From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Igor Lubashev <ilubashe@akamai.com>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
James Morris <jmorris@namei.org>,
Peter Zijlstra <peterz@infradead.org>,
Suzuki Poulouse <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 05/37] perf symbols: Use CAP_SYSLOG with kptr_restrict checks
Date: Thu, 29 Aug 2019 11:38:45 -0300 [thread overview]
Message-ID: <20190829143917.29745-6-acme@kernel.org> (raw)
In-Reply-To: <20190829143917.29745-1-acme@kernel.org>
From: Igor Lubashev <ilubashe@akamai.com>
The kernel is using CAP_SYSLOG capability instead of uid==0 and euid==0
when checking kptr_restrict. Make perf do the same.
Also, the kernel is a more restrictive than "no restrictions" in case of
kptr_restrict==0, so add the same logic to perf.
Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
Tested-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/1566869956-7154-5-git-send-email-ilubashe@akamai.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/symbol.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index 4efde7879474..035f2e75728c 100644
--- a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -4,6 +4,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <linux/capability.h>
#include <linux/kernel.h>
#include <linux/mman.h>
#include <linux/time64.h>
@@ -15,8 +16,10 @@
#include <inttypes.h>
#include "annotate.h"
#include "build-id.h"
+#include "cap.h"
#include "util.h"
#include "debug.h"
+#include "event.h"
#include "machine.h"
#include "map.h"
#include "symbol.h"
@@ -2195,13 +2198,19 @@ static bool symbol__read_kptr_restrict(void)
char line[8];
if (fgets(line, sizeof(line), fp) != NULL)
- value = ((geteuid() != 0) || (getuid() != 0)) ?
- (atoi(line) != 0) :
- (atoi(line) == 2);
+ value = perf_cap__capable(CAP_SYSLOG) ?
+ (atoi(line) >= 2) :
+ (atoi(line) != 0);
fclose(fp);
}
+ /* Per kernel/kallsyms.c:
+ * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG
+ */
+ if (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))
+ value = true;
+
return value;
}
--
2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Suzuki Poulouse <suzuki.poulose@arm.com>,
Clark Williams <williams@redhat.com>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Igor Lubashev <ilubashe@akamai.com>,
linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
linux-perf-users@vger.kernel.org,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 05/37] perf symbols: Use CAP_SYSLOG with kptr_restrict checks
Date: Thu, 29 Aug 2019 11:38:45 -0300 [thread overview]
Message-ID: <20190829143917.29745-6-acme@kernel.org> (raw)
In-Reply-To: <20190829143917.29745-1-acme@kernel.org>
From: Igor Lubashev <ilubashe@akamai.com>
The kernel is using CAP_SYSLOG capability instead of uid==0 and euid==0
when checking kptr_restrict. Make perf do the same.
Also, the kernel is a more restrictive than "no restrictions" in case of
kptr_restrict==0, so add the same logic to perf.
Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
Tested-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/1566869956-7154-5-git-send-email-ilubashe@akamai.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/symbol.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index 4efde7879474..035f2e75728c 100644
--- a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -4,6 +4,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <linux/capability.h>
#include <linux/kernel.h>
#include <linux/mman.h>
#include <linux/time64.h>
@@ -15,8 +16,10 @@
#include <inttypes.h>
#include "annotate.h"
#include "build-id.h"
+#include "cap.h"
#include "util.h"
#include "debug.h"
+#include "event.h"
#include "machine.h"
#include "map.h"
#include "symbol.h"
@@ -2195,13 +2198,19 @@ static bool symbol__read_kptr_restrict(void)
char line[8];
if (fgets(line, sizeof(line), fp) != NULL)
- value = ((geteuid() != 0) || (getuid() != 0)) ?
- (atoi(line) != 0) :
- (atoi(line) == 2);
+ value = perf_cap__capable(CAP_SYSLOG) ?
+ (atoi(line) >= 2) :
+ (atoi(line) != 0);
fclose(fp);
}
+ /* Per kernel/kallsyms.c:
+ * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG
+ */
+ if (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))
+ value = true;
+
return value;
}
--
2.21.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-08-29 14:38 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 14:38 [GIT PULL] perf/core improvements and fixes Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 01/37] perf arch powerpc: Sync powerpc syscall.tbl Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 02/37] perf event: Check ref_reloc_sym before using it Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 03/37] perf tools: Use CAP_SYS_ADMIN with perf_event_paranoid checks Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 04/37] perf evsel: Kernel profiling is disallowed only when perf_event_paranoid > 1 Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo [this message]
2019-08-29 14:38 ` [PATCH 05/37] perf symbols: Use CAP_SYSLOG with kptr_restrict checks Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 06/37] perf tools: Warn that perf_event_paranoid can restrict kernel symbols Arnaldo Carvalho de Melo
2019-08-29 14:38 ` Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 07/37] perf tools: Remove needless util.h include from builtin.h Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 08/37] perf evlist: Remove needless util.h from evlist.h Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 09/37] perf clang: Delete needless util-cxx.h header Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 10/37] perf top: Decay all events in the evlist Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 11/37] perf top: Fix event group with more than two events Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 12/37] libperf: Add PERF_RECORD_HEADER_ATTR 'struct attr_event' to perf/event.h Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 13/37] libperf: Add PERF_RECORD_CPU_MAP 'struct cpu_map_event' " Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 14/37] libperf: Add PERF_RECORD_EVENT_UPDATE 'struct event_update_event' " Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 15/37] libperf: Add PERF_RECORD_HEADER_EVENT_TYPE 'struct event_type_event' " Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 16/37] libperf: Add PERF_RECORD_HEADER_TRACING_DATA 'struct tracing_data_event' " Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 17/37] libperf: Add PERF_RECORD_HEADER_BUILD_ID 'struct build_id_event' " Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 18/37] libperf: Add PERF_RECORD_ID_INDEX 'struct id_index_event' " Arnaldo Carvalho de Melo
2019-08-29 14:38 ` [PATCH 19/37] libperf: Add PERF_RECORD_AUXTRACE_INFO 'struct auxtrace_info_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 20/37] libperf: Add PERF_RECORD_AUXTRACE 'struct auxtrace_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 21/37] libperf: Add PERF_RECORD_AUXTRACE_ERROR 'struct auxtrace_error_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 22/37] libperf: Add PERF_RECORD_AUX 'struct aux_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 23/37] libperf: Add PERF_RECORD_ITRACE_START 'struct itrace_start_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 24/37] libperf: Add PERF_RECORD_SWITCH 'struct context_switch_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 25/37] libperf: Add PERF_RECORD_THREAD_MAP 'struct thread_map_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 26/37] libperf: Add PERF_RECORD_STAT_CONFIG 'struct stat_config_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 27/37] libperf: Add PERF_RECORD_STAT 'struct stat_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 28/37] libperf: Add PERF_RECORD_STAT_ROUND 'struct stat_round_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 29/37] libperf: Add PERF_RECORD_TIME_CONV 'struct time_conv_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 30/37] libperf: Add PERF_RECORD_HEADER_FEATURE 'struct feature_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 31/37] libperf: Add PERF_RECORD_COMPRESSED 'struct compressed_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 32/37] libperf: Add 'union perf_event' " Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 33/37] libperf: Rename the PERF_RECORD_ structs to have a "perf" prefix Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 34/37] libperf: Move 'enum perf_user_event_type' to perf/event.h Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 35/37] perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 36/37] tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure Arnaldo Carvalho de Melo
2019-08-29 14:39 ` [PATCH 37/37] tools lib traceevent: Remove unneeded qsort and uses memmove instead Arnaldo Carvalho de Melo
2019-08-29 18:58 ` [GIT PULL] perf/core improvements and fixes Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190829143917.29745-6-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=ilubashe@akamai.com \
--cc=jmorris@namei.org \
--cc=jolsa@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mathieu.poirier@linaro.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=williams@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.