korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-23 14:24:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
32c5209214
linux/arch/powerpc
History
Nicholas Piggin 32c5209214 powerpc/perf: callchain validate kernel stack pointer bounds 
The interrupt frame detection and loads from the hypothetical pt_regs
are not bounds-checked. The next-frame validation only bounds-checks
STACK_FRAME_OVERHEAD, which does not include the pt_regs. Add another
test for this.

The user could set r1 to be equal to the address matching the first
interrupt frame - STACK_INT_FRAME_SIZE, which is in the previous page
due to the kernel redzone, and induce the kernel to load the marker from
there. Possibly this could cause a crash at least. If the user could
induce the previous page to contain a valid marker, then it might be
able to direct perf to read specific memory addresses in a way that
could be transmitted back to the user in the perf data.

Fixes: 20002ded4d ("perf_counter: powerpc: Add callchain support")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221127124942.1665522-4-npiggin@gmail.com
2022-12-02 17:54:07 +11:00
..
boot powerpc: dts: turris1x.dts: Add channel labels for temperature sensor 2022-11-30 21:46:48 +11:00
configs - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
crypto treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
include powerpc/64: Remove asm interrupt tracing call helpers 2022-12-02 17:54:07 +11:00
kernel powerpc/64: Add module check for ELF ABI version 2022-12-02 17:54:07 +11:00
kexec powerpc/64/kdump: Limit kdump base to 512MB 2022-09-28 19:22:09 +10:00
kvm Merge branch 'fixes' into next 2022-11-30 21:46:06 +11:00
lib powerpc/code-patching: Consolidate and cache per-cpu patching context 2022-12-02 17:54:06 +11:00
math-emu powerpc/math-emu: Inhibit W=1 warnings 2022-09-08 11:11:18 +10:00
mm powerpc/tlb: Add local flush for page given mm_struct and psize 2022-11-30 21:46:49 +11:00
net powerpc/bpf/32: Fix Oops on tail call tests 2022-11-24 23:05:10 +11:00
perf powerpc/perf: callchain validate kernel stack pointer bounds 2022-12-02 17:54:07 +11:00
platforms powerpc/64: Option to build big-endian with ELFv2 ABI 2022-12-02 17:54:07 +11:00
purgatory powerpc/purgatory: Omit use of bin2c 2022-07-27 21:36:03 +10:00
sysdev powerpc/fsl-pci: Choose PCI host bridge with alias pci0 as the primary 2022-11-30 21:46:48 +11:00
tools powerpc/64: Add UADDR64 relocation support 2022-03-09 21:47:53 +11:00
xmon powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds 2022-11-24 23:31:47 +11:00
Kbuild kbuild: use more subdir- for visiting subdirectories while cleaning 2021-10-24 13:49:46 +09:00
Kconfig powerpc/64: Option to build big-endian with ELFv2 ABI 2022-12-02 17:54:07 +11:00
Kconfig.debug powerpc: Add support for early debugging via Serial 16550 console 2022-09-28 19:22:09 +10:00
Makefile Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Makefile.postlink