Google Git
Sign in
cos / third_party / kernel / 6995e3511d73d30f312bf13f145f16251466d93b
commit6995e3511d73d30f312bf13f145f16251466d93b[log] [tgz]
authorVaibhav Rustagi <[email protected]>Mon May 23 11:40:17 2022 -0700
committerCOS Cherry Picker <[email protected]>Mon May 23 16:05:07 2022 -0700
tree58ec483c2faefa52bec156538a4480a533250c0f
parentfe98d9e04ed34922214f57bacba3b9dc029e881c [diff]
perf: Fix sys_perf_event_open() race against self

commit 3ac6487e584a1eb54071dbe1212e05b884136704 upstream.

Norbert reported that it's possible to race sys_perf_event_open() such
that the looser ends up in another context from the group leader,
triggering many WARNs.

The move_group case checks for races against itself, but the
!move_group case doesn't, seemingly relying on the previous
group_leader->ctx == ctx check. However, that check is racy due to not
holding any locks at that time.

Therefore, re-check the result after acquiring locks and bailing
if they no longer match.

Additionally, clarify the not_move_group case from the
move_group-vs-move_group race.

BUG=b/233371810
TEST=presubmit
SOURCE=UPSTREAM(https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/perf-fix-sys_perf_event_open-race-against-self.patch?id=5c1c22120ab62c2b693bc6cee6cb2ee52a3662d1)
RELEASE_NOTE=Fixed CVE-2022-1729 in the Linux Kernel.

cos-patch: security-high
Fixes: f63a8daa5812 ("perf: Fix event->ctx locking")
Reported-by: Norbert Slusarek <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Change-Id: Id32b99544094c822854b57e55d83fd540796434f
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/33083
Tested-by: Cusky Presubmit Bot <[email protected]>
Reviewed-by: Meena Shanmugam <[email protected]>
Main-Branch-Verified: Cusky Presubmit Bot <[email protected]>
Reviewed-by: Oleksandr Tymoshenko <[email protected]>
1 file changed
tree: 58ec483c2faefa52bec156538a4480a533250c0f
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. PRESUBMIT.cfg
  36. README