Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751410Ab0G0Q3V (ORCPT ); Tue, 27 Jul 2010 12:29:21 -0400 Received: from tx2ehsobe002.messaging.microsoft.com ([65.55.88.12]:11938 "EHLO TX2EHSOBE003.bigfish.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751230Ab0G0Q3T (ORCPT ); Tue, 27 Jul 2010 12:29:19 -0400 X-SpamScore: -12 X-BigFish: VS-12(zz1432N98dNzz1202hzzz2dh2a8h61h) X-Spam-TCS-SCL: 0:0 Date: Tue, 27 Jul 2010 11:28:54 -0500 From: Scott Wood To: Paul Mackerras CC: Linus Torvalds , Peter Zijlstra , Kumar Gala , linux-kernel@vger.kernel.org, linuxppc-dev@ozlabs.org, Ingo Molnar Subject: Re: Please pull my perf.git urgent branch Message-ID: <20100727112854.7bf97d48@schlenkerla.am.freescale.net> In-Reply-To: <20100727124019.GB14947@brick.ozlabs.ibm.com> References: <20100727124019.GB14947@brick.ozlabs.ibm.com> X-Mailer: Claws Mail 3.7.4 (GTK+ 2.20.1; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 27 Jul 2010 16:28:55.0521 (UTC) FILETIME=[CEAA3D10:01CB2DA8] X-Reverse-DNS: az33egw02.freescale.net Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1971 Lines: 50 On Tue, 27 Jul 2010 22:40:19 +1000 Paul Mackerras wrote: > Please do a pull from > > git://git.kernel.org/pub/scm/linux/kernel/git/paulus/perf.git urgent > > to get one commit that fixes a problem where, on some Freescale > embedded PowerPC machines, unprivileged userspace could oops the > kernel using the perf_event subsystem. I know it's late, but it is a > potential security hole (but only on Freescale embedded systems), the > fix is small (3 lines) and only affects Freescale embedded processors, > and I was on vacation for the past two weeks. :) [snip] > diff --git a/arch/powerpc/kernel/perf_event_fsl_emb.c b/arch/powerpc/kernel/perf_event_fsl_emb.c > index 369872f..babccee 100644 > --- a/arch/powerpc/kernel/perf_event_fsl_emb.c > +++ b/arch/powerpc/kernel/perf_event_fsl_emb.c > @@ -566,9 +566,9 @@ static void record_and_restart(struct perf_event *event, unsigned long val, > * Finally record data if requested. > */ > if (record) { > - struct perf_sample_data data = { > - .period = event->hw.last_period, > - }; > + struct perf_sample_data data; > + > + perf_sample_data_init(&data, 0); > > if (perf_event_overflow(event, nmi, &data, regs)) { > /* Doesn't the setting of .period need to be maintained (it is in the other powerpc perf_event implementation that this is derived from)? I don't see how this is a security fix -- the existing initializer above should zero-fill the fields that are not explicitly initialized. In fact, it's taking other fields that were previously initialized to zero and is making them uninitialized, since perf_sample_data_init only sets addr and raw. CCing linuxppc-dev on the original patch would have been nice... -Scott -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/