From patchwork Tue Jul 27 12:40:19 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Mackerras X-Patchwork-Id: 60000 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from bilbo.ozlabs.org (localhost [127.0.0.1]) by ozlabs.org (Postfix) with ESMTP id 9D1611009C2 for ; Tue, 27 Jul 2010 22:40:36 +1000 (EST) Received: by ozlabs.org (Postfix) id 97EA3B70A6; Tue, 27 Jul 2010 22:40:28 +1000 (EST) Delivered-To: linuxppc-dev@ozlabs.org Received: by ozlabs.org (Postfix, from userid 1003) id 90984B70A7; Tue, 27 Jul 2010 22:40:28 +1000 (EST) Date: Tue, 27 Jul 2010 22:40:19 +1000 From: Paul Mackerras To: Linus Torvalds Subject: Please pull my perf.git urgent branch Message-ID: <20100727124019.GB14947@brick.ozlabs.ibm.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Peter Zijlstra , Kumar Gala , linux-kernel@vger.kernel.org, linuxppc-dev@ozlabs.org, Ingo Molnar X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Linus, Please do a pull from git://git.kernel.org/pub/scm/linux/kernel/git/paulus/perf.git urgent to get one commit that fixes a problem where, on some Freescale embedded PowerPC machines, unprivileged userspace could oops the kernel using the perf_event subsystem. I know it's late, but it is a potential security hole (but only on Freescale embedded systems), the fix is small (3 lines) and only affects Freescale embedded processors, and I was on vacation for the past two weeks. :) Thanks, Paul. Peter Zijlstra (1): perf, powerpc: Use perf_sample_data_init() for the FSL code arch/powerpc/kernel/perf_event_fsl_emb.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) commit 6b95ed345b9faa4ab3598a82991968f2e9f851bb Author: Peter Zijlstra Date: Fri Jul 9 10:21:21 2010 +0200 perf, powerpc: Use perf_sample_data_init() for the FSL code We should use perf_sample_data_init() to initialize struct perf_sample_data. As explained in the description of commit dc1d628a ("perf: Provide generic perf_sample_data initialization"), it is possible for userspace to get the kernel to dereference data.raw, so if it is not initialized, that means that unprivileged userspace can possibly oops the kernel. Using perf_sample_data_init makes sure it gets initialized to NULL. This conversion should have been included in commit dc1d628a, but it got missed. Signed-off-by: Peter Zijlstra Acked-by: Kumar Gala Signed-off-by: Paul Mackerras diff --git a/arch/powerpc/kernel/perf_event_fsl_emb.c b/arch/powerpc/kernel/perf_event_fsl_emb.c index 369872f..babccee 100644 --- a/arch/powerpc/kernel/perf_event_fsl_emb.c +++ b/arch/powerpc/kernel/perf_event_fsl_emb.c @@ -566,9 +566,9 @@ static void record_and_restart(struct perf_event *event, unsigned long val, * Finally record data if requested. */ if (record) { - struct perf_sample_data data = { - .period = event->hw.last_period, - }; + struct perf_sample_data data; + + perf_sample_data_init(&data, 0); if (perf_event_overflow(event, nmi, &data, regs)) { /*