MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
880e4ff5d6
linux-yocto/kernel
History
Thomas Gleixner e529888b7e perf/core: Prevent VMA split of buffer mappings 
commit b024d7b56c upstream.

The perf mmap code is careful about mmap()'ing the user page with the
ringbuffer and additionally the auxiliary buffer, when the event supports
it. Once the first mapping is established, subsequent mapping have to use
the same offset and the same size in both cases. The reference counting for
the ringbuffer and the auxiliary buffer depends on this being correct.

Though perf does not prevent that a related mapping is split via mmap(2),
munmap(2) or mremap(2). A split of a VMA results in perf_mmap_open() calls,
which take reference counts, but then the subsequent perf_mmap_close()
calls are not longer fulfilling the offset and size checks. This leads to
reference count leaks.

As perf already has the requirement for subsequent mappings to match the
initial mapping, the obvious consequence is that VMA splits, caused by
resizing of a mapping or partial unmapping, have to be prevented.

Implement the vm_operations_struct::may_split() callback and return
unconditionally -EINVAL.

That ensures that the mapping offsets and sizes cannot be changed after the
fact. Remapping to a different fixed address with the same size is still
possible as it takes the references for the new mapping and drops those of
the old mapping.

Fixes: 45bfb2e504 ("perf/core: Add AUX area to ring buffer for raw data streams")
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-27504
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-15 12:14:09 +02:00
..
bpf bpf/preload: Don't select USERMODE_DRIVER 2025-08-15 12:13:48 +02:00
cgroup Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" 2025-07-24 08:56:35 +02:00
configs tinyconfig: remove unnecessary 'is not set' for choice blocks 2024-09-01 20:34:38 +09:00
debug move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
dma dma-mapping: Fix warning reported for missing prototype 2025-05-29 11:01:59 +02:00
entry treewide: context_tracking: Rename CONTEXT_* into CT_STATE_* 2024-07-29 07:33:10 +05:30
events perf/core: Prevent VMA split of buffer mappings 2025-08-15 12:14:09 +02:00
futex futex: Pass in task to futex_queue() 2025-03-22 12:54:14 -07:00
gcov gcov: add support for GCC 14 2024-06-15 10:43:06 -07:00
irq genirq/irq_sim: Initialize work context pointers properly 2025-07-10 16:05:07 +02:00
kcsan kcsan: test: Initialize dummy variable 2025-08-15 12:13:46 +02:00
livepatch livepatch: Replace snprintf() with sysfs_emit() 2024-07-02 16:56:18 +02:00
locking locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() 2025-04-20 10:15:45 +02:00
module audit,module: restore audit logging in load failure case 2025-08-15 12:13:31 +02:00
power PM: sleep: Print PM debug messages during hibernation 2025-06-19 15:31:32 +02:00
printk printk: Check CON_SUSPEND when unblanking a console 2025-05-29 11:02:22 +02:00
rcu rcu: Fix delayed execution of hurry callbacks 2025-08-15 12:13:44 +02:00
sched sched/psi: Fix psi_seq initialization 2025-08-15 12:14:03 +02:00
time timekeeping: Zero initialize system_counterval when querying time from phc drivers 2025-08-01 09:48:42 +01:00
trace kernel: trace: preemptirq_delay_test: use offstack cpu mask 2025-08-15 12:13:53 +02:00
.gitignore
acct.c acct: block access to kernel internal filesystems 2025-02-27 04:30:23 -08:00
async.c
audit_fsnotify.c
audit_tree.c fsnotify: create a wrapper fsnotify_find_inode_mark() 2024-04-04 16:24:16 +02:00
audit_watch.c fsnotify: create a wrapper fsnotify_find_inode_mark() 2024-04-04 16:24:16 +02:00
audit.c audit: Make use of str_enabled_disabled() helper 2024-09-03 16:35:16 -04:00
audit.h audit,module: restore audit logging in load failure case 2025-08-15 12:13:31 +02:00
auditfilter.c audit: use task_tgid_nr() instead of task_pid_nr() 2024-08-28 16:48:28 -04:00
auditsc.c audit,module: restore audit logging in load failure case 2025-08-15 12:13:31 +02:00
backtracetest.c backtracetest: add MODULE_DESCRIPTION() 2024-06-24 22:24:55 -07:00
bounds.c bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS 2024-04-29 08:29:29 -07:00
capability.c
cfi.c
compat.c
configs.c
context_tracking.c context_tracking, rcu: Rename rcu_dyntick trace event into rcu_watching 2024-08-15 21:30:43 +05:30
cpu_pm.c
cpu.c watchdog/hardlockup/perf: Fix perf_event memory leak 2025-04-10 14:39:11 +02:00
crash_core.c Document/kexec: generalize crash hotplug description 2024-09-01 20:43:37 -07:00
crash_reserve.c crash: fix crash memory reserve exceed system memory bug 2024-09-01 20:43:30 -07:00
cred.c
delayacct.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
dma.c
elfcorehdr.c
exec_domain.c
exit.c perf: Fix sample vs do_exit() 2025-06-27 11:11:45 +01:00
exit.h
extable.c
fail_function.c
fork.c kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() 2025-05-29 11:03:14 +02:00
freezer.c sched,freezer: Remove unnecessary warning in __thaw_task 2025-07-24 08:56:37 +02:00
gen_kheaders.sh kheaders: Ignore silly-rename files 2025-01-23 17:22:55 +01:00
groups.c
hung_task.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
iomem.c
irq_work.c
jump_label.c jump_label: Fix static_key_slow_dec() yet again 2024-09-10 11:57:27 +02:00
