[kernel] r18552 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/powerpc patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Jan 17 17:36:56 UTC 2012
Author: dannf
Date: Tue Jan 17 17:36:54 2012
New Revision: 18552
Log:
[powerpc] oprofile: Handle events that raise an exception without overflowing (CVE-2011-4347)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/27lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Tue Jan 17 17:36:48 2012 (r18551)
+++ dists/lenny-security/linux-2.6/debian/changelog Tue Jan 17 17:36:54 2012 (r18552)
@@ -9,6 +9,8 @@
(CVE-2011-4622)
* jbd/jbd2: validate sb->s_first in journal_get_superblock() (CVE-2011-4132)
* hfs: add sanity check for file name length (CVE-2011-4330)
+ * [powerpc] oprofile: Handle events that raise an exception without
+ overflowing (CVE-2011-4347)
-- dann frazier <dannf at debian.org> Fri, 06 Jan 2012 21:15:07 -0700
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch Tue Jan 17 17:36:54 2012 (r18552)
@@ -0,0 +1,61 @@
+commit ad5d5292f16c6c1d7d3e257c4c7407594286b97e
+Author: Eric B Munson <emunson at mgebm.net>
+Date: Mon May 23 04:22:40 2011 +0000
+
+ powerpc/oprofile: Handle events that raise an exception without overflowing
+
+ Commit 0837e3242c73566fc1c0196b4ec61779c25ffc93 fixes a situation on POWER7
+ where events can roll back if a specualtive event doesn't actually complete.
+ This can raise a performance monitor exception. We need to catch this to ensure
+ that we reset the PMC. In all cases the PMC will be less than 256 cycles from
+ overflow.
+
+ This patch lifts Anton's fix for the problem in perf and applies it to oprofile
+ as well.
+
+ Signed-off-by: Eric B Munson <emunson at mgebm.net>
+ Cc: <stable at kernel.org> # as far back as it applies cleanly
+ Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
+
+diff --git a/arch/powerpc/oprofile/op_model_power4.c b/arch/powerpc/oprofile/op_model_power4.c
+index 8ee51a2..e6bec74 100644
+--- a/arch/powerpc/oprofile/op_model_power4.c
++++ b/arch/powerpc/oprofile/op_model_power4.c
+@@ -261,6 +261,28 @@ static int get_kernel(unsigned long pc, unsigned long mmcra)
+ return is_kernel;
+ }
+
++static bool pmc_overflow(unsigned long val)
++{
++ if ((int)val < 0)
++ return true;
++
++ /*
++ * Events on POWER7 can roll back if a speculative event doesn't
++ * eventually complete. Unfortunately in some rare cases they will
++ * raise a performance monitor exception. We need to catch this to
++ * ensure we reset the PMC. In all cases the PMC will be 256 or less
++ * cycles from overflow.
++ *
++ * We only do this if the first pass fails to find any overflowing
++ * PMCs because a user might set a period of less than 256 and we
++ * don't want to mistakenly reset them.
++ */
++ if (__is_processor(PV_POWER7) && ((0x80000000 - val) <= 256))
++ return true;
++
++ return false;
++}
++
+ static void power4_handle_interrupt(struct pt_regs *regs,
+ struct op_counter_config *ctr)
+ {
+@@ -281,7 +303,7 @@ static void power4_handle_interrupt(struct pt_regs *regs,
+
+ for (i = 0; i < cur_cpu_spec->num_pmcs; ++i) {
+ val = classic_ctr_read(i);
+- if (val < 0) {
++ if (pmc_overflow(val)) {
+ if (oprofile_running && ctr[i].enabled) {
+ oprofile_add_ext_sample(pc, regs, i, is_kernel);
+ classic_ctr_write(i, reset_value[i]);
Modified: dists/lenny-security/linux-2.6/debian/patches/series/27lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/27lenny1 Tue Jan 17 17:36:48 2012 (r18551)
+++ dists/lenny-security/linux-2.6/debian/patches/series/27lenny1 Tue Jan 17 17:36:54 2012 (r18552)
@@ -7,3 +7,4 @@
+ bugfix/x86/kvm-prevent-starting-pit-timers-in-the-absence-of-irqchip-support.patch
+ bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch
+ bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
++ bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch
More information about the Kernel-svn-changes
mailing list