On Thu, 18 Apr 2013, Peter Zijlstra wrote: > On Mon, 2013-04-15 at 03:42 -0700, tip-bot for Tommi Rantala wrote: > > Commit-ID: 8176cced706b5e5d15887584150764894e94e02f > > Gitweb: > > http://git.kernel.org/tip/8176cced706b5e5d15887584150764894e94e02f > > Author: Tommi Rantala <tt.rant...@gmail.com> > > AuthorDate: Sat, 13 Apr 2013 22:49:14 +0300 > > Committer: Ingo Molnar <mi...@kernel.org> > > CommitDate: Mon, 15 Apr 2013 11:42:12 +0200 > > > > perf: Treat attr.config as u64 in perf_swevent_init() > > > > Trinity discovered that we fail to check all 64 bits of > > attr.config passed by user space, resulting to out-of-bounds > > access of the perf_swevent_enabled array in > > sw_perf_event_destroy(). > > Gah, I so missed we could hide bits in the top word and then use them > in _destroy(). > > The alternative is of course to also truncate to int in _destroy(), but > yes keeping the natural size seems the best alternative.
has this been marked for stable now that it's in 3.9-rc8? It's trivial to oops/lock the kernel with a few line program and the problem has been around a while. Vince -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
