Trinity discovered that we fail to check all 64 bits of attr.config
passed by user space, resulting to out-of-bounds access of the
perf_swevent_enabled array in sw_perf_event_destroy().
Introduced in commit b0a873ebb ("perf: Register PMU implementations").
Signed-off-by: Tommi Rantala <tt.rant...@gmail.com>
Cc: Peter Zijlstra <a.p.zijls...@chello.nl>
---
kernel/events/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 59412d0..fff6420 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5330,7 +5330,7 @@ static void sw_perf_event_destroy(struct perf_event
*event)
static int perf_swevent_init(struct perf_event *event)
{
- int event_id = event->attr.config;
+ u64 event_id = event->attr.config;
if (event->attr.type != PERF_TYPE_SOFTWARE)
return -ENOENT;
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
