]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
perf tools: Guard remaining test_bit calls from OOB sample CPU
authorArnaldo Carvalho de Melo <acme@redhat.com>
Thu, 4 Jun 2026 21:11:41 +0000 (18:11 -0300)
committerArnaldo Carvalho de Melo <acme@redhat.com>
Thu, 4 Jun 2026 22:17:36 +0000 (19:17 -0300)
commit7ccd2e6cecd5bb02a5a15f0dd7199d1e81380bda
tree61d25134af71ccc7793333a561c976420f0f305b
parentc8b04142078a9ccb9e402ab7c38de7123256f4a5
perf tools: Guard remaining test_bit calls from OOB sample CPU

auxtrace.c:filter_cpu() and builtin-script.c:filter_cpu() call
test_bit(cpu, cpu_bitmap) where cpu_bitmap is declared with
MAX_NR_CPUS bits.  When the CPU value from a perf.data event is
corrupt or absent (e.g. negative or >= MAX_NR_CPUS), test_bit reads
out of bounds.

Add bounds checks before test_bit(): >= 0 for the int16_t cpu.cpu in
auxtrace (which also covers the -1 sentinel), and < MAX_NR_CPUS for
both sites.  Matches the pattern applied in the previous series for
builtin-annotate.c, builtin-diff.c, builtin-report.c, and
builtin-sched.c.

Fixes: 644e0840ad46 ("perf auxtrace: Add CPU filter support")
Fixes: 5d67be97f890 ("perf report/annotate/script: Add option to specify a CPU range")
Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
tools/perf/builtin-script.c
tools/perf/util/auxtrace.c