From 0eba1f6eb46b33dc5a220cd812b4f951f1ca4360 Mon Sep 17 00:00:00 2001
From: Yang Jihong <yangjihong1@huawei.com>
Date: Sun, 24 Apr 2022 02:21:32 +0000
Subject: [PATCH] Revert "perf: Paper over the hw.target problems"

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I53VHE
CVE: NA

--------------------------------

This reverts commit 0380474221530db9147a001034794a95fb4c46c1.

This patch is used to solve race between close() and fork() of the perf.
However, this patch is not accepted by the community. As a result,
destory interface is incorrectly invoked during the perf_remove_from_context,
causing UAF, see https://lkml.org/lkml/2019/6/28/856.

For 4.19 kernel, he final fix patch has been incorporated, see eb41044bbece4.
Therefore, need to revert the patch.

Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Reviewed-by: Kuohai Xu <xukuohai@huawei.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
---
 kernel/events/core.c | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index deba52307349..8dc07a529e6d 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -2135,28 +2135,6 @@ static void perf_remove_from_context(struct perf_event *event, unsigned long fla
 
 	event_function_call(event, __perf_remove_from_context, (void *)flags);
 
-	/*
-	 * This is as passable as any hw.target handling out there;
-	 * hw.target implies task context, therefore, no migration.
-	 * Which together with DETACH_GROUP means that this is the
-	 * final remove_from_context of a task event.
-	 */
-	if (event->hw.target && (flags & DETACH_GROUP)) {
-		/*
-		 * Now, the problem with, say uprobes, is that they
-		 * use hw.target for context in their ->destroy()
-		 * callbacks. Supposedly, they may need to poke at
-		 * its contents, so better call it while we still
-		 * have the task.
-		 */
-		if (event->destroy) {
-			event->destroy(event);
-			event->destroy = NULL;
-		}
-		put_task_struct(event->hw.target);
-		event->hw.target = NULL;
-	}
-
 	/*
 	 * The above event_function_call() can NO-OP when it hits
 	 * TASK_TOMBSTONE. In that case we must already have been detached
-- 
GitLab