On Tue, 27 Jul 2010 22:40:19 +1000
Paul Mackerras <pau...@samba.org> wrote:
> Please do a pull from
>
> git://git.kernel.org/pub/scm/linux/kernel/git/paulus/perf.git urgent
>
> to get one commit that fixes a problem where, on some Freescale
> embedded PowerPC machines, unprivileged userspace could oops the
> kernel using the perf_event subsystem. I know it's late, but it is a
> potential security hole (but only on Freescale embedded systems), the
> fix is small (3 lines) and only affects Freescale embedded processors,
> and I was on vacation for the past two weeks. :)
[snip]
> diff --git a/arch/powerpc/kernel/perf_event_fsl_emb.c
> b/arch/powerpc/kernel/perf_event_fsl_emb.c
> index 369872f..babccee 100644
> --- a/arch/powerpc/kernel/perf_event_fsl_emb.c
> +++ b/arch/powerpc/kernel/perf_event_fsl_emb.c
> @@ -566,9 +566,9 @@ static void record_and_restart(struct perf_event *event,
> unsigned long val,
> * Finally record data if requested.
> */
> if (record) {
> - struct perf_sample_data data = {
> - .period = event->hw.last_period,
> - };
> + struct perf_sample_data data;
> +
> + perf_sample_data_init(&data, 0);
>
> if (perf_event_overflow(event, nmi, &data, regs)) {
> /*
Doesn't the setting of .period need to be maintained (it is in the other
powerpc perf_event implementation that this is derived from)?
I don't see how this is a security fix -- the existing initializer above
should zero-fill the fields that are not explicitly initialized. In fact,
it's taking other fields that were previously initialized to zero and is
making them uninitialized, since perf_sample_data_init only sets addr and
raw.
CCing linuxppc-dev on the original patch would have been nice...
-Scott
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
