oss-sec mailing list archives
CVE Request: More perf security fixes
From: Marcus Meissner <meissner () suse de>
Date: Tue, 4 Jun 2013 17:53:16 +0200
Hi, The perf kernel folks seem to have fixed some more perf issues which have not yet got CVEs. Our partner Intel thinks that these 3 are security relevant, so we think they also need seperate CVEs. I only glanced what the issue is, please correct if my classification is wrong.. 1. Info leak (?) via PERF_SAMPLE_BRANCH_KERNEL https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7cc23cd6c0c7d7f4bee057607e7ce01568925717 commit 7cc23cd6c0c7d7f4bee057607e7ce01568925717 Author: Peter Zijlstra <a.p.zijlstra () chello nl> Date: Fri May 3 14:11:25 2013 +0200 perf/x86/intel/lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL We should always have proper privileges when requesting kernel data. Signed-off-by: Peter Zijlstra <a.p.zijlstra () chello nl> Cc: <stable () kernel org> Cc: Andi Kleen <ak () linux intel com> Cc: eranian () google com Link: http://lkml.kernel.org/r/20130503121256.230745028 () chello nl [ Fix build error reported by fengguang.wu () intel com, propagate error code back. ] Signed-off-by: Ingo Molnar <mingo () kernel org> Link: http://lkml.kernel.org/n/tip-v0x9ky3ahzr6nm3c6ilwrili () git kernel org 2. Denial of service (system crash) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1923820c447e986a9da0fc6bf60c1dccdf0408e commit f1923820c447e986a9da0fc6bf60c1dccdf0408e Author: Stephane Eranian <eranian () google com> Date: Tue Apr 16 13:51:43 2013 +0200 perf/x86: Fix offcore_rsp valid mask for SNB/IVB The valid mask for both offcore_response_0 and offcore_response_1 was wrong for SNB/SNB-EP, IVB/IVB-EP. It was possible to write to reserved bit and cause a GP fault crashing the kernel. This patch fixes the problem by correctly marking the reserved bits in the valid mask for all the processors mentioned above. A distinction between desktop and server parts is introduced because bits 24-30 are only available on the server parts. This version of the patch is just a rebase to perf/urgent tree and should apply to older kernels as well. Signed-off-by: Stephane Eranian <eranian () google com> Cc: peterz () infradead org Cc: jolsa () redhat com Cc: gregkh () linuxfoundation org Cc: security () kernel org Cc: ak () linux intel com Signed-off-by: Ingo Molnar <mingo () kernel org> 3. Information leak (??) via perf LBR filter https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e15eb3ba6c0249c9e8c783517d131b47db995ca commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca Author: Peter Zijlstra <a.p.zijlstra () chello nl> Date: Fri May 3 14:11:24 2013 +0200 perf/x86/intel/lbr: Fix LBR filter The LBR 'from' adddress is under full userspace control; ensure we validate it before reading from it. Note: is_module_text_address() can potentially be quite expensive; for those running into that with high overhead in modules optimize it using an RCU backed rb-tree. Reported-by: Andi Kleen <ak () linux intel com> Signed-off-by: Peter Zijlstra <a.p.zijlstra () chello nl> Cc: <stable () kernel org> Cc: eranian () google com Link: http://lkml.kernel.org/r/20130503121256.158211806 () chello nl Signed-off-by: Ingo Molnar <mingo () kernel org> Link: http://lkml.kernel.org/n/tip-mk8i82ffzax01cnqo829iy1q () git kernel org
Current thread:
- CVE Request: More perf security fixes Marcus Meissner (Jun 04)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)