Date: Tue, 4 Jun 2013 17:53:16 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Cc: a.p.zijlstra@...llo.nl, eranian@...gle.com, ak@...ux.intel.com, security@...nel.org Subject: CVE Request: More perf security fixes Hi, The perf kernel folks seem to have fixed some more perf issues which have not yet got CVEs. Our partner Intel thinks that these 3 are security relevant, so we think they also need seperate CVEs. I only glanced what the issue is, please correct if my classification is wrong.. 1. Info leak (?) via PERF_SAMPLE_BRANCH_KERNEL https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7cc23cd6c0c7d7f4bee057607e7ce01568925717 commit 7cc23cd6c0c7d7f4bee057607e7ce01568925717 Author: Peter Zijlstra <a.p.zijlstra@...llo.nl> Date: Fri May 3 14:11:25 2013 +0200 perf/x86/intel/lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL We should always have proper privileges when requesting kernel data. Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl> Cc: <stable@...nel.org> Cc: Andi Kleen <ak@...ux.intel.com> Cc: eranian@...gle.com Link: http://email@example.com [ Fix build error reported by fengguang.wu@...el.com, propagate error code back. ] Signed-off-by: Ingo Molnar <mingo@...nel.org> Link: http://firstname.lastname@example.org 2. Denial of service (system crash) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1923820c447e986a9da0fc6bf60c1dccdf0408e commit f1923820c447e986a9da0fc6bf60c1dccdf0408e Author: Stephane Eranian <eranian@...gle.com> Date: Tue Apr 16 13:51:43 2013 +0200 perf/x86: Fix offcore_rsp valid mask for SNB/IVB The valid mask for both offcore_response_0 and offcore_response_1 was wrong for SNB/SNB-EP, IVB/IVB-EP. It was possible to write to reserved bit and cause a GP fault crashing the kernel. This patch fixes the problem by correctly marking the reserved bits in the valid mask for all the processors mentioned above. A distinction between desktop and server parts is introduced because bits 24-30 are only available on the server parts. This version of the patch is just a rebase to perf/urgent tree and should apply to older kernels as well. Signed-off-by: Stephane Eranian <eranian@...gle.com> Cc: peterz@...radead.org Cc: jolsa@...hat.com Cc: gregkh@...uxfoundation.org Cc: security@...nel.org Cc: ak@...ux.intel.com Signed-off-by: Ingo Molnar <mingo@...nel.org> 3. Information leak (??) via perf LBR filter https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e15eb3ba6c0249c9e8c783517d131b47db995ca commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca Author: Peter Zijlstra <a.p.zijlstra@...llo.nl> Date: Fri May 3 14:11:24 2013 +0200 perf/x86/intel/lbr: Fix LBR filter The LBR 'from' adddress is under full userspace control; ensure we validate it before reading from it. Note: is_module_text_address() can potentially be quite expensive; for those running into that with high overhead in modules optimize it using an RCU backed rb-tree. Reported-by: Andi Kleen <ak@...ux.intel.com> Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl> Cc: <stable@...nel.org> Cc: eranian@...gle.com Link: http://email@example.com Signed-off-by: Ingo Molnar <mingo@...nel.org> Link: http://firstname.lastname@example.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.