Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2507035imm; Mon, 28 May 2018 09:22:28 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr/0N0SkD2jKkOw+QrT57lbe0qu6nyA9VIhvgo51L7Z6WiEffFW4Ofo0XNHVUY+Tz7gpFdP X-Received: by 2002:a17:902:8a82:: with SMTP id p2-v6mr14253881plo.244.1527524548186; Mon, 28 May 2018 09:22:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527524548; cv=none; d=google.com; s=arc-20160816; b=JQG20yFjTcY6m2jgwG3rV9ig3B4s1MA6ORoyxYcttl5dEoaAg4ZTxmJnb2jo44J6Jf xAyw+g35mI/u3MAXzGdvWYkp8Dfxb8vRts1KxR1VhygyYTmAcaHm+95aa8GrQooFP0RR QrzEpXI3J0wzUkGY43cttasR40ph4KywvKso1mNZ0U7WSDfotzGV5LufkXp30jV3vbss 4eleyQddm0MMX1er6fex0pJxZyZ1qipAEoocb1SkgqtEJ4GptOTcQkeL66xiT3BESdlG jDvkcdT6Qh8b2T9iupQbBM3jGqSuYjuKh3wJAXxN33Je+Nzp8LvgIbCDFjm5vcWPHYc0 RkNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=88FSMO8PUhbuw6rFmjxU6zrIKcv6PPfI+ZZC0ySylYs=; b=AkIQs8JLayzk5PwCQA1yW6wsU6r/m1Gd2HOGxxxuOPJwKWx54lfvMF3ZmWuvjf+Vv6 B5M+LIgFsak02XUpUS0ocp1Gao3JALZvHpGAnz+Nacm24avvchBlwMKRASQLVYvoHWB2 HW2M5IIOQt31vJJ/XjU+LB/35XpyGaC1c5fzvn4s8Cl/oKkJMjVYhRkgCoBXPYmZoZjE OnkOpQmCmZxRFog2ITkyCCyK2Yp++qTbU8ciCFI0Jy/Wm8CE2lLc+cZj1/V1MOrCbLzs hplHQ4iSmBBuBfPyxOZoiOkT8WxGvFrqZPl16VZbYFLLvjVRm9eAb11nP48JE1ILQloF cK4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CVgRSywX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3-v6si30464630plt.71.2018.05.28.09.22.13; Mon, 28 May 2018 09:22:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CVgRSywX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936652AbeE1KLp (ORCPT + 99 others); Mon, 28 May 2018 06:11:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:59838 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S936625AbeE1KLj (ORCPT ); Mon, 28 May 2018 06:11:39 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9674D208AC; Mon, 28 May 2018 10:11:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527502299; bh=FK6ra8rU5EAaPATsKBaJssE+HHNohrwW+OrAU5g68oc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CVgRSywXy2wYjeyOxihPHyufh0jj+xCTTl/lFmg5EMnD6UNjXlOEtXh4qDU3jwJvU XntsRncHeMWjszCfzu59utVWwdsSNUkHdU41tqu76XCP3h9Z6uinPOmIpElxorhBW8 FmY9ebW9NevnPBUbG5Gnj/MTwUTJUurYemOKaGyU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Madhavan Srinivasan , Michael Ellerman , Sasha Levin Subject: [PATCH 3.18 134/185] powerpc/perf: Fix kernel address leak via sampling registers Date: Mon, 28 May 2018 12:02:55 +0200 Message-Id: <20180528100105.421706441@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100050.700971285@linuxfoundation.org> References: <20180528100050.700971285@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Michael Ellerman [ Upstream commit e1ebd0e5b9d0a10ba65e63a3514b6da8c6a5a819 ] Current code in power_pmu_disable() does not clear the sampling registers like Sampling Instruction Address Register (SIAR) and Sampling Data Address Register (SDAR) after disabling the PMU. Since these are userspace readable and could contain kernel addresses, add code to explicitly clear the content of these registers. Also add a "context synchronizing instruction" to enforce no further updates to these registers as suggested by Power ISA v3.0B. From section 9.4, on page 1108: "If an mtspr instruction is executed that changes the value of a Performance Monitor register other than SIAR, SDAR, and SIER, the change is not guaranteed to have taken effect until after a subsequent context synchronizing instruction has been executed (see Chapter 11. "Synchronization Requirements for Context Alterations" on page 1133)." Signed-off-by: Madhavan Srinivasan [mpe: Massage change log and add ISA reference] Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/perf/core-book3s.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -1193,6 +1193,7 @@ static void power_pmu_disable(struct pmu */ write_mmcr0(cpuhw, val); mb(); + isync(); /* * Disable instruction sampling if it was enabled @@ -1201,12 +1202,26 @@ static void power_pmu_disable(struct pmu mtspr(SPRN_MMCRA, cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE); mb(); + isync(); } cpuhw->disabled = 1; cpuhw->n_added = 0; ebb_switch_out(mmcr0); + +#ifdef CONFIG_PPC64 + /* + * These are readable by userspace, may contain kernel + * addresses and are not switched by context switch, so clear + * them now to avoid leaking anything to userspace in general + * including to another process. + */ + if (ppmu->flags & PPMU_ARCH_207S) { + mtspr(SPRN_SDAR, 0); + mtspr(SPRN_SIAR, 0); + } +#endif } local_irq_restore(flags);