msm: null pointer dereferencing

Prevent unintended kernel NULL pointer dereferencing. Orignal code: hlist_del_rcu(&event->hlist_entry); Fix: Adding pointer check: if(!hlist_unhashed(&p_event->hlist_entry)) hlist_del_rcu(&p_event->hlist_entry); Bug: 25364034 Change-Id: Ieda6d8f4bb567827fa6c7709e9e729905c6c3882 Signed-off-by: Yuan Lin <yualin@google.com>
author: Wish Wu <wishwu007@gmail.com> 2016-01-15 20:03:14 -0500
committer: Moyster <oysterized@gmail.com> 2016-11-17 12:11:48 +0100
commit: 7db68b2c5dec2ad770e578bc279e73166e1b08e0 (patch)
tree: dc24c4b937a92e50104206005c3e0ef22d62044c /kernel/events/core.c
parent: c2a4997edc1f542afd832128f03d77b562cc2485 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/kernel/events/core.c b/kernel/events/core.c
index b7045ba1f..94936639e 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5457,7 +5457,8 @@ static int perf_swevent_add(struct perf_event *event, int flags)
 
 static void perf_swevent_del(struct perf_event *event, int flags)
 {
-	hlist_del_rcu(&event->hlist_entry);
+	if(!hlist_unhashed(&event->hlist_entry))
+		hlist_del_rcu(&event->hlist_entry);
 }
 
 static void perf_swevent_start(struct perf_event *event, int flags)
@@ -6737,6 +6738,9 @@ SYSCALL_DEFINE5(perf_event_open,
 	if (err)
 		return err;
 
+	if (attr.__reserved_1)
+		return -EINVAL;
+
 	if (!attr.exclude_kernel) {
 		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
 			return -EACCES;
author	Wish Wu <wishwu007@gmail.com>	2016-01-15 20:03:14 -0500
committer	Moyster <oysterized@gmail.com>	2016-11-17 12:11:48 +0100
commit	7db68b2c5dec2ad770e578bc279e73166e1b08e0 (patch)
tree	dc24c4b937a92e50104206005c3e0ef22d62044c /kernel/events/core.c
parent	c2a4997edc1f542afd832128f03d77b562cc2485 (diff)