From: Andi Kleen <ak@linux.intel.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Tvrtko Ursulin <tursulin@ursulin.net>,
LKML <linux-kernel@vger.kernel.org>,
tvrtko.ursulin@linux.intel.com,
Peter Zijlstra <peterz@infradead.org>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Madhavan Srinivasan <maddy@linux.vnet.ibm.com>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>
Subject: Re: [RFC 0/5] perf: Per PMU access controls (paranoid setting)
Date: Fri, 28 Sep 2018 10:23:40 -0700 [thread overview]
Message-ID: <20180928172340.GA32651@tassilo.jf.intel.com> (raw)
In-Reply-To: <20180928164111.i6nba2j6mnegwslw@lakrids.cambridge.arm.com>
> There's also been prior discussion on these feature in other contexts
> (e.g. android expoits resulting from out-of-tree drivers). It would be
> nice to see those considered.
>
> IIRC The conclusion from prior discussions (e.g. [1]) was that we wanted
> finer granularity of control such that we could limit PMU access to
> specific users -- e.g. disallow arbitrary android apps from poking *any*
> PMU, while allowing some more trusted apps/users to uses *some* specific
> PMUs.
>
> e.g. we could add /sys/bus/event_source/devices/${PMU}/device, protect
> this via the usual fs ACLs, and pass the fd to perf_event_open()
> somehow. A valid fd would act as a capability, taking precedence over
> perf_event_paranoid.
That sounds like an orthogonal feature. I don't think the original
patchkit would need to be hold up for this. It would be something
in addition.
BTW can't you already do that with the syscall filter? I assume
the Android sandboxes already use that. Just forbid perf_event_open
for the apps.
-Andi
next prev parent reply other threads:[~2018-09-28 17:23 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-19 12:27 [RFC 0/5] perf: Per PMU access controls (paranoid setting) Tvrtko Ursulin
2018-09-19 12:27 ` [RFC 1/5] perf: Move some access checks later in perf_event_open Tvrtko Ursulin
2018-09-19 12:27 ` [RFC 2/5] perf: Pass pmu pointer to perf_paranoid_* helpers Tvrtko Ursulin
2018-09-19 12:27 ` [RFC 3/5] perf: Allow per PMU access control Tvrtko Ursulin
2018-09-27 20:15 ` Andi Kleen
2018-09-28 8:57 ` Tvrtko Ursulin
2018-09-19 12:27 ` [RFC 4/5] perf Documentation: Document the per PMU perf_event_paranoid interface Tvrtko Ursulin
2018-09-19 12:27 ` [RFC 5/5] tools/perf: Add support for per-PMU access control Tvrtko Ursulin
2018-09-28 10:26 ` [RFC 0/5] perf: Per PMU access controls (paranoid setting) Thomas Gleixner
2018-09-28 13:22 ` Tvrtko Ursulin
2018-09-28 14:02 ` Thomas Gleixner
2018-09-28 14:56 ` Tvrtko Ursulin
2018-09-28 15:23 ` Thomas Gleixner
2018-09-28 15:45 ` Alexey Budankov
2018-09-28 18:20 ` Thomas Gleixner
2018-09-28 20:45 ` Andi Kleen
2018-09-29 6:19 ` Thomas Gleixner
2018-10-01 6:25 ` Alexey Budankov
2018-09-28 15:12 ` Jann Horn
2018-09-28 22:02 ` Jann Horn
2018-10-01 6:27 ` Alexey Budankov
2018-09-28 16:41 ` Mark Rutland
2018-09-28 17:23 ` Andi Kleen [this message]
2018-09-28 17:40 ` Mark Rutland
2018-09-28 20:49 ` Andi Kleen
2018-09-28 20:54 ` Jann Horn
2018-09-28 20:59 ` Andi Kleen
2018-09-28 21:22 ` Jann Horn
2018-09-28 21:27 ` Andi Kleen
2018-10-01 6:25 ` Alexey Budankov
2018-10-01 16:11 ` Thomas Gleixner
2018-10-01 16:15 ` Jann Horn
2018-10-01 20:51 ` Alexey Budankov
2018-10-02 6:40 ` Thomas Gleixner
2018-10-02 11:44 ` Alexey Budankov
2018-10-03 17:01 ` Jann Horn
2018-10-04 17:11 ` Alexey Budankov
2018-09-29 6:30 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180928172340.GA32651@tassilo.jf.intel.com \
--to=ak@linux.intel.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maddy@linux.vnet.ibm.com \
--cc=mark.rutland@arm.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tursulin@ursulin.net \
--cc=tvrtko.ursulin@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.