linux-perf-users.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] perf/core: Add macros for possible sysctl_perf_event_paranoid values
@ 2022-07-01  6:39 Anshuman Khandual
  2022-07-08  9:10 ` James Clark
  0 siblings, 1 reply; 7+ messages in thread
From: Anshuman Khandual @ 2022-07-01  6:39 UTC (permalink / raw)
  To: linux-kernel
  Cc: Anshuman Khandual, Peter Zijlstra, Ingo Molnar,
	Arnaldo Carvalho de Melo, Mark Rutland, linux-perf-users

sysctl_perf_event_paranoid can have values from [-1, 0, 1, 2] which decides
on perf event restrictions for unprivileged users. But using them directly
makes it difficult to correlate exact restriction level they might impose.
This just adds macros for those numerical restriction values, making them
clear and improving readability.

Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: linux-perf-users@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
---
 include/linux/perf_event.h | 22 ++++++++++++++++++----
 kernel/events/core.c       |  9 +--------
 kernel/kallsyms.c          |  3 ++-
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index da759560eec5..78156b9154df 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -1359,14 +1359,28 @@ int perf_event_max_stack_handler(struct ctl_table *table, int write,
 #define PERF_SECURITY_KERNEL		2
 #define PERF_SECURITY_TRACEPOINT	3
 
+/*
+ * perf event paranoia level:
+ *  -1 - not paranoid at all
+ *   0 - disallow raw tracepoint access for unpriv
+ *   1 - disallow cpu events for unpriv
+ *   2 - disallow kernel profiling for unpriv
+ */
+enum {
+	PERF_EVENT_DISALLOW_NONE	= -1,
+	PERF_EVENT_DISALLOW_TRACE,
+	PERF_EVENT_DISALLOW_CPU,
+	PERF_EVENT_DISALLOW_KERNEL
+};
+
 static inline int perf_is_paranoid(void)
 {
-	return sysctl_perf_event_paranoid > -1;
+	return sysctl_perf_event_paranoid > PERF_EVENT_DISALLOW_NONE;
 }
 
 static inline int perf_allow_kernel(struct perf_event_attr *attr)
 {
-	if (sysctl_perf_event_paranoid > 1 && !perfmon_capable())
+	if (sysctl_perf_event_paranoid >= PERF_EVENT_DISALLOW_KERNEL && !perfmon_capable())
 		return -EACCES;
 
 	return security_perf_event_open(attr, PERF_SECURITY_KERNEL);
@@ -1374,7 +1388,7 @@ static inline int perf_allow_kernel(struct perf_event_attr *attr)
 
 static inline int perf_allow_cpu(struct perf_event_attr *attr)
 {
-	if (sysctl_perf_event_paranoid > 0 && !perfmon_capable())
+	if (sysctl_perf_event_paranoid >= PERF_EVENT_DISALLOW_CPU && !perfmon_capable())
 		return -EACCES;
 
 	return security_perf_event_open(attr, PERF_SECURITY_CPU);
@@ -1382,7 +1396,7 @@ static inline int perf_allow_cpu(struct perf_event_attr *attr)
 
 static inline int perf_allow_tracepoint(struct perf_event_attr *attr)
 {
-	if (sysctl_perf_event_paranoid > -1 && !perfmon_capable())
+	if (sysctl_perf_event_paranoid >= PERF_EVENT_DISALLOW_TRACE && !perfmon_capable())
 		return -EPERM;
 
 	return security_perf_event_open(attr, PERF_SECURITY_TRACEPOINT);
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 80782cddb1da..6fdfdc731bab 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -408,14 +408,7 @@ static struct srcu_struct pmus_srcu;
 static cpumask_var_t perf_online_mask;
 static struct kmem_cache *perf_event_cache;
 
-/*
- * perf event paranoia level:
- *  -1 - not paranoid at all
- *   0 - disallow raw tracepoint access for unpriv
- *   1 - disallow cpu events for unpriv
- *   2 - disallow kernel profiling for unpriv
- */
-int sysctl_perf_event_paranoid __read_mostly = 2;
+int sysctl_perf_event_paranoid __read_mostly = PERF_EVENT_DISALLOW_KERNEL;
 
 /* Minimum for 512 kiB + 1 user control page */
 int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index fbdf8d3279ac..705f7d7d81dc 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -18,6 +18,7 @@
 #include <linux/fs.h>
 #include <linux/kdb.h>
 #include <linux/err.h>
+#include <linux/perf_event.h>
 #include <linux/proc_fs.h>
 #include <linux/sched.h>	/* for cond_resched */
 #include <linux/ctype.h>
@@ -803,7 +804,7 @@ static inline int kallsyms_for_perf(void)
 {
 #ifdef CONFIG_PERF_EVENTS
 	extern int sysctl_perf_event_paranoid;
-	if (sysctl_perf_event_paranoid <= 1)
+	if (sysctl_perf_event_paranoid <= PERF_EVENT_DISALLOW_CPU)
 		return 1;
 #endif
 	return 0;
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-07-12  3:04 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-01  6:39 [PATCH] perf/core: Add macros for possible sysctl_perf_event_paranoid values Anshuman Khandual
2022-07-08  9:10 ` James Clark
2022-07-08 13:31   ` Peter Zijlstra
2022-07-11  9:25     ` Anshuman Khandual
2022-07-11 12:19       ` Peter Zijlstra
2022-07-11 16:16         ` Ian Rogers
2022-07-12  3:04         ` Anshuman Khandual

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).