From: Wander Lairson Costa Date: Mon, 9 Mar 2026 19:46:21 +0000 (-0300) Subject: rtla/timerlat: Add bounds check for softirq vector X-Git-Tag: v7.1-rc1~139^2~12 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d6515424e80583928ec1c55e9dd4e906bc90d9be;p=thirdparty%2Fkernel%2Flinux.git rtla/timerlat: Add bounds check for softirq vector Add bounds checking when accessing the softirq_name array using the vector value from kernel trace data. The vector field from the osnoise:softirq_noise event is used directly as an array index without validation, which could cause an out-of-bounds read if the kernel provides an unexpected vector value. The softirq_name array contains 10 elements corresponding to the standard Linux softirq vectors. While the kernel should only provide valid vector values in the range 0-9, defensive programming requires validating untrusted input before using it as an array index. If an out-of-range vector is encountered, display the word UNKNOWN instead of attempting to read beyond the array bounds. Signed-off-by: Wander Lairson Costa Link: https://lore.kernel.org/r/20260309195040.1019085-9-wander@redhat.com Signed-off-by: Tomas Glozar --- diff --git a/tools/tracing/rtla/src/timerlat_aa.c b/tools/tracing/rtla/src/timerlat_aa.c index 41d8d48c5b41b..a121ff9d2c571 100644 --- a/tools/tracing/rtla/src/timerlat_aa.c +++ b/tools/tracing/rtla/src/timerlat_aa.c @@ -417,8 +417,8 @@ static int timerlat_aa_softirq_handler(struct trace_seq *s, struct tep_record *r taa_data->thread_softirq_sum += duration; trace_seq_printf(taa_data->softirqs_seq, " %24s:%-3llu %.*s %9.2f us\n", - softirq_name[vector], vector, - 24, spaces, + vector < ARRAY_SIZE(softirq_name) ? softirq_name[vector] : "UNKNOWN", + vector, 24, spaces, ns_to_usf(duration)); return 0; }