At Wed, 16 Jul 2014 14:33:29 +0200, Jiri Olsa wrote: > > There's no need to check cloned event's permission once the > parent was already checked. > > Also the code is checking 'current' process permissions, which > is not owner process for cloned events, thus could end up with > wrong permission check result. > > Reported-by: Alexander Yarygin <yary...@linux.vnet.ibm.com> > Cc: Alexander Yarygin <yary...@linux.vnet.ibm.com> > Cc: Arnaldo Carvalho de Melo <a...@kernel.org> > Cc: Corey Ashford <cjash...@linux.vnet.ibm.com> > Cc: Frederic Weisbecker <fweis...@gmail.com> > Cc: Ingo Molnar <mi...@kernel.org> > Cc: Paul Mackerras <pau...@samba.org> > Cc: Peter Zijlstra <a.p.zijls...@chello.nl> > Link: > http://lkml.kernel.org/r/1405079782-8139-1-git-send-email-jo...@kernel.org > Signed-off-by: Jiri Olsa <jo...@kernel.org> > --- > kernel/trace/trace_event_perf.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c > index 5d12bb407b44..4b9c114ee9de 100644 > --- a/kernel/trace/trace_event_perf.c > +++ b/kernel/trace/trace_event_perf.c > @@ -30,6 +30,18 @@ static int perf_trace_event_perm(struct ftrace_event_call > *tp_event, > return ret; > } > > + /* > + * We checked and allowed to create parent, > + * allow children without checking. > + */ > + if (p_event->parent) > + return 0; > + > + /* > + * It's ok to check current process (owner) permissions in here, > + * because code below is called only via perf_event_open syscall. > + */ > + > /* The ftrace function trace is allowed only for root. */ > if (ftrace_event_is_function(tp_event)) { > if (perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN)) > -- > 1.8.3.1 >
Tested-by: Alexander Yarygin <yary...@linux.vnet.ibm.com> Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
