DivestOS/Patches/Linux_CVEs/CVE-2016-0819/ANY/0001.patch

36 lines
1.1 KiB
Diff
Raw Normal View History

From e32c1b1a3d368afe1b09e81b3087ab8810282e93 Mon Sep 17 00:00:00 2001
From: Srinivasarao P <spathi@codeaurora.org>
Date: Tue, 1 Mar 2016 12:16:03 +0530
Subject: perf: duplicate deletion of perf event
a malicious app can open a perf event with constraint_duplicate
bit set, disable the event, and close the fd. On closing the fd,
the perf_release() modification causes the kernel to clean up
the event as if it still were enabled, leading to the event
being removed from a list twice.
CRs-Fixed: 977563
Change-Id: I5fbec3722407d2f3d0ff0d9f7097c5889e31fd62
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
---
kernel/events/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 7dd822b..868300d 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -6243,6 +6243,9 @@ SYSCALL_DEFINE5(perf_event_open,
if (err)
return err;
+ if (attr.constraint_duplicate || attr.__reserved_1)
+ return -EINVAL;
+
if (!attr.exclude_kernel) {
if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
return -EACCES;
--
cgit v1.1