From: Paul Mackerras <paulus@samba.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Kumar Gala <kumar.gala@freescale.com>,
linux-kernel@vger.kernel.org, linuxppc-dev@ozlabs.org,
Ingo Molnar <mingo@elte.hu>
Subject: Please pull my perf.git urgent branch
Date: Tue, 27 Jul 2010 22:40:19 +1000 [thread overview]
Message-ID: <20100727124019.GB14947@brick.ozlabs.ibm.com> (raw)
Linus,
Please do a pull from
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/perf.git urgent
to get one commit that fixes a problem where, on some Freescale
embedded PowerPC machines, unprivileged userspace could oops the
kernel using the perf_event subsystem. I know it's late, but it is a
potential security hole (but only on Freescale embedded systems), the
fix is small (3 lines) and only affects Freescale embedded processors,
and I was on vacation for the past two weeks. :)
Thanks,
Paul.
Peter Zijlstra (1):
perf, powerpc: Use perf_sample_data_init() for the FSL code
arch/powerpc/kernel/perf_event_fsl_emb.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
commit 6b95ed345b9faa4ab3598a82991968f2e9f851bb
Author: Peter Zijlstra <a.p.zijlstra@chello.nl>
Date: Fri Jul 9 10:21:21 2010 +0200
perf, powerpc: Use perf_sample_data_init() for the FSL code
We should use perf_sample_data_init() to initialize struct
perf_sample_data. As explained in the description of commit dc1d628a
("perf: Provide generic perf_sample_data initialization"), it is
possible for userspace to get the kernel to dereference data.raw,
so if it is not initialized, that means that unprivileged userspace
can possibly oops the kernel. Using perf_sample_data_init makes sure
it gets initialized to NULL.
This conversion should have been included in commit dc1d628a, but it
got missed.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Kumar Gala <kumar.gala@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
diff --git a/arch/powerpc/kernel/perf_event_fsl_emb.c b/arch/powerpc/kernel/perf_event_fsl_emb.c
index 369872f..babccee 100644
--- a/arch/powerpc/kernel/perf_event_fsl_emb.c
+++ b/arch/powerpc/kernel/perf_event_fsl_emb.c
@@ -566,9 +566,9 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
* Finally record data if requested.
*/
if (record) {
- struct perf_sample_data data = {
- .period = event->hw.last_period,
- };
+ struct perf_sample_data data;
+
+ perf_sample_data_init(&data, 0);
if (perf_event_overflow(event, nmi, &data, regs)) {
/*
next reply other threads:[~2010-07-27 12:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-27 12:40 Paul Mackerras [this message]
2010-07-27 16:28 ` Please pull my perf.git urgent branch Scott Wood
2010-07-28 4:47 ` Paul Mackerras
2010-07-28 16:15 ` Kumar Gala
2010-08-02 22:16 ` Scott Wood
2010-08-03 5:51 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100727124019.GB14947@brick.ozlabs.ibm.com \
--to=paulus@samba.org \
--cc=kumar.gala@freescale.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).