diff mbox series

[SRU,OEM-5.17,OEM-6.0,1/1] perf: Fix check before add_event_to_groups() in perf_group_detach()

Message ID 20230804115843.738456-2-cascardo@canonical.com
State New
Headers show
Series CVE-2023-2235 | expand

Commit Message

Thadeu Lima de Souza Cascardo Aug. 4, 2023, 11:58 a.m. UTC 
From: Budimir Markovic <markovicbudimir@gmail.com>

Events should only be added to a groups rb tree if they have not been
removed from their context by list_del_event(). Since remove_on_exec
made it possible to call list_del_event() on individual events before
they are detached from their group, perf_group_detach() should check each
sibling's attach_state before calling add_event_to_groups() on it.

Fixes: 2e498d0a74e5 ("perf: Add support for event removal on exec")
Signed-off-by: Budimir Markovic <markovicbudimir@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/ZBFzvQV9tEqoHEtH@gentoo
(cherry picked from commit fd0815f632c24878e325821943edccc7fde947a2)
CVE-2023-2235
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
---
 kernel/events/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 142b1460f190..e0e8f173b019 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -2260,7 +2260,7 @@  static void perf_group_detach(struct perf_event *event)
 		/* Inherit group flags from the previous leader */
 		sibling->group_caps = event->group_caps;
 
-		if (!RB_EMPTY_NODE(&event->group_node)) {
+		if (sibling->attach_state & PERF_ATTACH_CONTEXT) {
 			add_event_to_groups(sibling, event->ctx);
 
 			if (sibling->state == PERF_EVENT_STATE_ACTIVE)