--- /dev/null
+From 12ae030d54ef250706da5642fc7697cc60ad0df7 Mon Sep 17 00:00:00 2001
+From: Steven Rostedt <rostedt@goodmis.org>
+Date: Tue, 5 Nov 2013 12:51:11 -0500
+Subject: perf/ftrace: Fix paranoid level for enabling function tracer
+
+From: Steven Rostedt <rostedt@goodmis.org>
+
+commit 12ae030d54ef250706da5642fc7697cc60ad0df7 upstream.
+
+The current default perf paranoid level is "1" which has
+"perf_paranoid_kernel()" return false, and giving any operations that
+use it, access to normal users. Unfortunately, this includes function
+tracing and normal users should not be allowed to enable function
+tracing by default.
+
+The proper level is defined at "-1" (full perf access), which
+"perf_paranoid_tracepoint_raw()" will only give access to. Use that
+check instead for enabling function tracing.
+
+Reported-by: Dave Jones <davej@redhat.com>
+Reported-by: Vince Weaver <vincent.weaver@maine.edu>
+Tested-by: Vince Weaver <vincent.weaver@maine.edu>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Frederic Weisbecker <fweisbec@gmail.com>
+CVE: CVE-2013-2930
+Fixes: ced39002f5ea ("ftrace, perf: Add support to use function tracepoint in perf")
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_event_perf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/trace/trace_event_perf.c
++++ b/kernel/trace/trace_event_perf.c
+@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct
+ {
+ /* The ftrace function trace is allowed only for root. */
+ if (ftrace_event_is_function(tp_event) &&
+- perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
++ perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ /* No tracing, just counting, so no obvious leak */
projects / thirdparty / kernel / stable-queue.git / commitdiff
