1 files changed, 0 insertions, 46 deletions

diff --git a/aio-fix-kernel-memory-disclosure-in-io_getevents-int.patch b/aio-fix-kernel-memory-disclosure-in-io_getevents-int.patch
deleted file mode 100644
index 831a6a85f..000000000
--- a/aio-fix-kernel-memory-disclosure-in-io_getevents-int.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Bugzilla: 1112975
-Upstream-status: 3.16 and CC'd to stable
-
-From edfbbf388f293d70bf4b7c0bc38774d05e6f711a Mon Sep 17 00:00:00 2001
-From: Benjamin LaHaise <bcrl@kvack.org>
-Date: Tue, 24 Jun 2014 13:32:51 -0400
-Subject: [PATCH] aio: fix kernel memory disclosure in io_getevents()
- introduced in v3.10
-
-A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10
-by commit a31ad380bed817aa25f8830ad23e1a0480fef797.  The changes made to
-aio_read_events_ring() failed to correctly limit the index into
-ctx->ring_pages[], allowing an attacked to cause the subsequent kmap() of
-an arbitrary page with a copy_to_user() to copy the contents into userspace.
-This vulnerability has been assigned CVE-2014-0206.  Thanks to Mateusz and
-Petr for disclosing this issue.
-
-This patch applies to v3.12+.  A separate backport is needed for 3.10/3.11.
-
-Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
-Cc: Mateusz Guzik <mguzik@redhat.com>
-Cc: Petr Matousek <pmatouse@redhat.com>
-Cc: Kent Overstreet <kmo@daterainc.com>
-Cc: Jeff Moyer <jmoyer@redhat.com>
-Cc: stable@vger.kernel.org
----
- fs/aio.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/fs/aio.c b/fs/aio.c
-index 6a9c7e489adf..955947ef3e02 100644
---- a/fs/aio.c
-+++ b/fs/aio.c
-@@ -1063,6 +1063,9 @@ static long aio_read_events_ring(struct kioctx *ctx,
- 	if (head == tail)
- 		goto out;
- 
-+	head %= ctx->nr_events;
-+	tail %= ctx->nr_events;
-+
- 	while (ret < nr) {
- 		long avail;
- 		struct io_event *ev;
--- 
-1.9.3
-