www.infradead.org Git - users/dwmw2/linux.git/commit

author	Namhyung Kim <namhyung@kernel.org>
	Sat, 22 Mar 2025 07:13:01 +0000 (08:13 +0100)
committer	Ingo Molnar <mingo@kernel.org>
	Sat, 22 Mar 2025 07:18:24 +0000 (08:18 +0100)
commit	50a53b60e141d7e31368a87e222e4dd5597bd4ae
tree	983d1679ce2ec928492138a15ba77f6ab6579cce	tree
parent	5c7474b5449ccda2f0139e87425845baa2dae15a	commit \| diff

perf/amd/ibs: Prevent leaking sensitive data to userspace

Although IBS "swfilt" can prevent leaking samples with kernel RIP to the
userspace, there are few subtle cases where a 'data' address and/or a
'branch target' address can fall under kernel address range although RIP
is from userspace. Prevent leaking kernel 'data' addresses by discarding
such samples when {exclude_kernel=1,swfilt=1}.

IBS can now be invoked by unprivileged user with the introduction of
"swfilt". However, this creates a loophole in the interface where an
unprivileged user can get physical address of the userspace virtual
addresses through IBS register raw dump (PERF_SAMPLE_RAW). Prevent this
as well.

This upstream commit fixed the most obvious leak:

65a99264f5e5 perf/x86: Check data address for IBS software filter

Follow that up with a more complete fix.

Fixes: d29e744c7167 ("perf/x86: Relax privilege filter restriction on AMD IBS")
Suggested-by: Matteo Rizzo <matteorizzo@google.com>
Co-developed-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20250321161251.1033-1-ravi.bangoria@amd.com