[PATCH] powerpc/papr_scm: Limit the readability of 'perf

public inbox for linux-nvdimm@lists.01.org
 help / color / mirror / Atom feed

* [PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
@ 2020-08-13  4:34 Vaibhav Jain
  2020-08-13 12:31 ` Aneesh Kumar K.V
  0 siblings, 1 reply; 4+ messages in thread
From: Vaibhav Jain @ 2020-08-13  4:34 UTC (permalink / raw)
  To: linuxppc-dev, linux-nvdimm
  Cc: Vaibhav Jain, Aneesh Kumar K . V, Michael Ellerman

The newly introduced 'perf_stats' attribute uses the default access
mode of 0444 letting non-root users access performance stats of an
nvdimm and potentially force the kernel into issuing large number of
expensive HCALLs. Since the information exposed by this attribute
cannot be cached hence its better to ward of access to this attribute
from users who don't need to access these performance statistics.

Hence this patch adds check in perf_stats_show() to only let users
that are 'perfmon_capable()' to read the nvdimm performance
statistics.

Fixes: 2d02bf835e573 ('powerpc/papr_scm: Fetch nvdimm performance stats from PHYP')
Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
---
 arch/powerpc/platforms/pseries/papr_scm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c
index f439f0dfea7d1..36c51bf8af9a8 100644
--- a/arch/powerpc/platforms/pseries/papr_scm.c
+++ b/arch/powerpc/platforms/pseries/papr_scm.c
@@ -792,6 +792,10 @@ static ssize_t perf_stats_show(struct device *dev,
 	struct nvdimm *dimm = to_nvdimm(dev);
 	struct papr_scm_priv *p = nvdimm_provider_data(dimm);
 
+	/* Allow access only to perfmon capable users */
+	if (!perfmon_capable())
+		return -EACCES;
+
 	if (!p->stat_buffer_len)
 		return -ENOENT;
 
-- 
2.26.2
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
  2020-08-13  4:34 [PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute Vaibhav Jain
@ 2020-08-13 12:31 ` Aneesh Kumar K.V
  2020-08-14  1:29   ` Michael Ellerman
  0 siblings, 1 reply; 4+ messages in thread
From: Aneesh Kumar K.V @ 2020-08-13 12:31 UTC (permalink / raw)
  To: Vaibhav Jain, linuxppc-dev, linux-nvdimm; +Cc: Michael Ellerman

On 8/13/20 10:04 AM, Vaibhav Jain wrote:
> The newly introduced 'perf_stats' attribute uses the default access
> mode of 0444 letting non-root users access performance stats of an
> nvdimm and potentially force the kernel into issuing large number of
> expensive HCALLs. Since the information exposed by this attribute
> cannot be cached hence its better to ward of access to this attribute
> from users who don't need to access these performance statistics.
> 
> Hence this patch adds check in perf_stats_show() to only let users
> that are 'perfmon_capable()' to read the nvdimm performance
> statistics.
> 
> Fixes: 2d02bf835e573 ('powerpc/papr_scm: Fetch nvdimm performance stats from PHYP')
> Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
> Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
> ---
>   arch/powerpc/platforms/pseries/papr_scm.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c
> index f439f0dfea7d1..36c51bf8af9a8 100644
> --- a/arch/powerpc/platforms/pseries/papr_scm.c
> +++ b/arch/powerpc/platforms/pseries/papr_scm.c
> @@ -792,6 +792,10 @@ static ssize_t perf_stats_show(struct device *dev,
>   	struct nvdimm *dimm = to_nvdimm(dev);
>   	struct papr_scm_priv *p = nvdimm_provider_data(dimm);
>   
> +	/* Allow access only to perfmon capable users */
> +	if (!perfmon_capable())
> +		return -EACCES;
> +

An access check is usually done in open(). This is the read callback IIUC.

>   	if (!p->stat_buffer_len)
>   		return -ENOENT;
>   
> 

-aneesh
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
  2020-08-13 12:31 ` Aneesh Kumar K.V
@ 2020-08-14  1:29   ` Michael Ellerman
  2020-08-19  9:19     ` Vaibhav Jain
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Ellerman @ 2020-08-14  1:29 UTC (permalink / raw)
  To: Aneesh Kumar K.V, Vaibhav Jain, linuxppc-dev, linux-nvdimm
  Cc: Dan Williams, Santosh Sivaraj, Ira Weiny, Oliver O'Halloran

"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com> writes:
> On 8/13/20 10:04 AM, Vaibhav Jain wrote:
>> The newly introduced 'perf_stats' attribute uses the default access
>> mode of 0444 letting non-root users access performance stats of an
>> nvdimm and potentially force the kernel into issuing large number of
>> expensive HCALLs. Since the information exposed by this attribute
>> cannot be cached hence its better to ward of access to this attribute
>> from users who don't need to access these performance statistics.
>> 
>> Hence this patch adds check in perf_stats_show() to only let users
>> that are 'perfmon_capable()' to read the nvdimm performance
>> statistics.
>> 
>> Fixes: 2d02bf835e573 ('powerpc/papr_scm: Fetch nvdimm performance stats from PHYP')
>> Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
>> Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
>> ---
>>   arch/powerpc/platforms/pseries/papr_scm.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>> 
>> diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c
>> index f439f0dfea7d1..36c51bf8af9a8 100644
>> --- a/arch/powerpc/platforms/pseries/papr_scm.c
>> +++ b/arch/powerpc/platforms/pseries/papr_scm.c
>> @@ -792,6 +792,10 @@ static ssize_t perf_stats_show(struct device *dev,
>>   	struct nvdimm *dimm = to_nvdimm(dev);
>>   	struct papr_scm_priv *p = nvdimm_provider_data(dimm);
>>   
>> +	/* Allow access only to perfmon capable users */
>> +	if (!perfmon_capable())
>> +		return -EACCES;
>> +
>
> An access check is usually done in open(). This is the read callback IIUC.

Yes. Otherwise an unprivileged user can open the file, and then trick a
suid program into reading from it.

cheers
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
  2020-08-14  1:29   ` Michael Ellerman
@ 2020-08-19  9:19     ` Vaibhav Jain
  0 siblings, 0 replies; 4+ messages in thread
From: Vaibhav Jain @ 2020-08-19  9:19 UTC (permalink / raw)
  To: Michael Ellerman, Aneesh Kumar K.V, linuxppc-dev, linux-nvdimm
  Cc: Dan Williams, Santosh Sivaraj, Ira Weiny, Oliver O'Halloran

Thanks Aneesh and Mpe for reviewing this patch.

Michael Ellerman <mpe@ellerman.id.au> writes:

> "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com> writes:
[snip]
>>>   
>>> +	/* Allow access only to perfmon capable users */
>>> +	if (!perfmon_capable())
>>> +		return -EACCES;
>>> +
>>
>> An access check is usually done in open(). This is the read callback IIUC.
>
> Yes. Otherwise an unprivileged user can open the file, and then trick a
> suid program into reading from it.

Agree, but since the 'open()' for this sysfs attribute is handled
by kern-fs, AFAIK dont see any direct way to enforce this policy.

Only other way it seems to me is to convert the 'perf_stats' DEVICE_ATTR_RO
to DEVICE_ATTR_ADMIN_RO.

>
> cheers

-- 
Cheers
~ Vaibhav
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-08-19  9:19 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-13  4:34 [PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute Vaibhav Jain
2020-08-13 12:31 ` Aneesh Kumar K.V
2020-08-14  1:29   ` Michael Ellerman
2020-08-19  9:19     ` Vaibhav Jain

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox