perf: don't leave group_entry on sibling list(use-after-free)
authorJohn Dias <joaodias@google.com>
Mon, 16 Jan 2017 08:22:04 +0000 (13:22 +0530)
committerManish Tuteja <mtuteja@nvidia.com>
Wed, 1 Mar 2017 00:36:31 +0000 (16:36 -0800)
commit6d855fdafe71e5e7f4c020e7219bb1695016af8b
tree9c35613a65269bd84795ab5ca8224bad250834a7
parent46983c073e6b1b8b703968c40f96c776d5c33d61
perf: don't leave group_entry on sibling list(use-after-free)

When perf_group_detach is called on a group leader,
it should empty its sibling list. Otherwise, when
a sibling is later deallocated, list_del_event()
removes the sibling's group_entry from its current
list, which can be the now-deallocated group leader's
sibling list (use-after-free bug).

Bug: 32402548

CVE-2017-0403 (A-32402548)
Bug 1849492

Change-Id: I99f6bc97c8518df1cb0035814368012ba72ab1f1
Signed-off-by: John Dias <joaodias@google.com>
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1285800
(cherry picked from commit a5dc2d079ba88bba5dc78484d4820842af65d656)
Reviewed-on: http://git-master/r/1299508
(cherry picked from commit 8dae5d362123d37d29552b5a9ed89c7dbfe3dd55)
Reviewed-on: http://git-master/r/1311419
GVS: Gerrit_Virtual_Submit
Reviewed-by: Vinayak Pane <vpane@nvidia.com>
kernel/events/core.c