Commit b11f5fc7 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/linux-grsec: security fix for CVE-2013-2094

fixes #1862
parent 622b89d2
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.0.24
_kernver=3.0
pkgrel=0
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -24,6 +24,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch
net-flow-remove-sleeping-and-deferral-mechanism-from-flow_cache_flush.patch
tcp-fix-syncookie-regression.patch
CVE-2013-2094.patch
kernelconfig.x86
kernelconfig.x86_64
......@@ -153,5 +154,6 @@ f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch
62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch
b25335e8fcbf8c969230d55ac4e75cf8 net-flow-remove-sleeping-and-deferral-mechanism-from-flow_cache_flush.patch
2e1e492addb3addf92bd4a0f4b6c602a tcp-fix-syncookie-regression.patch
cfc7b3d39f8a16bfa0a584ca7c38fc17 CVE-2013-2094.patch
587b1fb2f6a5c9ba714900b856f57f09 kernelconfig.x86
99836ffe918bbdef7da1a56a3d075c7a kernelconfig.x86_64"
From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001
From: Tommi Rantala <tt.rantala@gmail.com>
Date: Sat, 13 Apr 2013 19:49:14 +0000
Subject: perf: Treat attr.config as u64 in perf_swevent_init()
Trinity discovered that we fail to check all 64 bits of
attr.config passed by user space, resulting to out-of-bounds
access of the perf_swevent_enabled array in
sw_perf_event_destroy().
Introduced in commit b0a873ebb ("perf: Register PMU
implementations").
Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: davej@redhat.com
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 7e0962e..4d3124b 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
static int perf_swevent_init(struct perf_event *event)
{
- int event_id = event->attr.config;
+ u64 event_id = event->attr.config;
if (event->attr.type != PERF_TYPE_SOFTWARE)
return -ENOENT;
--
cgit v0.9.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment