From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F156C282DD for ; Fri, 10 Jan 2020 15:52:30 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 26A6A2080D for ; Fri, 10 Jan 2020 15:52:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="h5xhZpbc"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="hhUyUSbg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 26A6A2080D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Mime-Version:References:In-Reply-To: Message-Id:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=WykJkBCBhkU+X67qUI3n0TWnIRkLS3beS4i2O939e3E=; b=h5xhZpbciXisyw 0yGS1SxQWZdw67TosCbU6mRIcdaSxmA9Oec3eox5Hp4umWEroVd3+b3X2P52Ozz+xrhzws2/j+PP0 i3nmiXIXRDT4r+KC7ri24TV/T2R2MWcNRQQcZDZ/9bxxUlMbblMGVGgAb2fDCTg8w1aEaCasGNfX+ 0qT6CudAh73aSUMdq9lc4kbyjuaIQ0DPbByMcl5Q7JsP4tEExTIDp+9eiUmQLEqVQPmfKlCOuYzut jLgO7jnlV0wfqxW3VUo92jBcJTAaj/NHR7XDlI35kwV2cQinhsyfOf455JaQtZ8+mPxPOZy86j8Dr 0wC4dTKYRcvER8xqiXlw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ipwaL-0006on-GI; Fri, 10 Jan 2020 15:52:29 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ipwaH-0006nn-Tt for linux-arm-kernel@lists.infradead.org; Fri, 10 Jan 2020 15:52:27 +0000 Received: from devnote2 (NE2965lan1.rev.em-net.ne.jp [210.141.244.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 779C420721; Fri, 10 Jan 2020 15:52:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578671544; bh=3nRKzhqWY209SzpxePH8IpaFH19pRWJVa9ge9VwTUWg=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=hhUyUSbgOhcEXYmwe16oYRXofftAtCaPssxnlo8+wzR1Z+Hc7gIC74+9+Ofo0QovJ Uvu/OS2WmFEr18mb/K4VPPNI5p+e0NVDolFkj/C9Q9+59mAjao0fdDHytwiGkznrTa HNfDKF7+0bsZZIwPw/QJBAGKYSzKyf3waWGNpk/8= Date: Sat, 11 Jan 2020 00:52:13 +0900 From: Masami Hiramatsu To: Peter Zijlstra Subject: Re: [PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process Message-Id: <20200111005213.6dfd98fb36ace098004bde0e@kernel.org> In-Reply-To: <20200110140234.GO2844@hirez.programming.kicks-ass.net> References: <20200108160713.GI2844@hirez.programming.kicks-ass.net> <20200110140234.GO2844@hirez.programming.kicks-ass.net> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200110_075226_004067_1DF15C36 X-CRM114-Status: GOOD ( 16.99 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Song Liu , Alexander Shishkin , Benjamin Herrenschmidt , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Alexey Budankov , Igor Lubashev , James Morris , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , "jani.nikula@linux.intel.com" , Arnaldo Carvalho de Melo , "rodrigo.vivi@intel.com" , Namhyung Kim , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Tvrtko Ursulin , "linux-parisc@vger.kernel.org" , linux-kernel , Lionel Landwerlin , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , mhiramat@kernel.org, Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, 10 Jan 2020 15:02:34 +0100 Peter Zijlstra wrote: > On Thu, Jan 09, 2020 at 02:36:50PM +0300, Alexey Budankov wrote: > > On 08.01.2020 19:07, Peter Zijlstra wrote: > > > On Wed, Dec 18, 2019 at 12:25:35PM +0300, Alexey Budankov wrote: > > > >> diff --git a/kernel/events/core.c b/kernel/events/core.c > > >> index 059ee7116008..d9db414f2197 100644 > > >> --- a/kernel/events/core.c > > >> +++ b/kernel/events/core.c > > >> @@ -9056,7 +9056,7 @@ static int perf_kprobe_event_init(struct perf_event *event) > > >> if (event->attr.type != perf_kprobe.type) > > >> return -ENOENT; > > >> > > >> - if (!capable(CAP_SYS_ADMIN)) > > >> + if (!perfmon_capable()) > > >> return -EACCES; > > >> > > >> /* > > > > > > This one only allows attaching to already extant kprobes, right? It does > > > not allow creation of kprobes. > > > > This unblocks creation of local trace kprobes and uprobes by CAP_SYS_PERFMON > > privileged process, exactly the same as for CAP_SYS_ADMIN privileged process. > > I've no idea what you just said; it's just words. > > Again, this only allows attaching to previously created kprobes, it does > not allow creating kprobes, right? > > That is; I don't think CAP_SYS_PERFMON should be allowed to create > kprobes. > > As might be clear; I don't actually know what the user-ABI is for > creating kprobes. There are 2 ABIs nowadays, ftrace and ebpf. perf-probe uses ftrace interface to define new kprobe events, and those events are treated as completely same as tracepoint events. On the other hand, ebpf tries to define new probe event via perf_event interface. Above one is that interface. IOW, it creates new kprobe. Thank you, -- Masami Hiramatsu _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel