diff options
author | Madhavan Srinivasan <maddy@linux.vnet.ibm.com> | 2018-03-21 12:40:26 +0100 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2018-03-27 10:25:09 +0200 |
commit | cd1231d7035fea894118d5155ff984cdaf1ac1a2 (patch) | |
tree | b69f07fd0c77915b86ac3e641b4611a1a546c6e5 | |
parent | powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (diff) | |
download | linux-cd1231d7035fea894118d5155ff984cdaf1ac1a2.tar.xz linux-cd1231d7035fea894118d5155ff984cdaf1ac1a2.zip |
powerpc/perf: Prevent kernel address leak via perf_get_data_addr()
Sampled Data Address Register (SDAR) is a 64-bit register that
contains the effective address of the storage operand of an
instruction that was being executed, possibly out-of-order, at or
around the time that the Performance Monitor alert occurred.
In certain scenario SDAR happen to contain the kernel address even for
userspace only sampling. Add checks to prevent it.
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-rw-r--r-- | arch/powerpc/perf/core-book3s.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c index 1e55ae2f2afd..a00b364fb9d7 100644 --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -198,6 +198,10 @@ static inline void perf_get_data_addr(struct pt_regs *regs, u64 *addrp) if (!(mmcra & MMCRA_SAMPLE_ENABLE) || sdar_valid) *addrp = mfspr(SPRN_SDAR); + + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN) && + is_kernel_addr(mfspr(SPRN_SDAR))) + *addrp = 0; } static bool regs_sihv(struct pt_regs *regs) |