (pmatch[1].rm_eo - pmatch[1].rm_so);
}
-static int search_pattern(regex_t *pattern, char *pattern_str, char *buf)
+static int search_pattern(regex_t *pattern, char *pattern_str,
+ size_t pattern_str_size, char *buf)
{
int err, val_len;
regmatch_t pmatch[2];
@@ -249,6 +250,12 @@ static int search_pattern(regex_t *pattern, char *pattern_str, char *buf)
return -1;
}
val_len = pmatch[1].rm_eo - pmatch[1].rm_so;
+ if ((size_t)val_len >= pattern_str_size) {
+ if (debug_on)
+ fprintf(stderr, "pattern too long in %s\n", buf);
+ return -1;
+ }
memcpy(pattern_str, buf + pmatch[1].rm_so, val_len);
+ pattern_str[val_len] = '\0';
@@ -307,7 +314,8 @@ static int get_page_num(char *buf)
char order_str[FIELD_BUFF] = {0};
char *endptr;
- search_pattern(&order_pattern, order_str, buf);
+ if (search_pattern(&order_pattern, order_str, sizeof(order_str), buf) < 0)
+ return 0;
errno = 0;
order_val = strtol(order_str, &endptr, 10);
if (order_val > 64 || errno != 0 || endptr == order_str || *endptr != '\0') {
@@ -325,7 +333,8 @@ static pid_t get_pid(char *buf)
char pid_str[FIELD_BUFF] = {0};
char *endptr;
- search_pattern(&pid_pattern, pid_str, buf);
+ if (search_pattern(&pid_pattern, pid_str, sizeof(pid_str), buf) < 0)
+ return -1;
errno = 0;
pid = strtol(pid_str, &endptr, 10);
if (errno != 0 || endptr == pid_str || *endptr != '\0') {
@@ -344,7 +353,8 @@ static pid_t get_tgid(char *buf)
char tgid_str[FIELD_BUFF] = {0};
char *endptr;
- search_pattern(&tgid_pattern, tgid_str, buf);
+ if (search_pattern(&tgid_pattern, tgid_str, sizeof(tgid_str), buf) < 0)
+ return -1;
errno = 0;
tgid = strtol(tgid_str, &endptr, 10);
if (errno != 0 || endptr == tgid_str || *endptr != '\0') {
@@ -363,7 +373,9 @@ static __u64 get_ts_nsec(char *buf)
char ts_nsec_str[FIELD_BUFF] = {0};
char *endptr;
- search_pattern(&ts_nsec_pattern, ts_nsec_str, buf);
+ if (search_pattern(&ts_nsec_pattern, ts_nsec_str,
+ sizeof(ts_nsec_str), buf) < 0)
+ return -1;
errno = 0;
ts_nsec = strtoull(ts_nsec_str, &endptr, 10);
if (errno != 0 || endptr == ts_nsec_str || *endptr != '\0') {
@@ -384,7 +396,10 @@ static char *get_comm(char *buf)
memset(comm_str, 0, TASK_COMM_LEN);
- search_pattern(&comm_pattern, comm_str, buf);
+ if (search_pattern(&comm_pattern, comm_str, TASK_COMM_LEN, buf) < 0) {
+ free(comm_str);
+ return NULL;
+ }
errno = 0;
if (errno != 0) {
if (debug_on)
--
2.51.0
next prev parent reply other threads:[~2026-06-29 1:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-29 1:43 [PATCH v5 0/3] tools/mm/page_owner_sort: fix filtering and cleanup issues Yichong Chen
2026-06-29 1:43 ` [PATCH v5 1/3] tools/mm/page_owner_sort: return explicit filter results Yichong Chen
2026-06-29 1:43 ` [PATCH v5 2/3] tools/mm/page_owner_sort: free per-record allocations Yichong Chen
2026-06-29 1:43 ` Yichong Chen [this message]
2026-06-29 4:41 ` [PATCH v5 0/3] tools/mm/page_owner_sort: fix filtering and cleanup issues Andrew Morton
2026-06-29 6:25 ` [PATCH] tools/mm/page_owner_sort: report get_comm failures at source Yichong Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260629014316.130307-4-chenyichong@uniontech.com \
--to=chenyichong@uniontech.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=vishal.moola@gmail.com \
--cc=ye.liu@linux.dev \
--cc=zhen.ni@easystack.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox