diff options
author | Srinivasarao P <spathi@codeaurora.org> | 2016-03-01 12:16:03 +0530 |
---|---|---|
committer | Andreas Blaesius <skate4life@gmx.de> | 2016-10-27 10:30:46 +0200 |
commit | d99c71893b96b3387dd40baaaf6e84bd51934290 (patch) | |
tree | 738d2d0a2daf3948c234bc7c2779167489524119 | |
parent | ad1133d4ef9b5124075949cb2c8a1cc66e84391c (diff) | |
download | kernel_samsung_espresso10-d99c71893b96b3387dd40baaaf6e84bd51934290.tar.gz kernel_samsung_espresso10-d99c71893b96b3387dd40baaaf6e84bd51934290.tar.bz2 kernel_samsung_espresso10-d99c71893b96b3387dd40baaaf6e84bd51934290.zip |
perf: duplicate deletion of perf event
a malicious app can open a perf event with constraint_duplicate
bit set, disable the event, and close the fd. On closing the fd,
the perf_release() modification causes the kernel to clean up
the event as if it still were enabled, leading to the event
being removed from a list twice.
CRs-Fixed: 977563
Change-Id: I5fbec3722407d2f3d0ff0d9f7097c5889e31fd62
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-rw-r--r-- | kernel/events/core.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/events/core.c b/kernel/events/core.c index acdc087f29e..37a71e1f3b9 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -6477,6 +6477,9 @@ SYSCALL_DEFINE5(perf_event_open, if (err) return err; + if (attr.__reserved_1) + return -EINVAL; + if (!attr.exclude_kernel) { if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) return -EACCES; |