Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a82f1b62 authored by Srinivasarao P's avatar Srinivasarao P Committed by Gerrit - the friendly Code Review server
Browse files

perf: duplicate deletion of perf event 



a malicious app can open a perf event with constraint_duplicate
bit set, disable the event, and close the fd.  On closing the fd,
the perf_release() modification causes the kernel to clean up
the event as if it still were enabled, leading to the event
being removed from a list twice.

CRs-Fixed: 977563
Change-Id: I5fbec3722407d2f3d0ff0d9f7097c5889e31fd62
Signed-off-by: default avatarSrinivasarao P <spathi@codeaurora.org>
parent 359d85b4

kernel/events/core.c

+3 −0
Original line number Diff line number Diff line
@@ -7348,6 +7348,9 @@ SYSCALL_DEFINE5(perf_event_open, 
	if (err)

		return err;



	if (attr.constraint_duplicate || attr.__reserved_1)

		return -EINVAL;



	if (!attr.exclude_kernel) {

		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))

			return -EACCES;