no error on invalid flag value

Severity

Just a correctness issue.

Found by

perf_fuzzer (noticed when tracking another problem)

First Seen

3.15-rc1

Reproducible

yes

Found On

Haswell

Fixed by

Linux 3.16 643fd0b9f5dc40fedbfbb908ebe6f1169284f7d8 perf: Fix perf_event_open(.flags) test

Linux-kernel Mailing List Report

22 April 2014 -- [perf] yet another 32/64-bit range check failure

Analysis

We check if flags is valid like this: 
        /* for future expandability... */
        if (flags & ~PERF_FLAG_ALL)
                return -EINVAL;
but flags is a 64-bit value but ~PERF_FLAG_ALL is 32-bit.

This means values like 0x800000000000ULL are treated as valid even though they aren't.
Back to perf_fuzzer bugs found