From 58a754bfaa2bb8c36f2f9706872dab2757f9f683 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <a.p.zijlstra@chello.nl>
Date: Fri, 3 May 2013 14:11:24 +0200
Subject: [PATCH] --- yaml --- r: 372895 b: refs/heads/master c:
 6e15eb3ba6c0249c9e8c783517d131b47db995ca h: refs/heads/master i:   372893:
 99bdcba55c5d6911f21502e2c86da94ada075117   372891:
 d67bf7412fed2177fa24cad25b23ceec7d239191   372887:
 619d7691b234fd4e17d5db055ebafa36bdada27d   372879:
 efe0a8e11774f5c476ff68610f847f60279852e4   372863:
 d05a1aa5295718a415bc6c73a544ffa5caf950bf v: v3

---
 [refs]                                           |  2 +-
 trunk/arch/x86/kernel/cpu/perf_event_intel_lbr.c | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/[refs] b/[refs]
index 2f1f46cd44f8..2919a38ed83a 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 741a698f420c34c458294a6accecfbad702a7c52
+refs/heads/master: 6e15eb3ba6c0249c9e8c783517d131b47db995ca
diff --git a/trunk/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/trunk/arch/x86/kernel/cpu/perf_event_intel_lbr.c
index da02e9cc3754..de341d4ec92a 100644
--- a/trunk/arch/x86/kernel/cpu/perf_event_intel_lbr.c
+++ b/trunk/arch/x86/kernel/cpu/perf_event_intel_lbr.c
@@ -442,8 +442,18 @@ static int branch_type(unsigned long from, unsigned long to)
 			return X86_BR_NONE;
 
 		addr = buf;
-	} else
-		addr = (void *)from;
+	} else {
+		/*
+		 * The LBR logs any address in the IP, even if the IP just
+		 * faulted. This means userspace can control the from address.
+		 * Ensure we don't blindy read any address by validating it is
+		 * a known text address.
+		 */
+		if (kernel_text_address(from))
+			addr = (void *)from;
+		else
+			return X86_BR_NONE;
+	}
 
 	/*
 	 * decoder needs to know the ABI especially