Change-Id: I3d84292d10a892a73a967b974a03ae3cb7f680da
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5112
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,47 @@ |
0 |
+From 1572e45a924f254d9570093abde46430c3172e3d Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Tan Xiaojun <tanxiaojun@huawei.com> |
|
2 |
+Date: Thu, 23 Feb 2017 14:04:39 +0800 |
|
3 |
+Subject: [PATCH] perf/core: Fix the perf_cpu_time_max_percent check |
|
4 |
+ |
|
5 |
+Use "proc_dointvec_minmax" instead of "proc_dointvec" to check the input |
|
6 |
+value from user-space. |
|
7 |
+ |
|
8 |
+If not, we can set a big value and some vars will overflow like |
|
9 |
+"sysctl_perf_event_sample_rate" which will cause a lot of unexpected |
|
10 |
+problems. |
|
11 |
+ |
|
12 |
+Signed-off-by: Tan Xiaojun <tanxiaojun@huawei.com> |
|
13 |
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> |
|
14 |
+Cc: <acme@kernel.org> |
|
15 |
+Cc: <alexander.shishkin@linux.intel.com> |
|
16 |
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> |
|
17 |
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com> |
|
18 |
+Cc: Jiri Olsa <jolsa@redhat.com> |
|
19 |
+Cc: Linus Torvalds <torvalds@linux-foundation.org> |
|
20 |
+Cc: Peter Zijlstra <peterz@infradead.org> |
|
21 |
+Cc: Stephane Eranian <eranian@google.com> |
|
22 |
+Cc: Thomas Gleixner <tglx@linutronix.de> |
|
23 |
+Cc: Vince Weaver <vincent.weaver@maine.edu> |
|
24 |
+Link: http://lkml.kernel.org/r/1487829879-56237-1-git-send-email-tanxiaojun@huawei.com |
|
25 |
+Signed-off-by: Ingo Molnar <mingo@kernel.org> |
|
26 |
+Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
27 |
+--- |
|
28 |
+ kernel/events/core.c | 2 +- |
|
29 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
|
30 |
+ |
|
31 |
+diff --git a/kernel/events/core.c b/kernel/events/core.c |
|
32 |
+index b1d6b98..cbc5182 100644 |
|
33 |
+--- a/kernel/events/core.c |
|
34 |
+@@ -453,7 +453,7 @@ int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, |
|
35 |
+ void __user *buffer, size_t *lenp, |
|
36 |
+ loff_t *ppos) |
|
37 |
+ { |
|
38 |
+- int ret = proc_dointvec(table, write, buffer, lenp, ppos); |
|
39 |
++ int ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); |
|
40 |
+ |
|
41 |
+ if (ret || !write) |
|
42 |
+ return ret; |
|
43 |
+-- |
|
44 |
+2.7.4 |
|
45 |
+ |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-aws |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 3%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -49,6 +49,8 @@ Patch33: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
49 | 49 |
# Fixes for CVE-2018-1000026 |
50 | 50 |
Patch34: 0001-net-create-skb_gso_validate_mac_len.patch |
51 | 51 |
Patch35: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
52 |
+# Fix for CVE-2017-18255 |
|
53 |
+Patch36: 0001-perf-core-Fix-the-perf_cpu_time_max_percent-check.patch |
|
52 | 54 |
|
53 | 55 |
# For Spectre |
54 | 56 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
... | ... |
@@ -214,6 +216,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
214 | 214 |
%patch33 -p1 |
215 | 215 |
%patch34 -p1 |
216 | 216 |
%patch35 -p1 |
217 |
+%patch36 -p1 |
|
217 | 218 |
|
218 | 219 |
%patch52 -p1 |
219 | 220 |
%patch53 -p1 |
... | ... |
@@ -433,6 +436,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
433 | 433 |
/usr/share/doc/* |
434 | 434 |
|
435 | 435 |
%changelog |
436 |
+* Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-3 |
|
437 |
+- Fix CVE-2017-18255. |
|
436 | 438 |
* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
437 | 439 |
- Fix CVE-2018-1000026. |
438 | 440 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 2%{?dist} |
|
5 |
+Release: 3%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -46,6 +46,8 @@ Patch33: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
