From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>,
James Morris <jmorris@namei.org>, Serge Hallyn <serge@hallyn.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Will Deacon <will@kernel.org>, Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Andi Kleen <ak@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Stephane Eranian <eranian@google.com>,
Igor Lubashev <ilubashe@akamai.com>, Jiri Olsa <jolsa@redhat.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
oprofile-list@lists.sf.net
Subject: Re: [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Thu, 6 Feb 2020 13:30:56 -0500 [thread overview]
Message-ID: <06cdca0e-65f2-b58d-a84e-5a1907aa9eb5@tycho.nsa.gov> (raw)
In-Reply-To: <1bcb4cb1-98c4-cc1a-b8e3-fd8a0e1e606f@linux.intel.com>
On 2/6/20 1:26 PM, Alexey Budankov wrote:
>
> On 06.02.2020 21:23, Stephen Smalley wrote:
>> On 2/5/20 12:30 PM, Alexey Budankov wrote:
>>>
>>> Introduce CAP_PERFMON capability designed to secure system performance
>>> monitoring and observability operations so that CAP_PERFMON would assist
>>> CAP_SYS_ADMIN capability in its governing role for performance monitoring
>>> and observability subsystems.
>>>
>>> CAP_PERFMON hardens system security and integrity during performance
>>> monitoring and observability operations by decreasing attack surface that
>>> is available to a CAP_SYS_ADMIN privileged process [2]. Providing the access
>>> to system performance monitoring and observability operations under CAP_PERFMON
>>> capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes
>>> chances to misuse the credentials and makes the operation more secure.
>>> Thus, CAP_PERFMON implements the principal of least privilege for performance
>>> monitoring and observability operations (POSIX IEEE 1003.1e: 2.2.2.39 principle
>>> of least privilege: A security design principle that states that a process
>>> or program be granted only those privileges (e.g., capabilities) necessary
>>> to accomplish its legitimate function, and only for the time that such
>>> privileges are actually required)
>>>
>>> CAP_PERFMON meets the demand to secure system performance monitoring and
>>> observability operations for adoption in security sensitive, restricted,
>>> multiuser production environments (e.g. HPC clusters, cloud and virtual compute
>>> environments), where root or CAP_SYS_ADMIN credentials are not available to
>>> mass users of a system, and securely unblocks accessibility of system performance monitoring and observability operations beyond root and CAP_SYS_ADMIN use cases.
>>>
>>> CAP_PERFMON takes over CAP_SYS_ADMIN credentials related to system performance
>>> monitoring and observability operations and balances amount of CAP_SYS_ADMIN
>>> credentials following the recommendations in the capabilities man page [1]
>>> for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to kernel
>>> developers, below." For backward compatibility reasons access to system
>>> performance monitoring and observability subsystems of the kernel remains
>>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN capability
>>> usage for secure system performance monitoring and observability operations
>>> is discouraged with respect to the designed CAP_PERFMON capability.
>>>
>>> Although the software running under CAP_PERFMON can not ensure avoidance
>>> of related hardware issues, the software can still mitigate these issues
>>> following the official hardware issues mitigation procedure [2]. The bugs
>>> in the software itself can be fixed following the standard kernel development
>>> process [3] to maintain and harden security of system performance monitoring
>>> and observability operations.
>>>
>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
>>> [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
>>> [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
>>>
>>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>>
>> This will require a small update to the selinux-testsuite to correctly reflect the new capability requirements, but that's easy enough.
>
> Is the suite a part of the kernel sources or something else?
It is external,
https://github.com/SELinuxProject/selinux-testsuite
I wasn't suggesting that your patch be blocked on updating the
testsuite, just noting that it will need to be done.
