1 files changed, 36 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch b/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch
new file mode 100644
index 0000000..1fbad06
--- /dev/null
+++ b/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch
@@ -0,0 +1,36 @@
+From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tt.rantala@gmail.com>
+Date: Sat, 13 Apr 2013 19:49:14 +0000
+Subject: perf: Treat attr.config as u64 in perf_swevent_init()
+Trinity discovered that we fail to check all 64 bits of
+attr.config passed by user space, resulting to out-of-bounds
+access of the perf_swevent_enabled array in
+sw_perf_event_destroy().
+Introduced in commit b0a873ebb ("perf: Register PMU
+implementations").
+Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
+Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Cc: davej@redhat.com
+Cc: Paul Mackerras <paulus@samba.org>
+Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
+Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+---
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 7e0962e..4d3124b 100644
+--- a/kernel/events/core.c
+++ b/kernel/events/core.c
+@@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+ 
+ static int perf_swevent_init(struct perf_event *event)
+ {
+-       int event_id = event->attr.config;
+       u64 event_id = event->attr.config;
+ 
+        if (event->attr.type != PERF_TYPE_SOFTWARE)
+                return -ENOENT;
+--
+cgit v0.9.1

diff --git a/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch b/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch new file mode 100644 index 0000000..1fbad06 --- /dev/null +++ b/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch
@@ -0,0 +1,36 @@
	1	From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001
	2	From: Tommi Rantala <tt.rantala@gmail.com>
	3	Date: Sat, 13 Apr 2013 19:49:14 +0000
	4	Subject: perf: Treat attr.config as u64 in perf_swevent_init()
	5
	6	Trinity discovered that we fail to check all 64 bits of
	7	attr.config passed by user space, resulting to out-of-bounds
	8	access of the perf_swevent_enabled array in
	9	sw_perf_event_destroy().
	10
	11	Introduced in commit b0a873ebb ("perf: Register PMU
	12	implementations").
	13
	14	Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
	15	Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
	16	Cc: davej@redhat.com
	17	Cc: Paul Mackerras <paulus@samba.org>
	18	Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
	19	Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
	20	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	21	---
	22	diff --git a/kernel/events/core.c b/kernel/events/core.c
	23	index 7e0962e..4d3124b 100644
	24	--- a/kernel/events/core.c
	25	+++ b/kernel/events/core.c
	26	@@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
	27
	28	static int perf_swevent_init(struct perf_event *event)
	29	{
	30	- int event_id = event->attr.config;
	31	+ u64 event_id = event->attr.config;
	32
	33	if (event->attr.type != PERF_TYPE_SOFTWARE)
	34	return -ENOENT;
	35	--
	36	cgit v0.9.1