[kernel] r18552 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/powerpc patches/series

Tue Jan 17 17:36:56 UTC 2012

Author: dannf
Date: Tue Jan 17 17:36:54 2012
New Revision: 18552

Log:
[powerpc] oprofile: Handle events that raise an exception without overflowing (CVE-2011-4347)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/27lenny1

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================

--- dists/lenny-security/linux-2.6/debian/changelog	Tue Jan 17 17:36:48 2012	(r18551)
+++ dists/lenny-security/linux-2.6/debian/changelog	Tue Jan 17 17:36:54 2012	(r18552)
@@ -9,6 +9,8 @@
     (CVE-2011-4622)
   * jbd/jbd2: validate sb->s_first in journal_get_superblock() (CVE-2011-4132)
   * hfs: add sanity check for file name length (CVE-2011-4330)
+  * [powerpc] oprofile: Handle events that raise an exception without
+    overflowing (CVE-2011-4347)
 
  -- dann frazier <dannf at debian.org>  Fri, 06 Jan 2012 21:15:07 -0700
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch	Tue Jan 17 17:36:54 2012	(r18552)
@@ -0,0 +1,61 @@
+commit ad5d5292f16c6c1d7d3e257c4c7407594286b97e
+Author: Eric B Munson <emunson at mgebm.net>
+Date:   Mon May 23 04:22:40 2011 +0000
+
+    powerpc/oprofile: Handle events that raise an exception without overflowing
+    
+    Commit 0837e3242c73566fc1c0196b4ec61779c25ffc93 fixes a situation on POWER7
+    where events can roll back if a specualtive event doesn't actually complete.
+    This can raise a performance monitor exception.  We need to catch this to ensure
+    that we reset the PMC.  In all cases the PMC will be less than 256 cycles from
+    overflow.
+    
+    This patch lifts Anton's fix for the problem in perf and applies it to oprofile
+    as well.
+    
+    Signed-off-by: Eric B Munson <emunson at mgebm.net>
+    Cc: <stable at kernel.org> # as far back as it applies cleanly
+    Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
+
+diff --git a/arch/powerpc/oprofile/op_model_power4.c b/arch/powerpc/oprofile/op_model_power4.c
+index 8ee51a2..e6bec74 100644
+--- a/arch/powerpc/oprofile/op_model_power4.c
++++ b/arch/powerpc/oprofile/op_model_power4.c
+@@ -261,6 +261,28 @@ static int get_kernel(unsigned long pc, unsigned long mmcra)
+ 	return is_kernel;
+ }
+ 
++static bool pmc_overflow(unsigned long val)
++{
++	if ((int)val < 0)
++		return true;
++
++	/*
++	 * Events on POWER7 can roll back if a speculative event doesn't
++	 * eventually complete. Unfortunately in some rare cases they will
++	 * raise a performance monitor exception. We need to catch this to
++	 * ensure we reset the PMC. In all cases the PMC will be 256 or less
++	 * cycles from overflow.
++	 *
++	 * We only do this if the first pass fails to find any overflowing
++	 * PMCs because a user might set a period of less than 256 and we
++	 * don't want to mistakenly reset them.
++	 */
++	if (__is_processor(PV_POWER7) && ((0x80000000 - val) <= 256))
++		return true;
++
++	return false;
++}
++
+ static void power4_handle_interrupt(struct pt_regs *regs,
+ 				    struct op_counter_config *ctr)
+ {
+@@ -281,7 +303,7 @@ static void power4_handle_interrupt(struct pt_regs *regs,
+ 
+ 	for (i = 0; i < cur_cpu_spec->num_pmcs; ++i) {
+ 		val = classic_ctr_read(i);
+-		if (val < 0) {
++		if (pmc_overflow(val)) {
+ 			if (oprofile_running && ctr[i].enabled) {
+ 				oprofile_add_ext_sample(pc, regs, i, is_kernel);
+ 				classic_ctr_write(i, reset_value[i]);

Modified: dists/lenny-security/linux-2.6/debian/patches/series/27lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/27lenny1	Tue Jan 17 17:36:48 2012	(r18551)
+++ dists/lenny-security/linux-2.6/debian/patches/series/27lenny1	Tue Jan 17 17:36:54 2012	(r18552)
@@ -7,3 +7,4 @@
 + bugfix/x86/kvm-prevent-starting-pit-timers-in-the-absence-of-irqchip-support.patch
 + bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch
 + bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
++ bugfix/powerpc/oprofile-handle-events-that-raise-an-exception-without-overflowing.patch