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>,
James Morris <jmorris@namei.org>, Serge Hallyn <serge@hallyn.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Will Deacon <will@kernel.org>, Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Andi Kleen <ak@linux.intel.com>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Igor Lubashev <ilubashe@akamai.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Stephane Eranian <eranian@google.com>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
oprofile-list@lists.sf.net, Thomas Gleixner <tglx@linutronix.de>,
Jiri Olsa <jolsa@redhat.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Thu, 6 Feb 2020 13:30:56 -0500 [thread overview]
Message-ID: <06cdca0e-65f2-b58d-a84e-5a1907aa9eb5@tycho.nsa.gov> (raw)
In-Reply-To: <1bcb4cb1-98c4-cc1a-b8e3-fd8a0e1e606f@linux.intel.com>
On 2/6/20 1:26 PM, Alexey Budankov wrote:
>
> On 06.02.2020 21:23, Stephen Smalley wrote:
>> On 2/5/20 12:30 PM, Alexey Budankov wrote:
>>>
>>> Introduce CAP_PERFMON capability designed to secure system performance
>>> monitoring and observability operations so that CAP_PERFMON would assist
>>> CAP_SYS_ADMIN capability in its governing role for performance monitoring
>>> and observability subsystems.
>>>
>>> CAP_PERFMON hardens system security and integrity during performance
>>> monitoring and observability operations by decreasing attack surface that
>>> is available to a CAP_SYS_ADMIN privileged process [2]. Providing the access
>>> to system performance monitoring and observability operations under CAP_PERFMON
>>> capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes
>>> chances to misuse the credentials and makes the operation more secure.
>>> Thus, CAP_PERFMON implements the principal of least privilege for performance
>>> monitoring and observability operations (POSIX IEEE 1003.1e: 2.2.2.39 principle
>>> of least privilege: A security design principle that states that a process
>>> or program be granted only those privileges (e.g., capabilities) necessary
>>> to accomplish its legitimate function, and only for the time that such
>>> privileges are actually required)
>>>
>>> CAP_PERFMON meets the demand to secure system performance monitoring and
>>> observability operations for adoption in security sensitive, restricted,
>>> multiuser production environments (e.g. HPC clusters, cloud and virtual compute
>>> environments), where root or CAP_SYS_ADMIN credentials are not available to
>>> mass users of a system, and securely unblocks accessibility of system performance monitoring and observability operations beyond root and CAP_SYS_ADMIN use cases.
>>>
>>> CAP_PERFMON takes over CAP_SYS_ADMIN credentials related to system performance
>>> monitoring and observability operations and balances amount of CAP_SYS_ADMIN
>>> credentials following the recommendations in the capabilities man page [1]
>>> for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to kernel
>>> developers, below." For backward compatibility reasons access to system
>>> performance monitoring and observability subsystems of the kernel remains
>>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN capability
>>> usage for secure system performance monitoring and observability operations
>>> is discouraged with respect to the designed CAP_PERFMON capability.
>>>
>>> Although the software running under CAP_PERFMON can not ensure avoidance
>>> of related hardware issues, the software can still mitigate these issues
>>> following the official hardware issues mitigation procedure [2]. The bugs
>>> in the software itself can be fixed following the standard kernel development
>>> process [3] to maintain and harden security of system performance monitoring
>>> and observability operations.
>>>
>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
>>> [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
>>> [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
>>>
>>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>>
>> This will require a small update to the selinux-testsuite to correctly reflect the new capability requirements, but that's easy enough.
>
> Is the suite a part of the kernel sources or something else?
It is external,
https://github.com/SELinuxProject/selinux-testsuite
I wasn't suggesting that your patch be blocked on updating the
testsuite, just noting that it will need to be done.
