kernel/SOURCES/1008-perf-Fix-check-before-add_event_to_groups-in-perf_gr.patch

46 lines
1.8 KiB
Diff

From 7dcc341e1a59f07dcd6ac591ecd90b41dcd28611 Mon Sep 17 00:00:00 2001
From: Budimir Markovic <markovicbudimir@gmail.com>
Date: Tue, 8 Aug 2023 12:48:54 +0000
Subject: [PATCH 7/7] perf: Fix check before add_event_to_groups() in
perf_group_detach()
commit fd0815f632c24878e325821943edccc7fde947a2 upstream
Author: Budimir Markovic <markovicbudimir@gmail.com>
Date: Wed Mar 15 00:29:01 2023 -0700
Events should only be added to a groups rb tree if they have not been
removed from their context by list_del_event(). Since remove_on_exec
made it possible to call list_del_event() on individual events before
they are detached from their group, perf_group_detach() should check each
sibling's attach_state before calling add_event_to_groups() on it.
Fixes: 2e498d0a74e5 ("perf: Add support for event removal on exec")
Signed-off-by: Budimir Markovic <markovicbudimir@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/ZBFzvQV9tEqoHEtH@gentoo
CVE: CVE-2023-2235
Signed-off-by: Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com>
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
---
kernel/events/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index d2adc3cbf..182494495 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -2210,7 +2210,7 @@ static void perf_group_detach(struct perf_event *event)
/* Inherit group flags from the previous leader */
sibling->group_caps = event->group_caps;
- if (!RB_EMPTY_NODE(&event->group_node)) {
+ if (sibling->attach_state & PERF_ATTACH_CONTEXT) {
add_event_to_groups(sibling, event->ctx);
if (sibling->state == PERF_EVENT_STATE_ACTIVE)
--
2.31.1