new file mode 100644

@@ -0,0 +1,47 @@

+From 1572e45a924f254d9570093abde46430c3172e3d Mon Sep 17 00:00:00 2001

+From: Tan Xiaojun <tanxiaojun@huawei.com>

+Date: Thu, 23 Feb 2017 14:04:39 +0800

+Subject: [PATCH] perf/core: Fix the perf_cpu_time_max_percent check

+

+Use "proc_dointvec_minmax" instead of "proc_dointvec" to check the input

+value from user-space.

+

+If not, we can set a big value and some vars will overflow like

+"sysctl_perf_event_sample_rate" which will cause a lot of unexpected

+problems.

+

+Signed-off-by: Tan Xiaojun <tanxiaojun@huawei.com>

+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>

+Cc: <acme@kernel.org>

+Cc: <alexander.shishkin@linux.intel.com>

+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>

+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>

+Cc: Jiri Olsa <jolsa@redhat.com>

+Cc: Linus Torvalds <torvalds@linux-foundation.org>

+Cc: Peter Zijlstra <peterz@infradead.org>

+Cc: Stephane Eranian <eranian@google.com>

+Cc: Thomas Gleixner <tglx@linutronix.de>

+Cc: Vince Weaver <vincent.weaver@maine.edu>

+Link: http://lkml.kernel.org/r/1487829879-56237-1-git-send-email-tanxiaojun@huawei.com

+Signed-off-by: Ingo Molnar <mingo@kernel.org>

+Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu>

+---

+ kernel/events/core.c | 2 +-

+ 1 file changed, 1 insertion(+), 1 deletion(-)

+

+diff --git a/kernel/events/core.c b/kernel/events/core.c

+index 6aeb0ef..92d1f12 100644

+--- a/kernel/events/core.c

+@@ -229,7 +229,7 @@ int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,

+ 				void __user *buffer, size_t *lenp,

+ 				loff_t *ppos)

+ {

+-	int ret = proc_dointvec(table, write, buffer, lenp, ppos);

++	int ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);

+ 

+ 	if (ret || !write)

+ 		return ret;

+-- 

+2.7.4

+

@@ -2,7 +2,7 @@

 Summary:       Kernel

 Name:          linux-esx

 Version:       4.4.130

-Release:       1%{?dist}

+Release:       2%{?dist}

 License:       GPLv2

 URL:           http://www.kernel.org/

 Group:         System Environment/Kernel

@@ -40,6 +40,9 @@ Patch26:       init-do_mounts-recreate-dev-root.patch

 # Fixes for CVE-2018-1000026

 Patch27:       0001-net-create-skb_gso_validate_mac_len.patch

 Patch28:       0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch

+# Fix for CVE-2017-18255

+Patch29:       0001-perf-core-Fix-the-perf_cpu_time_max_percent-check.patch

+

 # For Spectre

 Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch

 Patch55: 0144-uvcvideo-prevent-speculative-execution.patch

@@ -119,6 +122,7 @@ The Linux package contains the Linux kernel doc files

 %patch26 -p1

 %patch27 -p1

 %patch28 -p1

+%patch29 -p1

 %patch52 -p1

 %patch55 -p1

@@ -222,6 +226,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.130-2

+-   Fix CVE-2017-18255.

 *   Mon Apr 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.130-1

 -   Update to version 4.4.130 and fix CVE-2018-1000026.

 *   Thu Apr 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-2

deleted file mode 100644

@@ -1,71 +0,0 @@

-Summary:      This package contains the 'perf' performance analysis tools for Linux kernel 

-Name:         linux-tools

-Version:      4.4.64

-Release:      1%{?dist}

-License:      GPLv2

-URL:          http://www.kernel.org/

-Group:        System/Tools

-Vendor:       VMware, Inc.

-Distribution: Photon

-Source0:      http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=4554451ee0b50e55674795f5d760fdbc72df7bf3

-Patch0:		  perf-top-sigsegv-fix.patch

-Requires:         filesystem kmod coreutils binutils

-

-%description

-This package contains the 'perf' performance analysis tools for Linux kernel. 

-

-%prep

-%setup -q -n linux-%{version}

-%patch0 -p1

-

-%build

-make -C tools perf

-

-%install

-# disable (JOBS=1) parallel build to fix this issue:

-# fixdep: error opening depfile: ./.plugin_cfg80211.o.d: No such file or directory

-# Linux version that was affected is 4.4.26

-make -C tools JOBS=1 DESTDIR=%{buildroot} prefix=%{_prefix} perf_install

-mv %{buildroot}/usr/lib64 %{buildroot}%{_libdir}

-

-%files

-%defattr(-,root,root)

-/usr/libexec

-%exclude %{_libdir}/debug

-%{_libdir}/traceevent

-%{_bindir}

-/etc/bash_completion.d/* 

-

-%changelog

-*   Thu Apr 27 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.64-1

--   Update version

-*   Mon Apr 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.60-1

--   Update to linux-4.4.60

-*   Wed Mar 15 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.54-1

--   Update to linux-4.4.54

-*   Thu Feb 23 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.51-1

--   Update to linux-4.4.51

-*   Mon Jan 9 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.41-1

--   Update to linux-4.4.41

-*   Mon Nov 28 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.35-1

--   Update to linux-4.4.35

-*   Thu Nov 10 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.31-1

--   Update to linux-4.4.31

-*   Fri Oct 28 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.26-2

--   Disable parallel build for the perf_install.

-*   Mon Oct 24 2016 Anish Swaminathan <anishs@vmware.com> 4.4.26-1

--   Update to linux-4.4.26

-*   Wed Sep  7 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.20-1

--   Update to linux-4.4.20

-*   Mon Jun 20 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.4.8-3

--   Added patch to fix perf top segmentation fault. 

-*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.4.8-2

--   GA - Bump release of all rpms

-*   Thu Apr 28 2016 Alexey Makhalov <amakhalov@vmware.com> 4.4.8-1

--   Update to linux-4.4.8

-*   Wed Jan 13 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-2

--   Fix for new perl

-*   Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 3.13.3-1

--   Initial build. First version

-

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux

 Version:    	4.4.130

-Release:        1%{?kat_build:.%kat_build}%{?dist}

+Release:        2%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

@@ -39,6 +39,9 @@ Patch18:        0002-allow-also-ecb-cipher_null.patch

 # Fixes for CVE-2018-1000026

 Patch19:        0001-net-create-skb_gso_validate_mac_len.patch

 Patch20:        0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch

+# Fix for CVE-2017-18255

+Patch21:        0001-perf-core-Fix-the-perf_cpu_time_max_percent-check.patch

+

 # For Spectre

 Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch

 Patch55: 0144-uvcvideo-prevent-speculative-execution.patch

@@ -149,6 +152,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch18 -p1

 %patch19 -p1

 %patch20 -p1

+%patch21 -p1

 %patch52 -p1

 %patch55 -p1

@@ -320,6 +324,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/perf-core

 %changelog

+*   Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.130-2

+-   Fix CVE-2017-18255.

 *   Mon Apr 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.130-1

 -   Update to version 4.4.130 and fix CVE-2018-1000026.

 *   Thu Apr 19 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.124-2