[PATCH 1/2] powerpc/perf: Fix kernel address leak to userspace via BHRB buffer
Balbir Singh
bsingharora at gmail.com
Mon Mar 5 17:16:26 AEDT 2018
On Sun, Mar 4, 2018 at 10:55 PM, Madhavan Srinivasan
<maddy at linux.vnet.ibm.com> wrote:
> The current Branch History Rolling Buffer (BHRB) code does
> not check for any privilege levels before updating the data
> from BHRB. This leaks kernel addresses to userspace even when
> profiling only with userspace privileges. Add proper checks
> to prevent it.
>
> Signed-off-by: Madhavan Srinivasan <maddy at linux.vnet.ibm.com>
> ---
> arch/powerpc/perf/core-book3s.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
> index f89bbd54ecec..337db5831749 100644
> --- a/arch/powerpc/perf/core-book3s.c
> +++ b/arch/powerpc/perf/core-book3s.c
> @@ -457,6 +457,10 @@ static void power_pmu_bhrb_read(struct cpu_hw_events *cpuhw)
> /* invalid entry */
> continue;
>
> + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN) &&
> + is_kernel_addr(addr))
> + continue;
> +
Looks good to me. The scope of the leaks concern is KASLR related or
something else (figuring out what's in the cache?)
Acked-by: Balbir Singh <bsingharora at gmail.com>
Balbir Singh.
More information about the Linuxppc-dev
mailing list