powerpc/perf: Prevent kernel address leak via perf_get_data_addr()

Sampled Data Address Register (SDAR) is a 64-bit register that
contains the effective address of the storage operand of an
instruction that was being executed, possibly out-of-order, at or
around the time that the Performance Monitor alert occurred.

In certain scenario SDAR happen to contain the kernel address even for
userspace only sampling. Add checks to prevent it.

Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
index 1e55ae2..a00b364 100644 (file)
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -198,6 +198,10 @@ static inline void perf_get_data_addr(struct pt_regs *regs, u64 *addrp)
 
        if (!(mmcra & MMCRA_SAMPLE_ENABLE) || sdar_valid)
                *addrp = mfspr(SPRN_SDAR);
+
+       if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN) &&
+               is_kernel_addr(mfspr(SPRN_SDAR)))
+               *addrp = 0;
 }
 
 static bool regs_sihv(struct pt_regs *regs)