From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 918FF35AC18; Wed, 20 May 2026 17:18:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297503; cv=none; b=Dq5e4ljW0nLegEnWrACk8IMU6/yaMLnRWppSBBqru/p2QiflV2BqKxWDUi7Yw/HVKLBfF0IROCLBaSBMRgLJGKrmWXl4Yiowd+vdKJkXAV8XpwLz2MvxGDgmqo/Mpm/4kbmQq3GST8UikDXgsNRl3T4+JVMIoZbDsKJEWpDVy8w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779297503; c=relaxed/simple; bh=4KsXxs/yKRT3SljL7U1lqZLpBeScWb6VOSLzptDsHuQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PxBp02YELFoMiPIBdXv4UX8SOMV8GB5ambUBQr5ATTOZnLT8/LUKSfndpZPK8KZXhOhRNsNshpSBIcaHHrdDtSz5Fb1HAB07C5CYb9EPsWDpxGj+5thsBAj/WBeiaeklhMD2RGm+S4G+ug47MftjJz9CNr+6N6iTFg9LHljUGVw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=akgkpEbD; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="akgkpEbD" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 01C831F00893; Wed, 20 May 2026 17:18:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=korg; t=1779297502; bh=QESP774M9ET3FZIAsdR8gacV4XrZUm5wzMJofw4Oik0=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=akgkpEbDaY4HnFnbKYNxDMx6MtK8/jej8DcOV2rrVmCGYsiOzGg6URygxt7ofjjLZ pGiio9nQveG3jaYvlTGx5xoHyk44+aSWRgwsvWF86b+wF0fmvE2bUh4VL/0/CgkjzL ez/WMrK55uBwlVK7Mk1umr3AlvehOvU4Gu1ZXVig= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Sadasivan Shaiju , Ravi Bangoria , "Peter Zijlstra (Intel)" , Namhyung Kim , Sasha Levin Subject: [PATCH 6.18 039/957] perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler Date: Wed, 20 May 2026 18:08:42 +0200 Message-ID: <20260520162135.407340640@linuxfoundation.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260520162134.554764788@linuxfoundation.org> References: <20260520162134.554764788@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ravi Bangoria [ Upstream commit b0a09142622a994c4f4088c3f61db5da87cfc711 ] Calling perf_allow_kernel() from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event->hw.flags, and have the NMI handler rely on that cached flag instead of making the call directly. Fixes: 50a53b60e141d ("perf/amd/ibs: Prevent leaking sensitive data to userspace") Reported-by: Sadasivan Shaiju Signed-off-by: Ravi Bangoria Signed-off-by: Peter Zijlstra (Intel) Acked-by: Namhyung Kim Link: https://patch.msgid.link/20260216042216.1440-5-ravi.bangoria@amd.com Signed-off-by: Sasha Levin --- arch/x86/events/amd/ibs.c | 5 ++++- arch/x86/events/perf_event_flags.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c index 10af127f779fe..56918cd91115c 100644 --- a/arch/x86/events/amd/ibs.c +++ b/arch/x86/events/amd/ibs.c @@ -313,6 +313,9 @@ static int perf_ibs_init(struct perf_event *event) if (ret) return ret; + if (perf_allow_kernel()) + hwc->flags |= PERF_X86_EVENT_UNPRIVILEGED; + if (hwc->sample_period) { if (config & perf_ibs->cnt_mask) /* raw max_cnt may not be set */ @@ -1342,7 +1345,7 @@ static int perf_ibs_handle_irq(struct perf_ibs *perf_ibs, struct pt_regs *iregs) * unprivileged users. */ if ((event->attr.sample_type & PERF_SAMPLE_RAW) && - perf_allow_kernel()) { + (hwc->flags & PERF_X86_EVENT_UNPRIVILEGED)) { perf_ibs_phyaddr_clear(perf_ibs, &ibs_data); } diff --git a/arch/x86/events/perf_event_flags.h b/arch/x86/events/perf_event_flags.h index 70078334e4a33..47f84ee8f5409 100644 --- a/arch/x86/events/perf_event_flags.h +++ b/arch/x86/events/perf_event_flags.h @@ -23,3 +23,4 @@ PERF_ARCH(PEBS_LAT_HYBRID, 0x0020000) /* ld and st lat for hybrid */ PERF_ARCH(NEEDS_BRANCH_STACK, 0x0040000) /* require branch stack setup */ PERF_ARCH(BRANCH_COUNTERS, 0x0080000) /* logs the counters in the extra space of each branch */ PERF_ARCH(ACR, 0x0100000) /* Auto counter reload */ +PERF_ARCH(UNPRIVILEGED, 0x0200000) /* Unprivileged event (wrt perf_allow_kernel()) */ -- 2.53.0