diff options
Diffstat (limited to 'recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch')
-rw-r--r-- | recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch b/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch new file mode 100644 index 0000000..1fbad06 --- /dev/null +++ b/recipes-kernel/linux/files/fix_for_CVE-2013-2094.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001 | ||
2 | From: Tommi Rantala <tt.rantala@gmail.com> | ||
3 | Date: Sat, 13 Apr 2013 19:49:14 +0000 | ||
4 | Subject: perf: Treat attr.config as u64 in perf_swevent_init() | ||
5 | |||
6 | Trinity discovered that we fail to check all 64 bits of | ||
7 | attr.config passed by user space, resulting to out-of-bounds | ||
8 | access of the perf_swevent_enabled array in | ||
9 | sw_perf_event_destroy(). | ||
10 | |||
11 | Introduced in commit b0a873ebb ("perf: Register PMU | ||
12 | implementations"). | ||
13 | |||
14 | Signed-off-by: Tommi Rantala <tt.rantala@gmail.com> | ||
15 | Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> | ||
16 | Cc: davej@redhat.com | ||
17 | Cc: Paul Mackerras <paulus@samba.org> | ||
18 | Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> | ||
19 | Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com | ||
20 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | ||
21 | --- | ||
22 | diff --git a/kernel/events/core.c b/kernel/events/core.c | ||
23 | index 7e0962e..4d3124b 100644 | ||
24 | --- a/kernel/events/core.c | ||
25 | +++ b/kernel/events/core.c | ||
26 | @@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event) | ||
27 | |||
28 | static int perf_swevent_init(struct perf_event *event) | ||
29 | { | ||
30 | - int event_id = event->attr.config; | ||
31 | + u64 event_id = event->attr.config; | ||
32 | |||
33 | if (event->attr.type != PERF_TYPE_SOFTWARE) | ||
34 | return -ENOENT; | ||
35 | -- | ||
36 | cgit v0.9.1 | ||