msm: null pointer dereferencing
Prevent unintended kernel NULL pointer dereferencing.
Orignal code:
hlist_del_rcu(&event->hlist_entry);
Fix: Adding pointer check:
if(!hlist_unhashed(&p_event->hlist_entry))
hlist_del_rcu(&p_event->hlist_entry);
Bug: 25364034
Change-Id: Ieda6d8f4bb567827fa6c7709e9e729905c6c3882
Signed-off-by: Yuan Lin <yualin@google.com>
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 7dd822b..69102c9 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5026,7 +5026,8 @@
static void perf_swevent_del(struct perf_event *event, int flags)
{
- hlist_del_rcu(&event->hlist_entry);
+ if(!hlist_unhashed(&event->hlist_entry))
+ hlist_del_rcu(&event->hlist_entry);
}
static void perf_swevent_start(struct perf_event *event, int flags)
@@ -6243,6 +6244,9 @@
if (err)
return err;
+ if (attr.constraint_duplicate || attr.__reserved_1)
+ return -EINVAL;
+
if (!attr.exclude_kernel) {
if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
return -EACCES;
diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
index fee3752..a2db136 100644
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -222,7 +222,10 @@
void perf_trace_del(struct perf_event *p_event, int flags)
{
struct ftrace_event_call *tp_event = p_event->tp_event;
- hlist_del_rcu(&p_event->hlist_entry);
+ if(!hlist_unhashed(&p_event->hlist_entry))
+ hlist_del_rcu(&p_event->hlist_entry);
+ else
+ return;
tp_event->class->reg(tp_event, TRACE_REG_PERF_DEL, p_event);
}
