From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexey Budankov Subject: Re: [PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process Date: Fri, 10 Jan 2020 19:41:41 +0300 Message-ID: References: <20200108160713.GI2844@hirez.programming.kicks-ass.net> <20200110140234.GO2844@hirez.programming.kicks-ass.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20200110140234.GO2844@hirez.programming.kicks-ass.net> Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane-mx.org@lists.infradead.org To: Peter Zijlstra Cc: Mark Rutland , Song Liu , Alexander Shishkin , Benjamin Herrenschmidt , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" List-Id: linux-perf-users.vger.kernel.org On 10.01.2020 17:02, Peter Zijlstra wrote: > On Thu, Jan 09, 2020 at 02:36:50PM +0300, Alexey Budankov wrote: >> On 08.01.2020 19:07, Peter Zijlstra wrote: >>> On Wed, Dec 18, 2019 at 12:25:35PM +0300, Alexey Budankov wrote: > >>>> diff --git a/kernel/events/core.c b/kernel/events/core.c >>>> index 059ee7116008..d9db414f2197 100644 >>>> --- a/kernel/events/core.c >>>> +++ b/kernel/events/core.c >>>> @@ -9056,7 +9056,7 @@ static int perf_kprobe_event_init(struct perf_event *event) >>>> if (event->attr.type != perf_kprobe.type) >>>> return -ENOENT; >>>> >>>> - if (!capable(CAP_SYS_ADMIN)) >>>> + if (!perfmon_capable()) >>>> return -EACCES; >>>> >>>> /* >>> >>> This one only allows attaching to already extant kprobes, right? It does >>> not allow creation of kprobes. >> >> This unblocks creation of local trace kprobes and uprobes by CAP_SYS_PERFMON >> privileged process, exactly the same as for CAP_SYS_ADMIN privileged process. > > I've no idea what you just said; it's just words. > > Again, this only allows attaching to previously created kprobes, it does > not allow creating kprobes, right? Not really, this allows creating a kprobe using perf_event_open syscall that associates file descriptor with the kprobe [1]. Lifetime of that kprobe is equal to the lifetime of the file descriptor and the kprobe is not visible in tracefs: /sys/kernel/debug/tracing/kprobe_events > > That is; I don't think CAP_SYS_PERFMON should be allowed to create > kprobes. > > As might be clear; I don't actually know what the user-ABI is for > creating kprobes. ~Alexey --- [1] https://lore.kernel.org/lkml/20171206224518.3598254-1-songliubraving@fb.com/