[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130604155316.GE19097@suse.de>
Date: Tue, 4 Jun 2013 17:53:16 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: a.p.zijlstra@...llo.nl, eranian@...gle.com, ak@...ux.intel.com,
security@...nel.org
Subject: CVE Request: More perf security fixes
Hi,
The perf kernel folks seem to have fixed some more perf issues which have not yet got CVEs.
Our partner Intel thinks that these 3 are security relevant, so we think
they also need seperate CVEs.
I only glanced what the issue is, please correct if my classification is wrong..
1. Info leak (?) via PERF_SAMPLE_BRANCH_KERNEL
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7cc23cd6c0c7d7f4bee057607e7ce01568925717
commit 7cc23cd6c0c7d7f4bee057607e7ce01568925717
Author: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Date: Fri May 3 14:11:25 2013 +0200
perf/x86/intel/lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL
We should always have proper privileges when requesting kernel
data.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: <stable@...nel.org>
Cc: Andi Kleen <ak@...ux.intel.com>
Cc: eranian@...gle.com
Link: http://lkml.kernel.org/r/20130503121256.230745028@chello.nl
[ Fix build error reported by fengguang.wu@...el.com, propagate error code back. ]
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Link: http://lkml.kernel.org/n/tip-v0x9ky3ahzr6nm3c6ilwrili@git.kernel.org
2. Denial of service (system crash)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1923820c447e986a9da0fc6bf60c1dccdf0408e
commit f1923820c447e986a9da0fc6bf60c1dccdf0408e
Author: Stephane Eranian <eranian@...gle.com>
Date: Tue Apr 16 13:51:43 2013 +0200
perf/x86: Fix offcore_rsp valid mask for SNB/IVB
The valid mask for both offcore_response_0 and
offcore_response_1 was wrong for SNB/SNB-EP,
IVB/IVB-EP. It was possible to write to
reserved bit and cause a GP fault crashing
the kernel.
This patch fixes the problem by correctly marking the
reserved bits in the valid mask for all the processors
mentioned above.
A distinction between desktop and server parts is introduced
because bits 24-30 are only available on the server parts.
This version of the patch is just a rebase to perf/urgent tree
and should apply to older kernels as well.
Signed-off-by: Stephane Eranian <eranian@...gle.com>
Cc: peterz@...radead.org
Cc: jolsa@...hat.com
Cc: gregkh@...uxfoundation.org
Cc: security@...nel.org
Cc: ak@...ux.intel.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
3. Information leak (??) via perf LBR filter
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e15eb3ba6c0249c9e8c783517d131b47db995ca
commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca
Author: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Date: Fri May 3 14:11:24 2013 +0200
perf/x86/intel/lbr: Fix LBR filter
The LBR 'from' adddress is under full userspace control; ensure
we validate it before reading from it.
Note: is_module_text_address() can potentially be quite
expensive; for those running into that with high overhead
in modules optimize it using an RCU backed rb-tree.
Reported-by: Andi Kleen <ak@...ux.intel.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: <stable@...nel.org>
Cc: eranian@...gle.com
Link: http://lkml.kernel.org/r/20130503121256.158211806@chello.nl
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Link: http://lkml.kernel.org/n/tip-mk8i82ffzax01cnqo829iy1q@git.kernel.org
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
