lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 24 Oct 2017 05:48:14 -0700
From:   tip-bot for Alexander Shishkin <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     hpa@...or.com, torvalds@...ux-foundation.org, peterz@...radead.org,
        tglx@...utronix.de, alexander.shishkin@...ux.intel.com,
        mingo@...nel.org, linux-kernel@...r.kernel.org,
        a.p.zijlstra@...llo.nl
Subject: [tip:perf/urgent] perf/x86/intel/bts: Fix exclusive event reference
 leak

Commit-ID:  2eece390bf68ec8f733d7e4a3ba8a5ea350082ae
Gitweb:     https://git.kernel.org/tip/2eece390bf68ec8f733d7e4a3ba8a5ea350082ae
Author:     Alexander Shishkin <alexander.shishkin@...ux.intel.com>
AuthorDate: Mon, 23 Oct 2017 15:35:33 +0300
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Tue, 24 Oct 2017 13:19:27 +0200

perf/x86/intel/bts: Fix exclusive event reference leak

Commit:

  d2878d642a4ed ("perf/x86/intel/bts: Disallow use by unprivileged users on paranoid systems")

... adds a privilege check in the exactly wrong place in the event init path:
after the 'LBR exclusive' reference has been taken, and doesn't release it
in the case of insufficient privileges. After this, nobody in the system
gets to use PT or LBR afterwards.

This patch moves the privilege check to where it should have been in the
first place.

Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Fixes: d2878d642a4ed ("perf/x86/intel/bts: Disallow use by unprivileged users on paranoid systems")
Link: http://lkml.kernel.org/r/20171023123533.16973-1-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 arch/x86/events/intel/bts.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/events/intel/bts.c b/arch/x86/events/intel/bts.c
index 16076eb..141e07b 100644
--- a/arch/x86/events/intel/bts.c
+++ b/arch/x86/events/intel/bts.c
@@ -546,9 +546,6 @@ static int bts_event_init(struct perf_event *event)
 	if (event->attr.type != bts_pmu.type)
 		return -ENOENT;
 
-	if (x86_add_exclusive(x86_lbr_exclusive_bts))
-		return -EBUSY;
-
 	/*
 	 * BTS leaks kernel addresses even when CPL0 tracing is
 	 * disabled, so disallow intel_bts driver for unprivileged
@@ -562,6 +559,9 @@ static int bts_event_init(struct perf_event *event)
 	    !capable(CAP_SYS_ADMIN))
 		return -EACCES;
 
+	if (x86_add_exclusive(x86_lbr_exclusive_bts))
+		return -EBUSY;
+
 	ret = x86_reserve_hardware();
 	if (ret) {
 		x86_del_exclusive(x86_lbr_exclusive_bts);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