powerpc/perf: Prevent kernel address leak via perf_get_data_addr()

Sampled Data Address Register (SDAR) is a 64-bit register that contains the effective address of the storage operand of an instruction that was being executed, possibly out-of-order, at or around the time that the Performance Monitor alert occurred. In certain scenario SDAR happen to contain the kernel address even for userspace only sampling. Add checks to prevent it. Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

powerpc/perf: Prevent kernel address leak via perf_get_data_addr()
Sampled Data Address Register (SDAR) is a 64-bit register that contains the effective address of the storage operand of an instruction that was being executed, possibly out-of-order, at or around the time that the Performance Monitor alert occurred. In certain scenario SDAR happen to contain the kernel address even for userspace only sampling. Add checks to prevent it. Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
cd1231d7 · Madhavan Srinivasan · Michael Ellerman · bb19af81 · cd1231d7
Commit cd1231d7 authored Mar 21, 2018 by Madhavan Srinivasan Committed by Michael Ellerman Mar 27, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

arch/powerpc/perf/core-book3s.c arch/powerpc/perf/core-book3s.c +4 -0

No files found.
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -198,6 +198,10 @@ static inline void perf_get_data_addr(struct pt_regs *regs, u64 *addrp)
 	if (!(mmcra & MMCRA_SAMPLE_ENABLE) || sdar_valid)
 		*addrp = mfspr(SPRN_SDAR);
+	if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN) &&
+		is_kernel_addr(mfspr(SPRN_SDAR)))
+		*addrp = 0;
 }
 static bool regs_sihv(struct pt_regs *regs)