From: Stephane Eranian <eranian@google.com>
To: Andi Kleen <andi@firstfloor.org>
Cc: linux-kernel@vger.kernel.org, peterz@infradead.org,
mingo@elte.hu, acme@redhat.com, ming.m.lin@intel.com,
robert.richter@amd.com, ravitillo@lbl.gov
Subject: Re: [PATCH 07/12] perf_events: add LBR software filter support for Intel X86
Date: Fri, 7 Oct 2011 12:40:48 +0200 [thread overview]
Message-ID: <CABPqkBReqBhFFKsLPfbzFHL7hs2hXSJ8tTZuP9D-2N2MGiB9Mw@mail.gmail.com> (raw)
In-Reply-To: <CABPqkBSNejhZ_ciyLTUFAybBqqGB-8QzVrPj8OTbAhQ_+mj4aw@mail.gmail.com>
On Fri, Oct 7, 2011 at 12:38 PM, Stephane Eranian <eranian@google.com> wrote:
> On Thu, Oct 6, 2011 at 5:32 PM, Andi Kleen <andi@firstfloor.org> wrote:
>>> + kernel_insn_init(&insn, kaddr);
>>> + insn_get_opcode(&insn);
>>
>> This makes me uncomfortable. AFAIK that's the first use of the opcode
>> decoder being used directly for user space. It has a quite large attack
>> surface. Who says it cannot be exploited?
>>
> This is not new, it's already used for the PEBS fixups and that includes
> user level fixups, if possible.
>
> We are not executing the instruction here, just decoding it to filter it out
> from a buffer if necessary.
>
I would add that in this particular usage, the source address is coming
straight from LBR, it's not made up my SW. That means it corresponds
to a point where there was a control flow change. But it can certainly
be any x86 opcode (not just branches). LBR captures control flow changes
due to traps, faults, interrupts.
next prev parent reply other threads:[~2011-10-07 10:40 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-06 14:49 [PATCH 00/12] perf_events: add support for sampling taken branches Stephane Eranian
2011-10-06 14:49 ` [PATCH 01/12] perf_events: add generic taken branch sampling support Stephane Eranian
2011-10-06 16:57 ` Peter Zijlstra
2011-10-07 10:28 ` Stephane Eranian
2011-10-07 10:32 ` Peter Zijlstra
2011-10-07 10:44 ` Stephane Eranian
2011-10-06 17:01 ` Peter Zijlstra
2011-10-06 14:49 ` [PATCH 02/12] perf_events: add Intel LBR MSR definitions Stephane Eranian
2011-10-06 14:49 ` [PATCH 03/12] perf_events: add Intel X86 LBR sharing logic Stephane Eranian
2011-10-06 14:49 ` [PATCH 04/12] perf_events: sync branch stack sampling with X86 precise_sampling Stephane Eranian
2011-10-06 17:25 ` Peter Zijlstra
2011-10-07 10:34 ` Stephane Eranian
2011-10-07 10:37 ` Peter Zijlstra
2011-10-06 14:49 ` [PATCH 05/12] perf_events: add LBR mappings for PERF_SAMPLE_BRANCH filters Stephane Eranian
2011-10-06 14:49 ` [PATCH 06/12] perf_events: implement PERF_SAMPLE_BRANCH for Intel X86 Stephane Eranian
2011-10-06 17:54 ` Peter Zijlstra
2011-10-06 18:05 ` Peter Zijlstra
2011-10-06 14:49 ` [PATCH 07/12] perf_events: add LBR software filter support " Stephane Eranian
2011-10-06 15:32 ` Andi Kleen
2011-10-06 16:43 ` Peter Zijlstra
2011-10-06 17:14 ` Andi Kleen
2011-10-10 6:08 ` Ingo Molnar
2011-10-10 9:39 ` Peter Zijlstra
2011-10-07 7:06 ` Masami Hiramatsu
2011-10-07 10:38 ` Stephane Eranian
2011-10-07 10:40 ` Stephane Eranian [this message]
2011-10-07 10:42 ` Peter Zijlstra
2011-10-07 10:49 ` Stephane Eranian
2011-10-07 11:18 ` Peter Zijlstra
2011-10-07 11:21 ` Peter Zijlstra
2011-10-07 11:54 ` Masami Hiramatsu
2011-10-07 13:31 ` [PATCH] x86: Fix insn decoder for longer instruction Masami Hiramatsu
2011-10-10 7:04 ` Ingo Molnar
2011-10-10 6:09 ` [PATCH 07/12] perf_events: add LBR software filter support for Intel X86 Ingo Molnar
2011-10-10 14:05 ` Masami Hiramatsu
2011-10-10 14:45 ` Andi Kleen
2011-10-11 12:59 ` Masami Hiramatsu
2011-10-12 7:06 ` Ingo Molnar
2011-10-13 10:54 ` Masami Hiramatsu
2011-10-13 11:01 ` [RFC PATCH] x86: Add a sanity test of x86 decoder Masami Hiramatsu
2011-10-18 6:54 ` Ingo Molnar
2011-10-19 4:29 ` Masami Hiramatsu
2011-10-19 6:44 ` Ingo Molnar
2011-10-20 14:01 ` [RFC PATCH v2 1/2] " Masami Hiramatsu
2011-11-18 23:16 ` [tip:perf/core] x86, perf: Add a build-time sanity test to the " tip-bot for Masami Hiramatsu
2011-10-20 14:01 ` [RFC PATCH v2 2/2] [RESEND] x86: Fix insn decoder for longer instruction Masami Hiramatsu
2011-10-07 15:42 ` [PATCH 07/12] perf_events: add LBR software filter support for Intel X86 Andi Kleen
2011-10-07 11:25 ` Masami Hiramatsu
2011-10-07 11:40 ` Peter Zijlstra
2011-10-07 15:44 ` Andi Kleen
2011-10-07 15:09 ` Andi Kleen
2011-10-07 16:05 ` Peter Zijlstra
2011-10-06 14:49 ` [PATCH 08/12] perf_events: disable PERF_SAMPLE_BRANCH_* when not supported Stephane Eranian
2011-10-06 18:53 ` Peter Zijlstra
2011-10-06 14:49 ` [PATCH 09/12] perf_events: add hook to flush branch_stack on context switch Stephane Eranian
2011-10-06 14:49 ` [PATCH 10/12] perf: add code to support PERF_SAMPLE_BRANCH_STACK Stephane Eranian
2011-10-06 18:50 ` Peter Zijlstra
2011-10-07 10:25 ` Stephane Eranian
2011-10-07 10:27 ` Peter Zijlstra
2011-10-06 14:49 ` [PATCH 11/12] perf: add support for sampling taken branch to perf record Stephane Eranian
2011-10-06 14:49 ` [PATCH 12/12] perf: add support for taken branch sampling to perf report Stephane Eranian
2011-10-06 15:25 ` [PATCH 00/12] perf_events: add support for sampling taken branches Andi Kleen
2011-10-07 10:23 ` Stephane Eranian
2011-10-06 18:32 ` Peter Zijlstra
2011-10-06 21:41 ` Stephane Eranian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABPqkBReqBhFFKsLPfbzFHL7hs2hXSJ8tTZuP9D-2N2MGiB9Mw@mail.gmail.com \
--to=eranian@google.com \
--cc=acme@redhat.com \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.m.lin@intel.com \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=ravitillo@lbl.gov \
--cc=robert.richter@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).