[PATCH 05/13] perf header: Sanity check HEADER_NUMA_TOPOLOGY

Next message: Arnaldo Carvalho de Melo: "[PATCH 07/13] perf header: Sanity check HEADER_PMU_MAPPINGS"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 03/13] perf header: Sanity check HEADER_NRCPUS and HEADER_CPU_DOMAIN_INFO"
In reply to: Arnaldo Carvalho de Melo: "[PATCH 03/13] perf header: Sanity check HEADER_NRCPUS and HEADER_CPU_DOMAIN_INFO"
Next in thread: Arnaldo Carvalho de Melo: "[PATCH 07/13] perf header: Sanity check HEADER_PMU_MAPPINGS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Arnaldo Carvalho de Melo

Date: Thu Apr 09 2026 - 20:41:14 EST

From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>

Add validation to process_numa_topology() to harden against malformed
perf.data files:

- Upper bound check on nr_nodes (max 4096)
- Minimum section size check before allocating

Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Ian Rogers <irogers@xxxxxxxxxx>
Assisted-by: Claude Code:claude-opus-4-6
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
---
tools/perf/util/header.c | 13 +++++++++++++
1 file changed, 13 insertions(+)

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index a7df8ed9a69e9231..2c6f7c96e2dccaf1 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3003,6 +3003,19 @@ static int process_numa_topology(struct feat_fd *ff, void *data __maybe_unused)
if (do_read_u32(ff, &nr))
return -1;

+#define MAX_NUMA_NODES 4096
+ if (nr > MAX_NUMA_NODES) {
+ pr_err("Invalid HEADER_NUMA_TOPOLOGY: nr_nodes (%u) > %u\n",
+ nr, MAX_NUMA_NODES);
+ return -1;
+ }
+
+ if (ff->size < sizeof(u32) + nr * (sizeof(u32) + 2 * sizeof(u64))) {
+ pr_err("Invalid HEADER_NUMA_TOPOLOGY: section too small (%zu) for %u nodes\n",
+ ff->size, nr);
+ return -1;
+ }
+
nodes = calloc(nr, sizeof(*nodes));
if (!nodes)
return -ENOMEM;
--
2.53.0