kallsyms_internal.h kallsyms: get rid of code for absolute kallsyms 2024-07-20 16:33:21 +09:00
kallsyms_selftest.c kallsyms: Match symbols exactly with CONFIG_LTO_CLANG 2024-08-15 09:33:35 -07:00
kallsyms_selftest.h
kallsyms.c kallsyms: Match symbols exactly with CONFIG_LTO_CLANG 2024-08-15 09:33:35 -07:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.kexec crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32 2024-11-14 22:43:48 -08:00
Kconfig.locks
Kconfig.preempt sched_ext: Build fix on !CONFIG_STACKTRACE[_SUPPORT] 2024-08-01 07:08:01 -10:00
kcov.c kcov: mark in_softirq_really() as __always_inline 2025-01-09 13:33:49 +01:00
kexec_core.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
kexec_elf.c kexec: initialize ELF lowest address to ULONG_MAX 2025-04-10 14:39:24 +02:00
kexec_file.c kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y 2024-09-01 17:59:01 -07:00
kexec_internal.h kexec: use atomic_try_cmpxchg_acquire() in kexec_trylock() 2024-09-01 20:43:23 -07:00
kexec.c crash: add a new kexec flag for hotplug support 2024-04-23 14:59:01 +10:00
kheaders.c
kprobes.c kprobes: Fix to check symbol prefixes correctly 2024-08-05 14:04:03 +09:00
ksyms_common.c
ksysfs.c profiling: remove prof_cpu_mask 2024-07-29 10:45:54 -07:00
kthread.c kthread: unpark only parked kthread 2024-10-09 12:47:19 -07:00
latencytop.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
Makefile mm: move kernel/numa.c to mm/ 2024-09-03 21:15:26 -07:00
module_signature.c
notifier.c
nsproxy.c introduce fd_file(), convert all accessors to it. 2024-08-12 22:00:43 -04:00
padata.c padata: do not leak refcount in reorder_work 2025-05-29 11:03:19 +02:00
panic.c objtool, panic: Disable SMAP in __stack_chk_fail() 2025-05-02 07:59:19 +02:00
params.c module: ensure that kobject_put() is safe for module type kobjects 2025-05-18 08:24:54 +02:00
pid_namespace.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
pid_sysctl.h sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
pid.c introduce fd_file(), convert all accessors to it. 2024-08-12 22:00:43 -04:00
profile.c profiling: remove profile=sleep support 2024-08-04 13:36:28 -07:00
ptrace.c
range.c
reboot.c Flush console log from kernel_power_off() 2025-04-20 10:15:12 +02:00
regset.c regset: use kvzalloc() for regset_get_alloc() 2024-04-25 21:07:03 -07:00
relay.c [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
resource_kunit.c resource, kunit: fix user-after-free in resource_test_region_intersects() 2024-10-09 12:47:19 -07:00
resource.c resource: fix false warning in __request_region() 2025-08-01 09:48:44 +01:00
rseq.c rseq: Fix segfault on registration when rseq_cs is non-zero 2025-07-17 18:37:24 +02:00
scftorture.c scftorture: Make torture_type static 2024-05-30 15:31:51 -07:00
scs.c
seccomp.c seccomp: passthrough uretprobe systemcall without filtering 2025-02-17 10:05:12 +01:00
signal.c pidfs: improve multi-threaded exec and premature thread-group leader exit polling 2025-05-29 11:02:09 +02:00
smp.c smp: print only local CPU info when sched_clock goes backward 2024-08-15 00:06:48 +05:30
smpboot.c
smpboot.h
softirq.c lockdep: Fix wait context check on softirq for PREEMPT_RT 2025-05-29 11:02:08 +02:00
stackleak.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
stacktrace.c
static_call_inline.c x86/static-call: provide a way to do very early static-call updates 2024-12-19 18:13:23 +01:00
static_call.c
stop_machine.c sched/core: Fix migrate_swap() vs. hotplug 2025-07-17 18:37:03 +02:00
sys_ni.c Probes updates for v6.11: 2024-07-18 12:19:20 -07:00
sys.c struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
sysctl-test.c sysctl: Add module description to sysctl-testing 2024-06-03 15:20:37 +02:00
sysctl.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
task_work.c sched/core: Disable page allocation in task_tick_mm_cid() 2024-10-11 10:49:32 +02:00
taskstats.c introduce fd_file(), convert all accessors to it. 2024-08-12 22:00:43 -04:00
torture.c torture: Add MODULE_DESCRIPTION() 2024-05-30 15:31:38 -07:00
tracepoint.c tracepoint: Support iterating tracepoints in a loading module 2024-09-25 23:23:44 +09:00
tsacct.c tsacct: replace strncpy() with strscpy() 2024-07-12 16:39:53 -07:00
ucount.c ucount: fix atomic_long_inc_below() argument type 2025-08-15 12:13:59 +02:00
uid16.c
uid16.h
umh.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
up.c
user_namespace.c user_namespace: use kmemdup_array() instead of kmemdup() for multiple allocation 2024-09-09 16:47:42 -07:00
user-return-notifier.c
user.c uidgid: make sure we fit into one cacheline 2024-09-12 12:16:09 +02:00
usermode_driver.c
utsname_sysctl.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
utsname.c
vhost_task.c vhost_task: fix vhost_task_create() documentation 2025-05-29 11:01:59 +02:00
vmcore_info.c mm: support only one page_type per page 2024-09-03 21:15:43 -07:00
watch_queue.c watch_queue: fix pipe accounting mismatch 2025-04-10 14:39:10 +02:00
watchdog_buddy.c
watchdog_perf.c watchdog/hardlockup/perf: Fix perf_event memory leak 2025-04-10 14:39:11 +02:00
watchdog.c watchdog: fix watchdog may detect false positive of softlockup 2025-06-27 11:11:22 +01:00
workqueue_internal.h
workqueue.c workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() 2025-06-27 11:11:42 +01:00