I don't know much about CVE-2022-1729, and I haven't been able to identify whether recent kernels are already patched against it. If not, could we get a patch rolled into gentoo-sources? Please forgive the lack of information, this is outside the realm of my expertise. Reproducible: Always
The patch is upstream as: commit 3ac6487e584a1eb54071dbe1212e05b884136704 Author: Peter Zijlstra <peterz@infradead.org> Date: Fri May 20 20:38:06 2022 +0200 perf: Fix sys_perf_event_open() race against self Norbert reported that it's possible to race sys_perf_event_open() such that the looser ends up in another context from the group leader, triggering many WARNs. The move_group case checks for races against itself, but the !move_group case doesn't, seemingly relying on the previous group_leader->ctx == ctx check. However, that check is racy due to not holding any locks at that time. Therefore, re-check the result after acquiring locks and bailing if they no longer match. Additionally, clarify the not_move_group case from the move_group-vs-move_group race. Fixes: f63a8daa5812 ("perf: Fix event->ctx locking") Reported-by: Norbert Slusarek <nslusarek@gmx.net> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> $ fix_in_what_release 3ac6487e584a1eb54071dbe1212e05b884136704 4.9.316 4.14.281 4.19.245 5.4.196 5.10.118 5.15.42 5.17.10 logs/log-5.18 dist-kernels 5.4.199, 5.10.123, and 5.15.48 are stabled, but fixed gentoo-sources are not. kernel@: please stabilize fixed kernels and cleanup
This patch is present in the following and subsequent kernel versions: 4.9.316 4.14.281 4.19.245 5.4.196 5.10.118 5.15.42 5.17.10 5.18 This is safe to close
Agreed, thanks!