From: Joel Fernandes <joel@joelfernandes.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
rostedt@goodmis.org, primiano@google.com, rsavitski@google.com,
jeffv@google.com, kernel-team@android.com,
James Morris <jmorris@namei.org>,
Alexei Starovoitov <ast@kernel.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
bpf@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>,
Ingo Molnar <mingo@redhat.com>, Jiri Olsa <jolsa@redhat.com>,
Kees Cook <keescook@chromium.org>,
linux-security-module@vger.kernel.org,
Matthew Garrett <matthewgarrett@google.com>,
Namhyung Kim <namhyung@kernel.org>,
selinux@vger.kernel.org, Song Liu <songliubraving@fb.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, Yonghong Song <yhs@fb.com>
Subject: Re: [PATCH v2] perf_event: Add support for LSM and SELinux checks
Date: Tue, 15 Oct 2019 20:35:00 -0400 [thread overview]
Message-ID: <20191016003500.GC89937@google.com> (raw)
In-Reply-To: <c5bd06a4-54a4-b56e-457c-df36f05d2e3f@tycho.nsa.gov>
> > diff --git a/include/uapi/linux/perf_event.h b/include/uapi/linux/perf_event.h
> > index bb7b271397a6..2af95f937a5b 100644
> > --- a/include/uapi/linux/perf_event.h
> > +++ b/include/uapi/linux/perf_event.h
> > @@ -427,6 +427,15 @@ struct perf_event_attr {
> > __u16 __reserved_2; /* align to __u64 */
> > };
> > +
> > +/* Access to perf_event_open(2) syscall. */
> > +#define PERF_SECURITY_OPEN 0
> > +
> > +/* Finer grained perf_event_open(2) access control. */
> > +#define PERF_SECURITY_CPU 1
> > +#define PERF_SECURITY_KERNEL 2
> > +#define PERF_SECURITY_TRACEPOINT 3
> > +
>
> Why are these definitions part of the uapi header and not private to the
> kernel?
No reason but I agree it is better to put them in the private header.
Peter, if you are Ok with it, could you squash the below diff into my
original patch? But let me know if you want me to resend the whole patch
again. Thanks.
---8<-----------------------
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index 664bb7f99c46..587ae4d002f5 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -1245,6 +1245,14 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
int perf_event_max_stack_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
+/* Access to perf_event_open(2) syscall. */
+#define PERF_SECURITY_OPEN 0
+
+/* Finer grained perf_event_open(2) access control. */
+#define PERF_SECURITY_CPU 1
+#define PERF_SECURITY_KERNEL 2
+#define PERF_SECURITY_TRACEPOINT 3
+
static inline int perf_is_paranoid(void)
{
return sysctl_perf_event_paranoid > -1;
diff --git a/include/uapi/linux/perf_event.h b/include/uapi/linux/perf_event.h
index 2af95f937a5b..bb7b271397a6 100644
--- a/include/uapi/linux/perf_event.h
+++ b/include/uapi/linux/perf_event.h
@@ -427,15 +427,6 @@ struct perf_event_attr {
__u16 __reserved_2; /* align to __u64 */
};
-
-/* Access to perf_event_open(2) syscall. */
-#define PERF_SECURITY_OPEN 0
-
-/* Finer grained perf_event_open(2) access control. */
-#define PERF_SECURITY_CPU 1
-#define PERF_SECURITY_KERNEL 2
-#define PERF_SECURITY_TRACEPOINT 3
-
/*
* Structure used by below PERF_EVENT_IOC_QUERY_BPF command
* to query bpf programs attached to the same perf tracepoint
--
2.23.0.700.g56cf767bdb-goog
next prev parent reply other threads:[~2019-10-16 0:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-14 17:03 [PATCH v2] perf_event: Add support for LSM and SELinux checks Joel Fernandes (Google)
2019-10-15 8:30 ` Peter Zijlstra
2019-10-16 0:20 ` Joel Fernandes
2019-10-15 14:35 ` Stephen Smalley
2019-10-16 0:35 ` Joel Fernandes [this message]
2019-10-16 8:10 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191016003500.GC89937@google.com \
--to=joel@joelfernandes.org \
--cc=acme@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=jeffv@google.com \
--cc=jmorris@namei.org \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=primiano@google.com \
--cc=rostedt@goodmis.org \
--cc=rsavitski@google.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=x86@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).