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>,
James Morris <jmorris@namei.org>, Serge Hallyn <serge@hallyn.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Will Deacon <will@kernel.org>, Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Andi Kleen <ak@linux.intel.com>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Igor Lubashev <ilubashe@akamai.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Stephane Eranian <eranian@google.com>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
oprofile-list@lists.sf.net, Thomas Gleixner <tglx@linutronix.de>,
Jiri Olsa <jolsa@redhat.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Thu, 6 Feb 2020 13:30:56 -0500 [thread overview]
Message-ID: <06cdca0e-65f2-b58d-a84e-5a1907aa9eb5@tycho.nsa.gov> (raw)
In-Reply-To: <1bcb4cb1-98c4-cc1a-b8e3-fd8a0e1e606f@linux.intel.com>
On 2/6/20 1:26 PM, Alexey Budankov wrote:
>
> On 06.02.2020 21:23, Stephen Smalley wrote:
>> On 2/5/20 12:30 PM, Alexey Budankov wrote:
>>>
>>> Introduce CAP_PERFMON capability designed to secure system performance
>>> monitoring and observability operations so that CAP_PERFMON would assist
>>> CAP_SYS_ADMIN capability in its governing role for performance monitoring
>>> and observability subsystems.
>>>
>>> CAP_PERFMON hardens system security and integrity during performance
>>> monitoring and observability operations by decreasing attack surface that
>>> is available to a CAP_SYS_ADMIN privileged process [2]. Providing the access
>>> to system performance monitoring and observability operations under CAP_PERFMON
>>> capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes
>>> chances to misuse the credentials and makes the operation more secure.
>>> Thus, CAP_PERFMON implements the principal of least privilege for performance
>>> monitoring and observability operations (POSIX IEEE 1003.1e: 2.2.2.39 principle
>>> of least privilege: A security design principle that states that a process
>>> or program be granted only those privileges (e.g., capabilities) necessary
>>> to accomplish its legitimate function, and only for the time that such
>>> privileges are actually required)
>>>
>>> CAP_PERFMON meets the demand to secure system performance monitoring and
>>> observability operations for adoption in security sensitive, restricted,
>>> multiuser production environments (e.g. HPC clusters, cloud and virtual compute
>>> environments), where root or CAP_SYS_ADMIN credentials are not available to
>>> mass users of a system, and securely unblocks accessibility of system performance monitoring and observability operations beyond root and CAP_SYS_ADMIN use cases.
>>>
>>> CAP_PERFMON takes over CAP_SYS_ADMIN credentials related to system performance
>>> monitoring and observability operations and balances amount of CAP_SYS_ADMIN
>>> credentials following the recommendations in the capabilities man page [1]
>>> for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to kernel
>>> developers, below." For backward compatibility reasons access to system
>>> performance monitoring and observability subsystems of the kernel remains
>>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN capability
>>> usage for secure system performance monitoring and observability operations
>>> is discouraged with respect to the designed CAP_PERFMON capability.
>>>
>>> Although the software running under CAP_PERFMON can not ensure avoidance
>>> of related hardware issues, the software can still mitigate these issues
>>> following the official hardware issues mitigation procedure [2]. The bugs
>>> in the software itself can be fixed following the standard kernel development
>>> process [3] to maintain and harden security of system performance monitoring
>>> and observability operations.
>>>
>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
>>> [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
>>> [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
>>>
>>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>>
>> This will require a small update to the selinux-testsuite to correctly reflect the new capability requirements, but that's easy enough.
>
> Is the suite a part of the kernel sources or something else?
It is external,
https://github.com/SELinuxProject/selinux-testsuite
I wasn't suggesting that your patch be blocked on updating the
testsuite, just noting that it will need to be done.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>,
James Morris <jmorris@namei.org>, Serge Hallyn <serge@hallyn.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Will Deacon <will@kernel.org>, Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Andi Kleen <ak@linux.intel.com>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Igor Lubashev <ilubashe@akamai.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Stephane Eranian <eranian@google.com>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
oprofile-list@lists.sf.net, Thomas Gleixner <tglx@linutronix.de>,
Jiri Olsa <jolsa@redhat.com>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [Intel-gfx] [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Thu, 6 Feb 2020 13:30:56 -0500 [thread overview]
Message-ID: <06cdca0e-65f2-b58d-a84e-5a1907aa9eb5@tycho.nsa.gov> (raw)
In-Reply-To: <1bcb4cb1-98c4-cc1a-b8e3-fd8a0e1e606f@linux.intel.com>
On 2/6/20 1:26 PM, Alexey Budankov wrote:
>
> On 06.02.2020 21:23, Stephen Smalley wrote:
>> On 2/5/20 12:30 PM, Alexey Budankov wrote:
>>>
>>> Introduce CAP_PERFMON capability designed to secure system performance
>>> monitoring and observability operations so that CAP_PERFMON would assist
>>> CAP_SYS_ADMIN capability in its governing role for performance monitoring
>>> and observability subsystems.
