From: Peter Zijlstra <peterz@infradead.org>
To: Marco Elver <elver@google.com>
Cc: Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, Dmitry Vyukov <dvyukov@google.com>,
Jann Horn <jannh@google.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] perf: Allow restricted kernel breakpoints on user addresses
Date: Wed, 7 Sep 2022 14:39:15 +0200 [thread overview]
Message-ID: <YxiQ87X1eUB2rrtF@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20220902100057.404817-1-elver@google.com>
On Fri, Sep 02, 2022 at 12:00:57PM +0200, Marco Elver wrote:
> +/*
> + * Check if unprivileged users are allowed to set up breakpoints on user
> + * addresses that also count when the kernel accesses them.
> + */
> +static bool perf_allow_kernel_breakpoint(struct perf_event_attr *attr)
> +{
> + if (attr->type != PERF_TYPE_BREAKPOINT)
> + return false;
> +
> + /*
> + * The sample may contain IPs, registers, or other information that may
> + * disclose kernel addresses or timing information. Disallow any kind of
> + * additional sample information.
> + */
> + if (attr->sample_type)
> + return false;
This feels a bit weird; should that perhaps be is_sampling_event()?
> +
> + /*
> + * Only allow kernel breakpoints on user addresses.
> + */
> + return access_ok((void __user *)(unsigned long)attr->bp_addr, attr->bp_len);
> +}
> +
> +int perf_allow_kernel(struct perf_event_attr *attr)
> +{
> + if (sysctl_perf_event_paranoid > 1 && !perfmon_capable() &&
> + !perf_allow_kernel_breakpoint(attr))
I'm on the fence about this; one the one hand it feels weird to have a
breakpoint exception here and not a pmu specific callback for instance;
OTOH, leaving security policy like that up to pmu drivers sounds like a
really bad idea too.
Keep it as is I suppose, just me thinking out loud or so.
> + return -EACCES;
> +
> + return security_perf_event_open(attr, PERF_SECURITY_KERNEL);
> +}
next prev parent reply other threads:[~2022-09-07 12:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-02 10:00 [PATCH] perf: Allow restricted kernel breakpoints on user addresses Marco Elver
2022-09-05 15:53 ` Dmitry Vyukov
2022-09-06 20:38 ` Peter Zijlstra
2022-09-07 7:40 ` Marco Elver
2022-09-07 12:39 ` Peter Zijlstra [this message]
2022-09-08 7:58 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YxiQ87X1eUB2rrtF@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=jannh@google.com \
--cc=jolsa@kernel.org \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox