Commit e1ebd0e5 authored by Michael Ellerman's avatar Michael Ellerman

powerpc/perf: Fix kernel address leak via sampling registers

Current code in power_pmu_disable() does not clear the sampling
registers like Sampling Instruction Address Register (SIAR) and
Sampling Data Address Register (SDAR) after disabling the PMU. Since
these are userspace readable and could contain kernel addresses, add
code to explicitly clear the content of these registers.

Also add a "context synchronizing instruction" to enforce no further
updates to these registers as suggested by Power ISA v3.0B. From
section 9.4, on page 1108:

  "If an mtspr instruction is executed that changes the value of a
  Performance Monitor register other than SIAR, SDAR, and SIER, the
  change is not guaranteed to have taken effect until after a
  subsequent context synchronizing instruction has been executed (see
  Chapter 11. "Synchronization Requirements for Context Alterations"
  on page 1133)."
Signed-off-by: default avatarMadhavan Srinivasan <maddy@linux.vnet.ibm.com>
[mpe: Massage change log and add ISA reference]
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent dbfcf3cb
...@@ -1226,6 +1226,7 @@ static void power_pmu_disable(struct pmu *pmu) ...@@ -1226,6 +1226,7 @@ static void power_pmu_disable(struct pmu *pmu)
*/ */
write_mmcr0(cpuhw, val); write_mmcr0(cpuhw, val);
mb(); mb();
isync();
/* /*
* Disable instruction sampling if it was enabled * Disable instruction sampling if it was enabled
...@@ -1234,12 +1235,26 @@ static void power_pmu_disable(struct pmu *pmu) ...@@ -1234,12 +1235,26 @@ static void power_pmu_disable(struct pmu *pmu)
mtspr(SPRN_MMCRA, mtspr(SPRN_MMCRA,
cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE); cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE);
mb(); mb();
isync();
} }
cpuhw->disabled = 1; cpuhw->disabled = 1;
cpuhw->n_added = 0; cpuhw->n_added = 0;
ebb_switch_out(mmcr0); ebb_switch_out(mmcr0);
#ifdef CONFIG_PPC64
/*
* These are readable by userspace, may contain kernel
* addresses and are not switched by context switch, so clear
* them now to avoid leaking anything to userspace in general
* including to another process.
*/
if (ppmu->flags & PPMU_ARCH_207S) {
mtspr(SPRN_SDAR, 0);
mtspr(SPRN_SIAR, 0);
}
#endif
} }
local_irq_restore(flags); local_irq_restore(flags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment