perf/amd/ibs: Prevent leaking sensitive data to userspace (50a53b60) · Commits · CodeLinaro / aic / kernel

Commit 50a53b60 authored 3 weeks ago by Namhyung Kim Committed by Ingo Molnar 3 weeks ago

perf/amd/ibs: Prevent leaking sensitive data to userspace


Although IBS "swfilt" can prevent leaking samples with kernel RIP to the
userspace, there are few subtle cases where a 'data' address and/or a
'branch target' address can fall under kernel address range although RIP
is from userspace. Prevent leaking kernel 'data' addresses by discarding
such samples when {exclude_kernel=1,swfilt=1}.

IBS can now be invoked by unprivileged user with the introduction of
"swfilt". However, this creates a loophole in the interface where an
unprivileged user can get physical address of the userspace virtual
addresses through IBS register raw dump (PERF_SAMPLE_RAW). Prevent this
as well.

This upstream commit fixed the most obvious leak:

  65a99264 perf/x86: Check data address for IBS software filter

Follow that up with a more complete fix.

Fixes: d29e744c ("perf/x86: Relax privilege filter restriction on AMD IBS")
Suggested-by: Matteo Rizzo <matteorizzo@google.com>
Co-developed-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20250321161251.1033-1-ravi.bangoria@amd.com

parent 5c7474b5

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 78 additions and 6 deletions

Please register or to comment