On Mon, Jul 07, 2014 at 07:00:40PM +0200, Jiri Olsa wrote:
> diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
> index 5d12bb4..b44184b 100644
> --- a/kernel/trace/trace_event_perf.c
> +++ b/kernel/trace/trace_event_perf.c
> @@ -24,6 +24,9 @@ static int total_ref_count;
> static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
> struct perf_event *p_event)
> {
> + struct task_struct owner = p_event->parent ? p_event->parent->owner :
> + p_event->owner;
> +
> if (tp_event->perf_perm) {
> int ret = tp_event->perf_perm(tp_event, p_event);
> if (ret)
> @@ -32,7 +35,7 @@ static int perf_trace_event_perm(struct ftrace_event_call
> *tp_event,
>
> /* The ftrace function trace is allowed only for root. */
> if (ftrace_event_is_function(tp_event)) {
> - if (perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
> + if (perf_paranoid_tracepoint_raw() && !has_capability(owner,
> CAP_SYS_ADMIN))
> return -EPERM;
>
> /*
> @@ -65,7 +68,7 @@ static int perf_trace_event_perm(struct ftrace_event_call
> *tp_event,
> * ...otherwise raw tracepoint data can be a severe data leak,
> * only allow root to have these.
> */
> - if (perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
> + if (perf_paranoid_tracepoint_raw() && !has_capability(owner,
> CAP_SYS_ADMIN))
> return -EPERM;
>
> return 0;You need to either hold rcu_read_lock() or otherwise ensure the owner is still valid.
pgptkUFveaXFf.pgp
Description: PGP signature
