Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2250794imm; Mon, 28 May 2018 04:47:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZryndSxVnRdow3Shst3/Woh7MHKRUASCwY8lxlYhEk22MZHwijsBa2ehg3AMdQwE6M8+UW1 X-Received: by 2002:a17:902:9a06:: with SMTP id v6-v6mr13269242plp.21.1527508053958; Mon, 28 May 2018 04:47:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527508053; cv=none; d=google.com; s=arc-20160816; b=ZbpJdeWjT4edMwL5vDkYn4jI4o9LtxPhUufz1r5j8u7scNGAY2nejDrrX1FjDqZcIf rjzsUxd/vzwU/L1NuPMJOkBTCvG+/cN6DbXaddMmyvk+zlDpwTtZvqd+GJnUJtzjCiem pnytvyEzKo+Cw8LvvFWH1tsxoKfQvdKYPHYsYccC/yGVig/4ocq7efqMrq1NA3NKTRGr aSnk3H4oltgMyLvoZxFjVVbJYYIhqKXqlarYz8TA6jhRIa4KEnm/wtPKKBXRP+JAvmdy wmWmJQ4Bsj00FKYDJFGBkxQPGZSygFQ0WRdfHLrRcRZ9NgfgzGfDUoH572PyT2GIbMOw KNLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=egKmCj9gyj3pZ6hEaWVsxi+CJY1wgrKv4LwmEt5JxsQ=; b=SgRNze6sGciqDJEC17NRwHpBeDhlCpuvxOnwTdJ02bAHWQ7rD6m4nqzqDKxnwzt219 l6c3tb4ig/Dfmyo/tc8Sypkc5jWyOWPNwwmly83UC5crUBFzSVSPevQV6TYHLWxRWQOY F87IWb7z9Mb63YCF8mPz27QsDfkODPQ2vbTJL/4srB3g5OBZihdVtN4uxtkYpZXMMkLw Vvvut3Ze8R0hRTIKqQ+wv8YXl3dollX0oMetUdjvkDU0skjeCRLPfdrwnv+ciyDYinB6 2xt5D193km01RSxowyQtl/aJqKcKVXgQpHdlNbn8CAcOz3GpEffRtFtWkt0rw6WMgxpr jNjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vk8PMNUy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j19-v6si28895323pll.518.2018.05.28.04.47.19; Mon, 28 May 2018 04:47:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vk8PMNUy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423803AbeE1Lqf (ORCPT + 99 others); Mon, 28 May 2018 07:46:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:58828 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1423635AbeE1LKu (ORCPT ); Mon, 28 May 2018 07:10:50 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EF8412088E; Mon, 28 May 2018 11:10:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527505849; bh=kcLft5MmWlCWNfmu84gwXLUBDi1/mYLKYFtnG8O7638=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vk8PMNUygJ1Mbl8nj99IfvuLEhYjnVWh+emTcN2iu3r85ehKmktY/zPJ6d1KhYUkc gw+hzdLynCF9surrlQHiYLYnOLlDe1Visv3kIYusPpB9E0ZDoDdwVPKoU6QBGjZsqa kGj5jIunC6dMN32c72VCLBBC1ar0X2P9QDYrrIGY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Madhavan Srinivasan , Michael Ellerman , Sasha Levin Subject: [PATCH 4.16 115/272] powerpc/perf: Fix kernel address leak via sampling registers Date: Mon, 28 May 2018 12:02:28 +0200 Message-Id: <20180528100250.838571729@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100240.256525891@linuxfoundation.org> References: <20180528100240.256525891@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Michael Ellerman [ Upstream commit e1ebd0e5b9d0a10ba65e63a3514b6da8c6a5a819 ] Current code in power_pmu_disable() does not clear the sampling registers like Sampling Instruction Address Register (SIAR) and Sampling Data Address Register (SDAR) after disabling the PMU. Since these are userspace readable and could contain kernel addresses, add code to explicitly clear the content of these registers. Also add a "context synchronizing instruction" to enforce no further updates to these registers as suggested by Power ISA v3.0B. From section 9.4, on page 1108: "If an mtspr instruction is executed that changes the value of a Performance Monitor register other than SIAR, SDAR, and SIER, the change is not guaranteed to have taken effect until after a subsequent context synchronizing instruction has been executed (see Chapter 11. "Synchronization Requirements for Context Alterations" on page 1133)." Signed-off-by: Madhavan Srinivasan [mpe: Massage change log and add ISA reference] Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/perf/core-book3s.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -1236,6 +1236,7 @@ static void power_pmu_disable(struct pmu */ write_mmcr0(cpuhw, val); mb(); + isync(); /* * Disable instruction sampling if it was enabled @@ -1244,12 +1245,26 @@ static void power_pmu_disable(struct pmu mtspr(SPRN_MMCRA, cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE); mb(); + isync(); } cpuhw->disabled = 1; cpuhw->n_added = 0; ebb_switch_out(mmcr0); + +#ifdef CONFIG_PPC64 + /* + * These are readable by userspace, may contain kernel + * addresses and are not switched by context switch, so clear + * them now to avoid leaking anything to userspace in general + * including to another process. + */ + if (ppmu->flags & PPMU_ARCH_207S) { + mtspr(SPRN_SDAR, 0); + mtspr(SPRN_SIAR, 0); + } +#endif } local_irq_restore(flags);