Re: [PATCH 07/12] perf_events: add LBR software filter support forIntel X86

[Stephane Eranian]

On Fri, Oct 7, 2011 at 12:38 PM, Stephane Eranian <eranian@xxxxxxxxxx> wrote:
> On Thu, Oct 6, 2011 at 5:32 PM, Andi Kleen <andi@xxxxxxxxxxxxxx> wrote:
>>> + Â Â kernel_insn_init(&insn, kaddr);
>>> + Â Â insn_get_opcode(&insn);
>>
>> This makes me uncomfortable. AFAIK that's the first use of the opcode
>> decoder being used directly for user space. It has a quite large attack
>> surface. Who says it cannot be exploited?
>>
> This is not new, it's already used for the PEBS fixups and that includes
> user level fixups, if possible.
>
> We are not executing the instruction here, just decoding it to filter it out
> from a buffer if necessary.
>
I would add that in this particular usage, the source address is coming
straight from LBR, it's not made up my SW. That means it corresponds
to a point where there was a control flow change. But it can certainly
be any x86 opcode (not just branches). LBR captures control flow changes
due to traps, faults, interrupts.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/