From baedb01454deb32b3d7e0e96cdd895ae166bca42 Mon Sep 17 00:00:00 2001 From: Wish Wu <wishwu007@gmail.com> Date: Fri, 15 Jan 2016 20:03:14 -0500 Subject: [PATCH] msm: null pointer dereferencing Prevent unintended kernel NULL pointer dereferencing. Orignal code: hlist_del_rcu(&event->hlist_entry); Fix: Adding pointer check: if(!hlist_unhashed(&p_event->hlist_entry)) hlist_del_rcu(&p_event->hlist_entry); Bug: 25364034 Change-Id: Ieda6d8f4bb567827fa6c7709e9e729905c6c3882 Signed-off-by: Yuan Lin <yualin@google.com> --- kernel/events/core.c | 6 +++++- kernel/trace/trace_event_perf.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 7dd822b5e39f..69102c991fa2 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -5026,7 +5026,8 @@ static int perf_swevent_add(struct perf_event *event, int flags) static void perf_swevent_del(struct perf_event *event, int flags) { - hlist_del_rcu(&event->hlist_entry); + if(!hlist_unhashed(&event->hlist_entry)) + hlist_del_rcu(&event->hlist_entry); } static void perf_swevent_start(struct perf_event *event, int flags) @@ -6243,6 +6244,9 @@ SYSCALL_DEFINE5(perf_event_open, if (err) return err; + if (attr.constraint_duplicate || attr.__reserved_1) + return -EINVAL; + if (!attr.exclude_kernel) { if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) return -EACCES; diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c index fee3752ae8f6..a2db136faa5a 100644 --- a/kernel/trace/trace_event_perf.c +++ b/kernel/trace/trace_event_perf.c @@ -222,7 +222,10 @@ int perf_trace_add(struct perf_event *p_event, int flags) void perf_trace_del(struct perf_event *p_event, int flags) { struct ftrace_event_call *tp_event = p_event->tp_event; - hlist_del_rcu(&p_event->hlist_entry); + if(!hlist_unhashed(&p_event->hlist_entry)) + hlist_del_rcu(&p_event->hlist_entry); + else + return; tp_event->class->reg(tp_event, TRACE_REG_PERF_DEL, p_event); } -- GitLab