[pve-kernel.git] / patches / kernel / 0123-perf-x86-Enable-free-running-PEBS-for-REGS_USER-INTR.patch

From 6e502c25e8279d5c02db5b59e081a5415e1734fe Mon Sep 17 00:00:00 2001
From: Andi Kleen <ak@linux.intel.com>
Date: Thu, 31 Aug 2017 14:46:30 -0700
Subject: [PATCH 123/241] perf/x86: Enable free running PEBS for REGS_USER/INTR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

[ Note, this is a Git cherry-pick of the following commit:

    a47ba4d77e12 ("perf/x86: Enable free running PEBS for REGS_USER/INTR")

  ... for easier x86 PTI code testing and back-porting. ]

Currently free running PEBS is disabled when user or interrupt
registers are requested. Most of the registers are actually
available in the PEBS record and can be supported.

So we just need to check for the supported registers and then
allow it: it is all except for the segment register.

For user registers this only works when the counter is limited
to ring 3 only, so this also needs to be checked.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20170831214630.21892-1-andi@firstfloor.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(backported from commit 2fe1bc1f501d55e5925b4035bcd85781adc76c63)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 06c6715f5b78b9976e72467b6bba510e243e5aad)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/events/perf_event.h | 24 +++++++++++++++++++++++-
 arch/x86/events/intel/core.c |  4 ++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
index 0f7dad8bd358..590eaf7c2c3e 100644
--- a/arch/x86/events/perf_event.h
+++ b/arch/x86/events/perf_event.h
@@ -85,13 +85,15 @@ struct amd_nb {
  * Flags PEBS can handle without an PMI.
  *
  * TID can only be handled by flushing at context switch.
+ * REGS_USER can be handled for events limited to ring 3.
  *
  */
 #define PEBS_FREERUNNING_FLAGS \
 	(PERF_SAMPLE_IP | PERF_SAMPLE_TID | PERF_SAMPLE_ADDR | \
 	PERF_SAMPLE_ID | PERF_SAMPLE_CPU | PERF_SAMPLE_STREAM_ID | \
 	PERF_SAMPLE_DATA_SRC | PERF_SAMPLE_IDENTIFIER | \
-	PERF_SAMPLE_TRANSACTION)
+	PERF_SAMPLE_TRANSACTION | \
+	PERF_SAMPLE_REGS_INTR | PERF_SAMPLE_REGS_USER)
 
 /*
  * A debug store configuration.
@@ -110,6 +112,26 @@ struct debug_store {
 	u64	pebs_event_reset[MAX_PEBS_EVENTS];
 };
 
+#define PEBS_REGS \
+	(PERF_REG_X86_AX | \
+	 PERF_REG_X86_BX | \
+	 PERF_REG_X86_CX | \
+	 PERF_REG_X86_DX | \
+	 PERF_REG_X86_DI | \
+	 PERF_REG_X86_SI | \
+	 PERF_REG_X86_SP | \
+	 PERF_REG_X86_BP | \
+	 PERF_REG_X86_IP | \
+	 PERF_REG_X86_FLAGS | \
+	 PERF_REG_X86_R8 | \
+	 PERF_REG_X86_R9 | \
+	 PERF_REG_X86_R10 | \
+	 PERF_REG_X86_R11 | \
+	 PERF_REG_X86_R12 | \
+	 PERF_REG_X86_R13 | \
+	 PERF_REG_X86_R14 | \
+	 PERF_REG_X86_R15)
+
 /*
  * Per register state.
  */
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 6f342001ec6a..7f3afbf928bb 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -2958,6 +2958,10 @@ static unsigned long intel_pmu_free_running_flags(struct perf_event *event)
 
 	if (event->attr.use_clockid)
 		flags &= ~PERF_SAMPLE_TIME;
+	if (!event->attr.exclude_kernel)
+		flags &= ~PERF_SAMPLE_REGS_USER;
+	if (event->attr.sample_regs_user & ~PEBS_REGS)
+		flags &= ~(PERF_SAMPLE_REGS_USER | PERF_SAMPLE_REGS_INTR);
 	return flags;
 }
 
