| commit | 7575818a50f3d0cc87dd8e7d5207534f0a6a63de | [log] [tgz] |
|---|---|---|
| author | Vaibhav Rustagi <[email protected]> | Mon May 23 11:45:02 2022 -0700 |
| committer | COS Cherry Picker <[email protected]> | Mon May 23 22:30:52 2022 -0700 |
| tree | 56c0ea62d2315d8ecfcc09738507c87b23f03c4a | |
| parent | f0713719326752e66ab81850e17e68f38e4356a3 [diff] |
perf: Fix sys_perf_event_open() race against self commit 3ac6487e584a1eb54071dbe1212e05b884136704 upstream. Norbert reported that it's possible to race sys_perf_event_open() such that the looser ends up in another context from the group leader, triggering many WARNs. The move_group case checks for races against itself, but the !move_group case doesn't, seemingly relying on the previous group_leader->ctx == ctx check. However, that check is racy due to not holding any locks at that time. Therefore, re-check the result after acquiring locks and bailing if they no longer match. Additionally, clarify the not_move_group case from the move_group-vs-move_group race. BUG=b/233371726 TEST=presubmit SOURCE=UPSTREAM(https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/perf-fix-sys_perf_event_open-race-against-self.patch?id=5c1c22120ab62c2b693bc6cee6cb2ee52a3662d1) RELEASE_NOTE=Fixed CVE-2022-1729 in the Linux Kernel. cos-patch: security-high Fixes: f63a8daa5812 ("perf: Fix event->ctx locking") Reported-by: Norbert Slusarek <[email protected]> Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Change-Id: Id32b99544094c822854b57e55d83fd540796434f Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/33084 Main-Branch-Verified: Cusky Presubmit Bot <[email protected]> Reviewed-by: Meena Shanmugam <[email protected]> Tested-by: Cusky Presubmit Bot <[email protected]> Reviewed-by: Oleksandr Tymoshenko <[email protected]>