LKML Archive on lore.kernel.org
 help / color / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: X86 ML <x86@kernel.org>, Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	"hillf.zj" <hillf.zj@alibaba-inc.com>,
	Vince Weaver <vince@deater.net>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Paul Mackerras <paulus@samba.org>,
	Kees Cook <keescook@chromium.org>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Subject: Re: [PATCH v2 5/8] perf: Add pmu callbacks to track event mapping and unmapping
Date: Sat, 1 Nov 2014 14:49:10 -0700
Message-ID: <CALCETrVjG4T-+jZ+4AZX-i9s_Do8BY=+fp1JmWCxnbAfGiVvug@mail.gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.11.1411012135040.5308@nanos>

On Nov 1, 2014 1:39 PM, "Thomas Gleixner" <tglx@linutronix.de> wrote:
>
> On Sat, 1 Nov 2014, Andy Lutomirski wrote:
> > On Sat, Nov 1, 2014 at 12:59 PM, Thomas Gleixner <tglx@linutronix.de> wrote:
> > > On Fri, 24 Oct 2014, Andy Lutomirski wrote:
> > >
> > > I'm probably missing something.
> > >
> > > Why is this tied to the mmap? If I just open a counter then I should
> > > be able to read the counter from user space w/o mmapping something in
> > > the first place.
> >
> > You can read it with read(2), which this patch shouldn't affect.  If
> > you want to read it with rdpmc, then you need to know what rdpmc index
> > to use, and the API for that is to mmap the event, check the
> > userpage's cap_user_rdpmc, and then rdpmc on ->idx - 1 (assuming that
> > ->idx != 0).  You can't safely make any assumptions about which rdpmc
> > index it will be without explicitly checking, because perf reserves
> > the right to change the index whenever it wants.
>
> Got it. As I expected: I was missing something :)
>
> > There's plenty of room to tighten up the restrictions further, but
> > this is, I think, a decent first step, and it solves the problem of
> > information leaking into seccomp sandboxes.
>
> In which way?

All the performance counters were readable without using any syscalls.
That leaks hints as to which events are in use, and it possibly leaks
interesting side channel information.   With this series applied, you
need a at least mmap an rdpmc-able event, which most seccomp sandboxes
won't allow.

Unfortunately, rdpmc access to counters can't be controlled
individually, so it's hard to do all that much better than this.

--Andy

>
> Thanks,
>
>         tglx
>

  reply index

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-24 22:58 [PATCH v2 0/8] CR4 handling improvements Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 1/8] perf: Clean up pmu::event_idx Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 2/8] x86: Clean up cr4 manipulation Andy Lutomirski
2014-11-01 19:56   ` Thomas Gleixner
2015-02-04 14:41   ` [tip:perf/x86] " tip-bot for Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 3/8] x86: Store a per-cpu shadow copy of CR4 Andy Lutomirski
2014-11-01 19:56   ` Thomas Gleixner
2015-02-04 14:41   ` [tip:perf/x86] " tip-bot for Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 4/8] x86: Add a comment clarifying LDT context switching Andy Lutomirski
2014-11-01 19:56   ` Thomas Gleixner
2015-02-04 14:41   ` [tip:perf/x86] " tip-bot for Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 5/8] perf: Add pmu callbacks to track event mapping and unmapping Andy Lutomirski
2014-11-01 19:59   ` Thomas Gleixner
2014-11-01 20:32     ` Andy Lutomirski
2014-11-01 20:39       ` Thomas Gleixner
2014-11-01 21:49         ` Andy Lutomirski [this message]
2014-11-01 22:10           ` Thomas Gleixner
2014-11-02 20:15             ` Andy Lutomirski
2015-02-04 14:42   ` [tip:perf/x86] " tip-bot for Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 6/8] perf: Pass the event to arch_perf_update_userpage Andy Lutomirski
2015-02-04 14:42   ` [tip:perf/x86] perf: Pass the event to arch_perf_update_userpage( ) tip-bot for Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 7/8] x86, perf: Only allow rdpmc if a perf_event is mapped Andy Lutomirski
2014-10-31 17:54   ` Paolo Bonzini
2014-10-31 18:25     ` Andy Lutomirski
2015-02-04 14:42   ` [tip:perf/x86] perf/x86: " tip-bot for Andy Lutomirski
2014-10-24 22:58 ` [PATCH v2 8/8] x86, perf: Add /sys/devices/cpu/rdpmc=2 to allow rdpmc for all tasks Andy Lutomirski
2015-02-04 14:43   ` [tip:perf/x86] perf/x86: Add /sys/devices/cpu/rdpmc= 2 " tip-bot for Andy Lutomirski
2014-10-31 15:09 ` [PATCH v2 0/8] CR4 handling improvements Peter Zijlstra
2014-10-31 17:09   ` Andy Lutomirski
2015-01-14  0:52   ` Andy Lutomirski
2015-01-22 22:42     ` Thomas Gleixner
2015-01-23  8:37       ` Peter Zijlstra
2014-11-12 23:38 ` Andy Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALCETrVjG4T-+jZ+4AZX-i9s_Do8BY=+fp1JmWCxnbAfGiVvug@mail.gmail.com' \
    --to=luto@amacapital.net \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=aarcange@redhat.com \
    --cc=acme@kernel.org \
    --cc=hillf.zj@alibaba-inc.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=paulus@samba.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=vince@deater.net \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git