From: Beau Belgrave <beaub@linux.microsoft.com>
To: rostedt@goodmis.org, mhiramat@kernel.org
Cc: linux-trace-devel@vger.kernel.org
Subject: Re: [RFC PATCH] tracing/user_events: Limit showing event names to CAP_SYS_ADMIN users
Date: Fri, 11 Mar 2022 17:05:09 -0800 [thread overview]
Message-ID: <20220312010509.GA1931@kbox> (raw)
In-Reply-To: <20220312010140.1880-1-beaub@linux.microsoft.com>
On Fri, Mar 11, 2022 at 05:01:40PM -0800, Beau Belgrave wrote:
> Show actual names only to CAP_SYS_ADMIN capable users.
>
> When user_events are configured to have broader write access than
> default, this allows seeing names of events from other containers, etc.
> Limit who can see the actual names to prevent event squatting or
> information leakage.
>
> Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
> ---
> kernel/trace/trace_events_user.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
> index 2b5e9fdb63a0..fb9fb2071173 100644
> --- a/kernel/trace/trace_events_user.c
> +++ b/kernel/trace/trace_events_user.c
> @@ -1480,6 +1480,9 @@ static int user_seq_show(struct seq_file *m, void *p)
> struct user_event *user;
> char status;
> int i, active = 0, busy = 0, flags;
> + bool show_names;
> +
> + show_names = capable(CAP_SYS_ADMIN);
>
> mutex_lock(®_mutex);
>
> @@ -1487,7 +1490,10 @@ static int user_seq_show(struct seq_file *m, void *p)
> status = register_page_data[user->index];
> flags = user->flags;
>
> - seq_printf(m, "%d:%s", user->index, EVENT_NAME(user));
> + if (show_names)
> + seq_printf(m, "%d:%s", user->index, EVENT_NAME(user));
> + else
> + seq_printf(m, "%d:<hidden>", user->index);
>
> if (flags != 0 || status != 0)
> seq_puts(m, " #");
>
> base-commit: 864ea0e10cc90416a01b46f0d47a6f26dc020820
> --
> 2.17.1
I wanted to get some comments on this. I think for scenarios where
user_events is used in a heavy cgroup environment, that we need to have
some tracing cgroup awareness.
Has this come up before? I would like to only show user_events that have
been created in the current cgroup (and below) like perf_events do for
capturing.
I would also like to get to a point where we can limit how many events
each cgroup can register under user_events.
To me, this sounds like a large feature that requires some alignment for
getting tracing cgroup aware.
Thoughts?
Thanks,
-Beau
next prev parent reply other threads:[~2022-03-12 1:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-12 1:01 [RFC PATCH] tracing/user_events: Limit showing event names to CAP_SYS_ADMIN users Beau Belgrave
2022-03-12 1:05 ` Beau Belgrave [this message]
2022-03-12 2:06 ` Steven Rostedt
2022-03-12 2:57 ` Masami Hiramatsu
2022-03-14 17:06 ` Beau Belgrave
2022-03-16 14:20 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220312010509.GA1931@kbox \
--to=beaub@linux.microsoft.com \
--cc=linux-trace-devel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).