Athira Rajeev 5ae5fbd210 powerpc/perf: Fix handling of privilege level checks in perf interrupt context ... Running "perf mem record" in powerpc platforms with selinux enabled resulted in soft lockup's. Below call-trace was seen in the logs: CPU: 58 PID: 3751 Comm: sssd_nss Not tainted 5.11.0-rc7+ #2 NIP: c000000000dff3d4 LR: c000000000dff3d0 CTR: 0000000000000000 REGS: c000007fffab7d60 TRAP: 0100 Not tainted (5.11.0-rc7+) ... NIP _raw_spin_lock_irqsave+0x94/0x120 LR _raw_spin_lock_irqsave+0x90/0x120 Call Trace: 0xc00000000fd47260 (unreliable) skb_queue_tail+0x3c/0x90 audit_log_end+0x6c/0x180 common_lsm_audit+0xb0/0xe0 slow_avc_audit+0xa4/0x110 avc_has_perm+0x1c4/0x260 selinux_perf_event_open+0x74/0xd0 security_perf_event_open+0x68/0xc0 record_and_restart+0x6e8/0x7f0 perf_event_interrupt+0x22c/0x560 performance_monitor_exception0x4c/0x60 performance_monitor_common_virt+0x1c8/0x1d0 interrupt: f00 at _raw_spin_lock_irqsave+0x38/0x120 NIP: c000000000dff378 LR: c000000000b5fbbc CTR: c0000000007d47f0 REGS: c00000000fd47860 TRAP: 0f00 Not tainted (5.11.0-rc7+) ... NIP _raw_spin_lock_irqsave+0x38/0x120 LR skb_queue_tail+0x3c/0x90 interrupt: f00 0x38 (unreliable) 0xc00000000aae6200 audit_log_end+0x6c/0x180 audit_log_exit+0x344/0xf80 __audit_syscall_exit+0x2c0/0x320 do_syscall_trace_leave+0x148/0x200 syscall_exit_prepare+0x324/0x390 system_call_common+0xfc/0x27c The above trace shows that while the CPU was handling a performance monitor exception, there was a call to security_perf_event_open() function. In powerpc core-book3s, this function is called from perf_allow_kernel() check during recording of data address in the sample via perf_get_data_addr(). Commit da97e18458 ("perf_event: Add support for LSM and SELinux checks") introduced security enhancements to perf. As part of this commit, the new security hook for perf_event_open() was added in all places where perf paranoid check was previously used. In powerpc core-book3s code, originally had paranoid checks in perf_get_data_addr() and power_pmu_bhrb_read(). So perf_paranoid_kernel() checks were replaced with perf_allow_kernel() in these PMU helper functions as well. The intention of paranoid checks in core-book3s was to verify privilege access before capturing some of the sample data. Along with paranoid checks, perf_allow_kernel() also does a security_perf_event_open(). Since these functions are accessed while recording a sample, we end up calling selinux_perf_event_open() in PMI context. Some of the security functions use spinlock like sidtab_sid2str_put(). If a perf interrupt hits under a spin lock and if we end up in calling selinux hook functions in PMI handler, this could cause a dead lock. Since the purpose of this security hook is to control access to perf_event_open(), it is not right to call this in interrupt context. The paranoid checks in powerpc core-book3s were done at interrupt time which is also not correct. Reference commits: Commit cd1231d703 ("powerpc/perf: Prevent kernel address leak via perf_get_data_addr()") Commit bb19af8160 ("powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer") We only allow creation of events that have already passed the privilege checks in perf_event_open(). So these paranoid checks are not needed at event time. As a fix, patch uses 'event->attr.exclude_kernel' check to prevent exposing kernel address for userspace only sampling. Fixes: cd1231d703 ("powerpc/perf: Prevent kernel address leak via perf_get_data_addr()") Cc: stable@vger.kernel.org # v4.17+ Suggested-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/1614247839-1428-1-git-send-email-atrajeev@linux.vnet.ibm.com		2021-03-02 22:41:51 +11:00
..
req-gen	powerpc: clean the inclusion of stringify.h	2018-07-30 22:48:17 +10:00
8xx-pmu.c	powerpc/ppc-opcode: Add PPC_RAW_MFSPR()	2020-12-09 23:48:13 +11:00
bhrb.S	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
callchain.c	mm: don't include asm/pgtable.h if linux/mm.h is already included	2020-06-09 09:39:13 -07:00
callchain.h	powerpc/64s/perf: perf interrupt does not have to get_user_pages to access user memory	2020-11-19 16:56:52 +11:00
callchain_32.c	powerpc/vdso: Retrieve sigtramp offsets at buildtime	2020-12-04 01:01:17 +11:00
callchain_64.c	powerpc/vdso: Retrieve sigtramp offsets at buildtime	2020-12-04 01:01:17 +11:00
core-book3s.c	powerpc/perf: Fix handling of privilege level checks in perf interrupt context	2021-03-02 22:41:51 +11:00
core-fsl-emb.c	powerpc/perf: move perf irq/nmi handling details into traps.c	2021-02-09 00:02:10 +11:00
e500-pmu.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
e6500-pmu.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
generic-compat-pmu.c	powerpc/perf: Update Power PMU cache_events to u64 type	2020-07-22 21:56:40 +10:00
hv-24x7-catalog.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
hv-24x7-domains.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
hv-24x7.c	powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events	2021-01-30 11:39:25 +11:00
hv-24x7.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
hv-common.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
hv-common.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
hv-gpci-requests.h	powerpc/perf/hv-gpci: Fix starting index value	2020-10-07 22:34:48 +11:00
hv-gpci.c	powerpc/hv-gpci: Add sysfs files inside hv-gpci device to show cpumask	2020-10-07 22:34:49 +11:00
hv-gpci.h	powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h	2020-09-02 11:00:20 +10:00
imc-pmu.c	powerpc: fix -Wimplicit-fallthrough	2020-11-18 14:18:09 -06:00
internal.h	powerpc/perf: power10 Performance Monitoring support	2020-07-22 21:56:41 +10:00
isa207-common.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
isa207-common.h	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
Makefile	powerpc/perf: power10 Performance Monitoring support	2020-07-22 21:56:41 +10:00
mpc7450-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
perf_regs.c	powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs	2021-02-09 01:09:44 +11:00
power5+-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
power5-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
power6-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
power7-events-list.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
power7-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
power8-events-list.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
power8-pmu.c	powerpc/perf: Update Power PMU cache_events to u64 type	2020-07-22 21:56:40 +10:00
power9-events-list.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
power9-pmu.c	powerpc/perf: Add support for outputting extended regs in perf intr_regs	2020-08-17 13:11:22 +10:00
power10-events-list.h	powerpc/perf: Fix to update cache events with l2l3 events in power10	2020-12-04 01:01:29 +11:00
power10-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00
ppc970-pmu.c	powerpc/perf: Adds support for programming of Thresholding in P10	2021-02-11 23:35:36 +11:00