>>>
>>> CAP_PERFMON hardens system security and integrity during performance
>>> monitoring and observability operations by decreasing attack surface that
>>> is available to a CAP_SYS_ADMIN privileged process [2]. Providing the access
>>> to system performance monitoring and observability operations under CAP_PERFMON
>>> capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes
>>> chances to misuse the credentials and makes the operation more secure.
>>> Thus, CAP_PERFMON implements the principal of least privilege for performance
>>> monitoring and observability operations (POSIX IEEE 1003.1e: 2.2.2.39 principle
>>> of least privilege: A security design principle that states that a process
>>> or program be granted only those privileges (e.g., capabilities) necessary
>>> to accomplish its legitimate function, and only for the time that such
>>> privileges are actually required)
>>>
>>> CAP_PERFMON meets the demand to secure system performance monitoring and
>>> observability operations for adoption in security sensitive, restricted,
>>> multiuser production environments (e.g. HPC clusters, cloud and virtual compute
>>> environments), where root or CAP_SYS_ADMIN credentials are not available to
>>> mass users of a system, and securely unblocks accessibility of system performance monitoring and observability operations beyond root and CAP_SYS_ADMIN use cases.
>>>
>>> CAP_PERFMON takes over CAP_SYS_ADMIN credentials related to system performance
>>> monitoring and observability operations and balances amount of CAP_SYS_ADMIN
>>> credentials following the recommendations in the capabilities man page [1]
>>> for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to kernel
>>> developers, below." For backward compatibility reasons access to system
>>> performance monitoring and observability subsystems of the kernel remains
>>> open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN capability
>>> usage for secure system performance monitoring and observability operations
>>> is discouraged with respect to the designed CAP_PERFMON capability.
>>>
>>> Although the software running under CAP_PERFMON can not ensure avoidance
>>> of related hardware issues, the software can still mitigate these issues
>>> following the official hardware issues mitigation procedure [2]. The bugs
>>> in the software itself can be fixed following the standard kernel development
>>> process [3] to maintain and harden security of system performance monitoring
>>> and observability operations.
>>>
>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
>>> [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
>>> [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
>>>
>>> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
>>
>> This will require a small update to the selinux-testsuite to correctly reflect the new capability requirements, but that's easy enough.
>
> Is the suite a part of the kernel sources or something else?
It is external,
https://github.com/SELinuxProject/selinux-testsuite
I wasn't suggesting that your patch be blocked on updating the
testsuite, just noting that it will need to be done.
