Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2450549imm;
        Mon, 28 May 2018 08:18:13 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKKa0jX2g/2C56ygUvsSC/raDD/M1lHpl9o76UHjJabYbwqIuBFnskrG7QXwcEpCe/XXtMB8
X-Received: by 2002:a63:3807:: with SMTP id f7-v6mr7616780pga.446.1527520693835;
        Mon, 28 May 2018 08:18:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527520693; cv=none;
        d=google.com; s=arc-20160816;
        b=F1KWJA26a0qkC86RWQuHCNPpuH0BufOcdXmObBlnPXfnhMOPLo6SMn5aMKyTZlbp8A
         pNaeA4OlKOfDCgxBHyL8B9TTFzei7Im9rifux4jiAu/aM2DYvrBY03tQcnrrvVpN7YTS
         1G61KywDwxfPx4ODdFzCbiYQtv9UIfiOy8lV8Yb9vx1cYynA5I2GEorLyA3jlajfDeMx
         ljwOv4RUBbMxtE9JhPEtNB3qqy5YRBYpZWpxZUXITmeUwJaGCi+vkeTDmbmyucq/ksum
         WkjBEpevZ3mNKA2aInqgez0UEdemhwYcXEOJ0dghnvkc6mH0tlr4KOE2d98modO8QWX5
         yfXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=pT2bp4YLL/luqSbHKObUDLocybCDgYV3oVhZUIxFUP0=;
        b=sRWiiJYLHofQ+Y/4Exdf/YdE2DIHzxMwYOtEnqaZa9Wf99hykU13GqqSrcCkfskyvS
         iSrrTDfJ3WZxjBok9l5Y8WgrPxN8g/Zckc/ePGiV5VvdZ/EcheDFu+3N9MKtpol3AcSd
         Yz9sxphjkRG2dbZQ8gEhmeWamdq65A2Vo1AZfpY7rdMQzR4QT9p5gLts1N/aIk5E1nqG
         lObyo4SvN6TxMTKKI89G/m2FdLwXHyDXYXrraGsItfit5nge42iwZCceIz4tclDSEoWL
         u9u7lHqHxsRJQFLdmQbaoRTPbFMcnH5Ac6aIpqymNeks+Xequ9dGGcC/rfyK3o2TgacZ
         Pbnw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=oDviL8cY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z188-v6si29736706pfz.335.2018.05.28.08.17.58;
        Mon, 28 May 2018 08:18:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=oDviL8cY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1034107AbeE1PRQ (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Mon, 28 May 2018 11:17:16 -0400
Received: from mail.kernel.org ([198.145.29.99]:41998 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1033321AbeE1KWg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 May 2018 06:22:36 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id C404420844;
        Mon, 28 May 2018 10:22:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1527502956;
        bh=qr9uRiay08KYerdCNyoaRAGha5Fzz96Y5UK4KFL2INo=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=oDviL8cYqw0cnhEtPU3Wfwc/nWQIBltClj3M6NZWFS1nD2Ym/3cF2/gZTOh8+7dtU
         ogRQWptqQRRITNqok4PJHeTTq4uqLTjEhqesWj96SjClF+/DuGKrcvFPahs0poTXMN
         +PT0H4aNcgvXwdCF5pu9afPwq7myz9WwEnmH06y0=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Madhavan Srinivasan <maddy@linux.vnet.ibm.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.4 191/268] powerpc/perf: Fix kernel address leak via sampling registers
Date:   Mon, 28 May 2018 12:02:45 +0200
Message-Id: <20180528100223.968701572@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180528100202.045206534@linuxfoundation.org>
References: <20180528100202.045206534@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Ellerman <mpe@ellerman.id.au>

[ Upstream commit e1ebd0e5b9d0a10ba65e63a3514b6da8c6a5a819 ]

Current code in power_pmu_disable() does not clear the sampling
registers like Sampling Instruction Address Register (SIAR) and
Sampling Data Address Register (SDAR) after disabling the PMU. Since
these are userspace readable and could contain kernel addresses, add
code to explicitly clear the content of these registers.

Also add a "context synchronizing instruction" to enforce no further
updates to these registers as suggested by Power ISA v3.0B. From
section 9.4, on page 1108:

  "If an mtspr instruction is executed that changes the value of a
  Performance Monitor register other than SIAR, SDAR, and SIER, the
  change is not guaranteed to have taken effect until after a
  subsequent context synchronizing instruction has been executed (see
  Chapter 11. "Synchronization Requirements for Context Alterations"
  on page 1133)."

Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
[mpe: Massage change log and add ISA reference]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/perf/core-book3s.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -1198,6 +1198,7 @@ static void power_pmu_disable(struct pmu
 		 */
 		write_mmcr0(cpuhw, val);
 		mb();
+		isync();
 
 		/*
 		 * Disable instruction sampling if it was enabled
@@ -1206,12 +1207,26 @@ static void power_pmu_disable(struct pmu
 			mtspr(SPRN_MMCRA,
 			      cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE);
 			mb();
+			isync();
 		}
 
 		cpuhw->disabled = 1;
 		cpuhw->n_added = 0;
 
 		ebb_switch_out(mmcr0);
+
+#ifdef CONFIG_PPC64
+		/*
+		 * These are readable by userspace, may contain kernel
+		 * addresses and are not switched by context switch, so clear
+		 * them now to avoid leaking anything to userspace in general
+		 * including to another process.
+		 */
+		if (ppmu->flags & PPMU_ARCH_207S) {
+			mtspr(SPRN_SDAR, 0);
+			mtspr(SPRN_SIAR, 0);
+		}
+#endif
 	}
 
 	local_irq_restore(flags);