diff options
| author | Namhyung Kim <[email protected]> | 2025-03-22 07:13:01 +0000 |
|---|---|---|
| committer | Ingo Molnar <[email protected]> | 2025-03-22 07:18:24 +0000 |
| commit | 50a53b60e141d7e31368a87e222e4dd5597bd4ae (patch) | |
| tree | 983d1679ce2ec928492138a15ba77f6ab6579cce /drivers/gpu/drm/amd/amdgpu/mes_userqueue.c | |
| parent | Merge tag 'perf-urgent-2025-03-21' of git://git.kernel.org/pub/scm/linux/kern... (diff) | |
| download | kernel-50a53b60e141d7e31368a87e222e4dd5597bd4ae.tar.gz kernel-50a53b60e141d7e31368a87e222e4dd5597bd4ae.zip | |
perf/amd/ibs: Prevent leaking sensitive data to userspace
Although IBS "swfilt" can prevent leaking samples with kernel RIP to the
userspace, there are few subtle cases where a 'data' address and/or a
'branch target' address can fall under kernel address range although RIP
is from userspace. Prevent leaking kernel 'data' addresses by discarding
such samples when {exclude_kernel=1,swfilt=1}.
IBS can now be invoked by unprivileged user with the introduction of
"swfilt". However, this creates a loophole in the interface where an
unprivileged user can get physical address of the userspace virtual
addresses through IBS register raw dump (PERF_SAMPLE_RAW). Prevent this
as well.
This upstream commit fixed the most obvious leak:
65a99264f5e5 perf/x86: Check data address for IBS software filter
Follow that up with a more complete fix.
Fixes: d29e744c7167 ("perf/x86: Relax privilege filter restriction on AMD IBS")
Suggested-by: Matteo Rizzo <[email protected]>
Co-developed-by: Ravi Bangoria <[email protected]>
Signed-off-by: Namhyung Kim <[email protected]>
Signed-off-by: Ravi Bangoria <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/mes_userqueue.c')
0 files changed, 0 insertions, 0 deletions