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2020-02-06 18:30 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-05 17:25 [PATCH v6 00/10] Introduce CAP_PERFMON to secure system performance monitoring and observability Alexey Budankov
2020-02-05 17:25 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:25 ` Alexey Budankov
2020-02-05 17:25 ` Alexey Budankov
2020-02-05 17:30 ` [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space Alexey Budankov
2020-02-05 17:30 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:30 ` Alexey Budankov
2020-02-05 17:30 ` Alexey Budankov
2020-02-06 18:23 ` Stephen Smalley
2020-02-06 18:23 ` [Intel-gfx] " Stephen Smalley
2020-02-06 18:23 ` Stephen Smalley
2020-02-06 18:23 ` Stephen Smalley
2020-02-06 18:26 ` Alexey Budankov
2020-02-06 18:26 ` [Intel-gfx] " Alexey Budankov
2020-02-06 18:26 ` Alexey Budankov
2020-02-06 18:26 ` Alexey Budankov
2020-02-06 18:30 ` Stephen Smalley [this message]
2020-02-06 18:30 ` [Intel-gfx] " Stephen Smalley
2020-02-06 18:30 ` Stephen Smalley
2020-02-06 18:30 ` Stephen Smalley
2020-02-06 18:38 ` Alexey Budankov
2020-02-06 18:38 ` [Intel-gfx] " Alexey Budankov
2020-02-06 18:38 ` Alexey Budankov
2020-02-06 18:38 ` Alexey Budankov
2020-02-05 17:30 ` [PATCH v6 02/10] perf/core: open access to the core for CAP_PERFMON privileged process Alexey Budankov
2020-02-05 17:30 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:30 ` Alexey Budankov
2020-02-05 17:30 ` Alexey Budankov
2020-02-05 17:31 ` [PATCH v6 03/10] perf/core: open access to probes " Alexey Budankov
2020-02-05 17:31 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:31 ` Alexey Budankov
2020-02-05 17:31 ` Alexey Budankov
2020-02-05 17:32 ` [PATCH v6 04/10] perf tool: extend Perf tool with CAP_PERFMON capability support Alexey Budankov
2020-02-05 17:32 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:32 ` Alexey Budankov
2020-02-05 17:32 ` Alexey Budankov
2020-02-05 17:33 ` [PATCH v6 05/10] drm/i915/perf: open access for CAP_PERFMON privileged process Alexey Budankov
2020-02-05 17:33 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:33 ` Alexey Budankov
2020-02-05 17:33 ` Alexey Budankov
2020-02-05 17:34 ` [PATCH v6 06/10] trace/bpf_trace: " Alexey Budankov
2020-02-05 17:34 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:34 ` Alexey Budankov
2020-02-05 17:34 ` Alexey Budankov
2020-02-05 17:35 ` [PATCH v6 07/10] powerpc/perf: " Alexey Budankov
2020-02-05 17:35 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:35 ` Alexey Budankov
2020-02-05 17:35 ` Alexey Budankov
2020-02-05 17:35 ` [PATCH v6 08/10] parisc/perf: " Alexey Budankov
2020-02-05 17:35 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:35 ` Alexey Budankov
2020-02-05 17:35 ` Alexey Budankov
2020-02-05 17:36 ` [PATCH v6 09/10] drivers/perf: " Alexey Budankov
2020-02-05 17:36 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:36 ` Alexey Budankov
2020-02-05 17:36 ` Alexey Budankov
2020-02-05 17:37 ` [PATCH v6 10/10] drivers/oprofile: " Alexey Budankov
2020-02-05 17:37 ` [Intel-gfx] " Alexey Budankov
2020-02-05 17:37 ` Alexey Budankov
2020-02-05 17:37 ` Alexey Budankov
2020-02-05 20:57 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for Introduce CAP_PERFMON to secure system performance monitoring and observability (rev3) Patchwork
2020-02-05 21:47 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2020-02-08 8:01 ` [Intel-gfx] ✗ Fi.CI.IGT: failure " Patchwork
-- strict thread matches above, loose matches on Subject: below --
2020-01-28 5:52 [PATCH v6 00/10] Introduce CAP_PERFMON to secure system performance monitoring and observability Alexey Budankov
2020-01-28 6:07 ` [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space Alexey Budankov
2020-01-28 6:07 ` Alexey Budankov
2020-01-28 6:07 ` Alexey Budankov
2020-01-28 6:07 ` Alexey Budankov
2020-01-28 21:16 ` James Morris
2020-01-28 21:16 ` James Morris
2020-01-28 21:16 ` James Morris
2020-01-28 21:16 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=06cdca0e-65f2-b58d-a84e-5a1907aa9eb5@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=ast@kernel.org \
--cc=eranian@google.com \
--cc=ilubashe@akamai.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jmorris@namei.org \
--cc=jolsa@redhat.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=oprofile-list@lists.sf.net \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.