mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-12 01:14:22 -05:00
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From e32c1b1a3d368afe1b09e81b3087ab8810282e93 Mon Sep 17 00:00:00 2001
|
|
From: Srinivasarao P <spathi@codeaurora.org>
|
|
Date: Tue, 1 Mar 2016 12:16:03 +0530
|
|
Subject: perf: duplicate deletion of perf event
|
|
|
|
a malicious app can open a perf event with constraint_duplicate
|
|
bit set, disable the event, and close the fd. On closing the fd,
|
|
the perf_release() modification causes the kernel to clean up
|
|
the event as if it still were enabled, leading to the event
|
|
being removed from a list twice.
|
|
|
|
CRs-Fixed: 977563
|
|
Change-Id: I5fbec3722407d2f3d0ff0d9f7097c5889e31fd62
|
|
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
|
---
|
|
kernel/events/core.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/kernel/events/core.c b/kernel/events/core.c
|
|
index 7dd822b..868300d 100644
|
|
--- a/kernel/events/core.c
|
|
+++ b/kernel/events/core.c
|
|
@@ -6243,6 +6243,9 @@ SYSCALL_DEFINE5(perf_event_open,
|
|
if (err)
|
|
return err;
|
|
|
|
+ if (attr.constraint_duplicate || attr.__reserved_1)
|
|
+ return -EINVAL;
|
|
+
|
|
if (!attr.exclude_kernel) {
|
|
if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
|
|
return -EACCES;
|
|
--
|
|
cgit v1.1
|
|
|