From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 26 Nov 2013 16:06:33 +0000 (-0800)
Subject: 3.12-stable patches
X-Git-Tag: v3.11.10~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aaf37f8afae2dfab8d3ff3d18ea8da0033f0c5af;p=thirdparty%2Fkernel%2Fstable-queue.git

3.12-stable patches

added patches:
	perf-ftrace-fix-paranoid-level-for-enabling-function-tracer.patch
---

diff --git a/queue-3.12/perf-ftrace-fix-paranoid-level-for-enabling-function-tracer.patch b/queue-3.12/perf-ftrace-fix-paranoid-level-for-enabling-function-tracer.patch
new file mode 100644
index 00000000000..afc8b3bee85
--- /dev/null
+++ b/queue-3.12/perf-ftrace-fix-paranoid-level-for-enabling-function-tracer.patch
@@ -0,0 +1,46 @@
+From 12ae030d54ef250706da5642fc7697cc60ad0df7 Mon Sep 17 00:00:00 2001
+From: Steven Rostedt <rostedt@goodmis.org>
+Date: Tue, 5 Nov 2013 12:51:11 -0500
+Subject: perf/ftrace: Fix paranoid level for enabling function tracer
+
+From: Steven Rostedt <rostedt@goodmis.org>
+
+commit 12ae030d54ef250706da5642fc7697cc60ad0df7 upstream.
+
+The current default perf paranoid level is "1" which has
+"perf_paranoid_kernel()" return false, and giving any operations that
+use it, access to normal users. Unfortunately, this includes function
+tracing and normal users should not be allowed to enable function
+tracing by default.
+
+The proper level is defined at "-1" (full perf access), which
+"perf_paranoid_tracepoint_raw()" will only give access to. Use that
+check instead for enabling function tracing.
+
+Reported-by: Dave Jones <davej@redhat.com>
+Reported-by: Vince Weaver <vincent.weaver@maine.edu>
+Tested-by: Vince Weaver <vincent.weaver@maine.edu>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Frederic Weisbecker <fweisbec@gmail.com>
+CVE: CVE-2013-2930
+Fixes: ced39002f5ea ("ftrace, perf: Add support to use function tracepoint in perf")
+Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_event_perf.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/trace/trace_event_perf.c
++++ b/kernel/trace/trace_event_perf.c
+@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct
+ {
+ 	/* The ftrace function trace is allowed only for root. */
+ 	if (ftrace_event_is_function(tp_event) &&
+-	    perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
++	    perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
+ 		return -EPERM;
+ 
+ 	/* No tracing, just counting, so no obvious leak */
diff --git a/queue-3.12/series b/queue-3.12/series
index e0c1d593e68..36d06f5722d 100644
--- a/queue-3.12/series
+++ b/queue-3.12/series
@@ -17,3 +17,4 @@ drm-nvc0-gr-fix-a-number-of-missing-explicit-array-terminators.patch
 thinkpad_acpi-fix-build-error-when-config_snd_max_cards-32.patch
 arm-omap2-hwmod-check-for-module-address-space-during-init.patch
 sched-idle-fix-the-idle-polling-state-logic.patch
+perf-ftrace-fix-paranoid-level-for-enabling-function-tracer.patch