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From 6e502c25e8279d5c02db5b59e081a5415e1734fe Mon Sep 17 00:00:00 2001
	2	From: Andi Kleen <ak@linux.intel.com>
	3	Date: Thu, 31 Aug 2017 14:46:30 -0700
e4cdf2a5	4	Subject: [PATCH 123/241] perf/x86: Enable free running PEBS for REGS_USER/INTR
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	[ Note, this is a Git cherry-pick of the following commit:
	12
	13	a47ba4d77e12 ("perf/x86: Enable free running PEBS for REGS_USER/INTR")
	14
	15	... for easier x86 PTI code testing and back-porting. ]
	16
	17	Currently free running PEBS is disabled when user or interrupt
	18	registers are requested. Most of the registers are actually
	19	available in the PEBS record and can be supported.
	20
	21	So we just need to check for the supported registers and then
	22	allow it: it is all except for the segment register.
	23
	24	For user registers this only works when the counter is limited
	25	to ring 3 only, so this also needs to be checked.
	26
	27	Signed-off-by: Andi Kleen <ak@linux.intel.com>
	28	Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
	29	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	30	Cc: Peter Zijlstra <peterz@infradead.org>
	31	Cc: Thomas Gleixner <tglx@linutronix.de>
	32	Link: http://lkml.kernel.org/r/20170831214630.21892-1-andi@firstfloor.org
	33	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	34	(backported from commit 2fe1bc1f501d55e5925b4035bcd85781adc76c63)
	35	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	36	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	37	(cherry picked from commit 06c6715f5b78b9976e72467b6bba510e243e5aad)
	38	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	39	---
	40	arch/x86/events/perf_event.h \| 24 +++++++++++++++++++++++-
	41	arch/x86/events/intel/core.c \| 4 ++++
	42	2 files changed, 27 insertions(+), 1 deletion(-)
	43
	44	diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
	45	index 0f7dad8bd358..590eaf7c2c3e 100644
	46	--- a/arch/x86/events/perf_event.h
	47	+++ b/arch/x86/events/perf_event.h
	48	@@ -85,13 +85,15 @@ struct amd_nb {
	49	* Flags PEBS can handle without an PMI.
	50	*
	51	* TID can only be handled by flushing at context switch.
	52	+ * REGS_USER can be handled for events limited to ring 3.
	53	*
	54	*/
	55	#define PEBS_FREERUNNING_FLAGS \
	56	(PERF_SAMPLE_IP \| PERF_SAMPLE_TID \| PERF_SAMPLE_ADDR \| \
	57	PERF_SAMPLE_ID \| PERF_SAMPLE_CPU \| PERF_SAMPLE_STREAM_ID \| \
	58	PERF_SAMPLE_DATA_SRC \| PERF_SAMPLE_IDENTIFIER \| \
	59	- PERF_SAMPLE_TRANSACTION)
	60	+ PERF_SAMPLE_TRANSACTION \| \
	61	+ PERF_SAMPLE_REGS_INTR \| PERF_SAMPLE_REGS_USER)
	62
	63	/*
	64	* A debug store configuration.
	65	@@ -110,6 +112,26 @@ struct debug_store {
	66	u64 pebs_event_reset[MAX_PEBS_EVENTS];
	67	};
	68
69	+#define PEBS_REGS \
70	+ (PERF_REG_X86_AX \| \
71	+ PERF_REG_X86_BX \| \
72	+ PERF_REG_X86_CX \| \
73	+ PERF_REG_X86_DX \| \
74	+ PERF_REG_X86_DI \| \
75	+ PERF_REG_X86_SI \| \
76	+ PERF_REG_X86_SP \| \
77	+ PERF_REG_X86_BP \| \
78	+ PERF_REG_X86_IP \| \
79	+ PERF_REG_X86_FLAGS \| \
80	+ PERF_REG_X86_R8 \| \
81	+ PERF_REG_X86_R9 \| \
82	+ PERF_REG_X86_R10 \| \
83	+ PERF_REG_X86_R11 \| \
84	+ PERF_REG_X86_R12 \| \
85	+ PERF_REG_X86_R13 \| \
86	+ PERF_REG_X86_R14 \| \
87	+ PERF_REG_X86_R15)
88	+
89	/*
90	* Per register state.
91	*/
92	diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
93	index 6f342001ec6a..7f3afbf928bb 100644
94	--- a/arch/x86/events/intel/core.c
95	+++ b/arch/x86/events/intel/core.c
96	@@ -2958,6 +2958,10 @@ static unsigned long intel_pmu_free_running_flags(struct perf_event *event)
97
98	if (event->attr.use_clockid)
99	flags &= ~PERF_SAMPLE_TIME;
100	+ if (!event->attr.exclude_kernel)
101	+ flags &= ~PERF_SAMPLE_REGS_USER;
102	+ if (event->attr.sample_regs_user & ~PEBS_REGS)
103	+ flags &= ~(PERF_SAMPLE_REGS_USER \| PERF_SAMPLE_REGS_INTR);
104	return flags;
105	}
106
107	--
108	2.14.2
109