46 | 46 |
# Fixes for CVE-2018-1000026 |
47 | 47 |
Patch34: 0001-net-create-skb_gso_validate_mac_len.patch |
48 | 48 |
Patch35: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
49 |
+# Fix for CVE-2017-18255 |
|
50 |
+Patch36: 0001-perf-core-Fix-the-perf_cpu_time_max_percent-check.patch |
|
49 | 51 |
|
50 | 52 |
# For Spectre |
51 | 53 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
... | ... |
@@ -129,6 +131,7 @@ The Linux package contains the Linux kernel doc files |
129 | 129 |
%patch33 -p1 |
130 | 130 |
%patch34 -p1 |
131 | 131 |
%patch35 -p1 |
132 |
+%patch36 -p1 |
|
132 | 133 |
|
133 | 134 |
%patch52 -p1 |
134 | 135 |
%patch53 -p1 |
... | ... |
@@ -240,6 +243,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
240 | 240 |
/usr/src/linux-headers-%{uname_r} |
241 | 241 |
|
242 | 242 |
%changelog |
243 |
+* Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-3 |
|
244 |
+- Fix CVE-2017-18255. |
|
243 | 245 |
* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
244 | 246 |
- Fix CVE-2018-1000026. |
245 | 247 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 3%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -55,6 +55,8 @@ Patch35: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
55 | 55 |
# Fixes for CVE-2018-1000026 |
56 | 56 |
Patch36: 0001-net-create-skb_gso_validate_mac_len.patch |
57 | 57 |
Patch37: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
58 |
+# Fix for CVE-2017-18255 |
|
59 |
+Patch38: 0001-perf-core-Fix-the-perf_cpu_time_max_percent-check.patch |
|
58 | 60 |
|
59 | 61 |
# For Spectre |
60 | 62 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
... | ... |
@@ -182,6 +184,7 @@ EOF |
182 | 182 |
%patch35 -p1 |
183 | 183 |
%patch36 -p1 |
184 | 184 |
%patch37 -p1 |
185 |
+%patch38 -p1 |
|
185 | 186 |
|
186 | 187 |
# spectre |
187 | 188 |
%patch52 -p1 |
... | ... |
@@ -329,6 +332,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
329 | 329 |
/usr/src/linux-headers-%{uname_r} |
330 | 330 |
|
331 | 331 |
%changelog |
332 |
+* Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-3 |
|
333 |
+- Fix CVE-2017-18255. |
|
332 | 334 |
* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
333 | 335 |
- Fix CVE-2018-1000026. |
334 | 336 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 | 4 |
Version: 4.9.97 |
5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
5 |
+Release: 3%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -53,6 +53,8 @@ Patch33: vmxnet3-fix-incorrect-dereference-when-rxvlan-is-disabled.patch |
53 | 53 |
# Fixes for CVE-2018-1000026 |
54 | 54 |
Patch34: 0001-net-create-skb_gso_validate_mac_len.patch |
55 | 55 |
Patch35: 0002-bnx2x-disable-GSO-where-gso_size-is-too-big-for-hard.patch |
56 |
+# Fix for CVE-2017-18255 |
|
57 |
+Patch36: 0001-perf-core-Fix-the-perf_cpu_time_max_percent-check.patch |
|
56 | 58 |
|
57 | 59 |
# For Spectre |
58 | 60 |
Patch52: 0141-locking-barriers-introduce-new-observable-speculatio.patch |
... | ... |
@@ -173,6 +175,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
173 | 173 |
%patch33 -p1 |
174 | 174 |
%patch34 -p1 |
175 | 175 |
%patch35 -p1 |
176 |
+%patch36 -p1 |
|
176 | 177 |
|
177 | 178 |
%patch52 -p1 |
178 | 179 |
%patch53 -p1 |
... | ... |
@@ -355,6 +358,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
355 | 355 |
/usr/share/doc/* |
356 | 356 |
|
357 | 357 |
%changelog |
358 |
+* Wed May 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-3 |
|
359 |
+- Fix CVE-2017-18255. |
|
358 | 360 |
* Tue May 01 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.97-2 |
359 | 361 |
- Fix CVE-2018-1000026. |
360 | 362 |
* Mon Apr 30 2018 Alexey Makhalov <amakhalov@vmware.com> 4.9.97-1 |