Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2303107imm; Mon, 28 May 2018 05:43:39 -0700 (PDT) X-Google-Smtp-Source: AB8JxZodT8GGAHxlQz68yYGRJRKkfdwvo2mnUi+d1y7ww3M/dXPYuPNGOHcgQ7fOCi9soxL2Vj4o X-Received: by 2002:a63:7d43:: with SMTP id m3-v6mr10651327pgn.117.1527511419908; Mon, 28 May 2018 05:43:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527511419; cv=none; d=google.com; s=arc-20160816; b=S55LLVnB8Y1Cua2Bes2LKC7J/5YqxsQCKqeYbPuME88mlmsuedyFh5d+oUhjv+asVV gptT0fsbTzN5YfmAGcKhQhvx2xeF8csBI1ZlSGpMQduHS4uH28v7W1dMIIONEGnrodIf noHIlaHJbf8hb2xm2QLLJKyfR/E+PpKJ+u79r1P8TZ7mOx68hqRE4ezxdkQYNA70vFyD rgeftrfctGeGr9f7WeIGGR997n3ccb9nPM457ObmymV53geGIcrA76I7i2jLkYiaqh3Q QJ6Kgqk95LA/+y3+M+8ZoUEHJl9BHj/CVPziRh+nOY7NM3uG6sNUvV6oQxG0Drh1oJO5 LxPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=QxKr4c5gGiH1LAvIWewRsppzuaY2zw1aORUNxUlPOdo=; b=yBgdjotPAUedeyfnFRqBLVOjppI3+o2BSCViSkcuyciu6W04MC/LGzxA6VAPFnT/Kp CZB87lo4dJxaHAtWMvm38OLCFEenfZf/KGW9732cSDD73LoeIPOero/+er2j5bBT43hR JT+HTPndruP2K4dwBzALm0BKpWmUhKlPmXx0a/YGQs5ypIuuWbh6GastLCRenTPA9wIr Pj6ZfkjU3L/7pH3K+vPeGBaEKJ/1qEySQyYTX330JMr7DfqUwJg7s9TAlXZjN2mAFudi gQZ0nm/WjmIkYbUen2vxvJDOJs54BHK9iEmoJgbLBWqzIjc8k6LzCdJIjFEvkPRgP8ba Z1Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fD75sgn3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z19-v6si29508075plo.174.2018.05.28.05.43.25; Mon, 28 May 2018 05:43:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fD75sgn3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937982AbeE1K6R (ORCPT + 99 others); Mon, 28 May 2018 06:58:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:46354 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S937968AbeE1K6L (ORCPT ); Mon, 28 May 2018 06:58:11 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D6E6A208A1; Mon, 28 May 2018 10:58:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527505091; bh=eB4KSnyOI4sGUf5K3uYE3fGFIqjAlKyZhi4+RwVgMHI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fD75sgn37aKABFwXZwmT0mncjAlvygYyt+UueRwqLWsRqIwuGMPb5B1Yo/8Au9E8b uI6pIUqMSZ5q7BqhJ00t8El31GEmszcudVHAyGYr/JdFd/moOsQIKrDRpsy2Vh/X0u ZopS0hUQE9OgXDfMPKftBx1iTAqjCoRmx0i1Ht+k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Madhavan Srinivasan , Michael Ellerman , Sasha Levin Subject: [PATCH 4.14 372/496] powerpc/perf: Fix kernel address leak via sampling registers Date: Mon, 28 May 2018 12:02:37 +0200 Message-Id: <20180528100335.490554560@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100319.498712256@linuxfoundation.org> References: <20180528100319.498712256@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Michael Ellerman [ Upstream commit e1ebd0e5b9d0a10ba65e63a3514b6da8c6a5a819 ] Current code in power_pmu_disable() does not clear the sampling registers like Sampling Instruction Address Register (SIAR) and Sampling Data Address Register (SDAR) after disabling the PMU. Since these are userspace readable and could contain kernel addresses, add code to explicitly clear the content of these registers. Also add a "context synchronizing instruction" to enforce no further updates to these registers as suggested by Power ISA v3.0B. From section 9.4, on page 1108: "If an mtspr instruction is executed that changes the value of a Performance Monitor register other than SIAR, SDAR, and SIER, the change is not guaranteed to have taken effect until after a subsequent context synchronizing instruction has been executed (see Chapter 11. "Synchronization Requirements for Context Alterations" on page 1133)." Signed-off-by: Madhavan Srinivasan [mpe: Massage change log and add ISA reference] Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/perf/core-book3s.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -1236,6 +1236,7 @@ static void power_pmu_disable(struct pmu */ write_mmcr0(cpuhw, val); mb(); + isync(); /* * Disable instruction sampling if it was enabled @@ -1244,12 +1245,26 @@ static void power_pmu_disable(struct pmu mtspr(SPRN_MMCRA, cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE); mb(); + isync(); } cpuhw->disabled = 1; cpuhw->n_added = 0; ebb_switch_out(mmcr0); + +#ifdef CONFIG_PPC64 + /* + * These are readable by userspace, may contain kernel + * addresses and are not switched by context switch, so clear + * them now to avoid leaking anything to userspace in general + * including to another process. + */ + if (ppmu->flags & PPMU_ARCH_207S) { + mtspr(SPRN_SDAR, 0); + mtspr(SPRN_SIAR, 0); + } +#endif } local_irq_restore(flags);