From: sashiko-bot@kernel.org
To: "Arnaldo Carvalho de Melo" <acme@kernel.org>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH 05/13] perf header: Sanity check HEADER_NUMA_TOPOLOGY
Date: Fri, 10 Apr 2026 22:28:11 +0000 [thread overview]
Message-ID: <20260410222812.0A28EC19421@smtp.kernel.org> (raw)
In-Reply-To: <20260410220905.200051-6-acme@kernel.org>
Sashiko AI review found 1 potential issue(s):
- [Low] The minimum section size calculation for HEADER_NUMA_TOPOLOGY omits the mandatory string length field per node.
--
commit 5064a9beb88eb8009f39a18c54d4d42f61a38a69
Author: Arnaldo Carvalho de Melo <acme@redhat.com>
perf header: Sanity check HEADER_NUMA_TOPOLOGY
This commit adds validation to process_numa_topology() to harden against
malformed perf.data files. It introduces an upper bound check on nr_nodes
and a minimum section size check before allocating memory.
> diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
> index acd6b07528e01..2f405776e5013 100644
> --- a/tools/perf/util/header.c
> +++ b/tools/perf/util/header.c
[ ... ]
> @@ -3005,6 +3006,18 @@ static int process_numa_topology(struct feat_fd *ff, void *data __maybe_unused)
> if (do_read_u32(ff, &nr))
> return -1;
>
> + if (nr > MAX_NUMA_NODES) {
> + pr_err("Invalid HEADER_NUMA_TOPOLOGY: nr_nodes (%u) > %u\n",
> + nr, MAX_NUMA_NODES);
> + return -1;
> + }
> +
> + if (ff->size < sizeof(u32) + nr * (sizeof(u32) + 2 * sizeof(u64))) {
Does this calculation omit the mandatory string length field for each node?
The subsequent parsing loop reads the node ID, memory totals, and a CPU map
string:
if (do_read_u32(ff, &n->node))
goto error;
if (do_read_u64(ff, &n->mem_total))
goto error;
if (do_read_u64(ff, &n->mem_free))
goto error;
str = do_read_string(ff);
Since do_read_string() always reads a u32 length prefix before the string
content, the true minimum size per node appears to be 24 bytes rather than 20
bytes (sizeof(u32) + 2 * sizeof(u64) + sizeof(u32)).
While truncated files will still safely fail later during the actual read
operations, this calculation allows slightly truncated files to bypass the
new validation check.
> + pr_err("Invalid HEADER_NUMA_TOPOLOGY: section too small (%zu) for %u nodes\n",
> + ff->size, nr);
> + return -1;
> + }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260410220905.200051-1-acme@kernel.org?part=5
next prev parent reply other threads:[~2026-04-10 22:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 22:08 [PATCHES perf-tools-next v2 00/13] Sanity check perf.data headers Arnaldo Carvalho de Melo
2026-04-10 22:08 ` [PATCH 01/13] perf header: Validate nr_domains when reading HEADER_CPU_DOMAIN_INFO Arnaldo Carvalho de Melo
2026-04-10 22:08 ` [PATCH 02/13] perf header: Bump up the max number of command line args allowed Arnaldo Carvalho de Melo
2026-04-10 22:34 ` sashiko-bot
2026-04-10 22:08 ` [PATCH 03/13] perf header: Sanity check HEADER_NRCPUS and HEADER_CPU_DOMAIN_INFO Arnaldo Carvalho de Melo
2026-04-10 22:45 ` sashiko-bot
2026-04-10 22:08 ` [PATCH 04/13] perf header: Sanity check HEADER_CPU_TOPOLOGY Arnaldo Carvalho de Melo
2026-04-10 22:38 ` sashiko-bot
2026-04-10 22:08 ` [PATCH 05/13] perf header: Sanity check HEADER_NUMA_TOPOLOGY Arnaldo Carvalho de Melo
2026-04-10 22:28 ` sashiko-bot [this message]
2026-04-10 22:08 ` [PATCH 06/13] perf header: Sanity check HEADER_MEM_TOPOLOGY Arnaldo Carvalho de Melo
2026-04-10 22:32 ` sashiko-bot
2026-04-10 22:08 ` [PATCH 07/13] perf header: Sanity check HEADER_PMU_MAPPINGS Arnaldo Carvalho de Melo
2026-04-10 22:33 ` sashiko-bot
2026-04-10 22:09 ` [PATCH 08/13] perf header: Sanity check HEADER_GROUP_DESC Arnaldo Carvalho de Melo
2026-04-10 22:28 ` sashiko-bot
2026-04-10 22:09 ` [PATCH 09/13] perf header: Sanity check HEADER_CACHE Arnaldo Carvalho de Melo
2026-04-10 22:09 ` [PATCH 10/13] perf header: Sanity check HEADER_HYBRID_TOPOLOGY Arnaldo Carvalho de Melo
2026-04-10 22:09 ` [PATCH 11/13] perf header: Sanity check HEADER_PMU_CAPS Arnaldo Carvalho de Melo
2026-04-10 22:09 ` [PATCH 12/13] perf header: Sanity check HEADER_BPF_PROG_INFO Arnaldo Carvalho de Melo
2026-04-10 22:09 ` [PATCH 13/13] perf header: Add sanity checks to HEADER_BPF_BTF processing Arnaldo Carvalho de Melo
-- strict thread matches above, loose matches on Subject: below --
2026-04-10 0:39 [PATCHES perf-tools-next v1 00/13] Sanity check perf.data headers Arnaldo Carvalho de Melo
2026-04-10 0:39 ` [PATCH 05/13] perf header: Sanity check HEADER_NUMA_TOPOLOGY Arnaldo Carvalho de Melo
2026-04-10 1:04 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260410222812.0A28EC19421@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=acme@kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox