From: Peter Zijlstra <peterz@infradead.org>
To: Stephane Eranian <eranian@google.com>
Cc: Ingo Molnar <mingo@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"ak@linux.intel.com" <ak@linux.intel.com>
Subject: Re: [PATCH 3/3] perf, x86, lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL
Date: Wed, 15 May 2013 16:30:19 +0200 [thread overview]
Message-ID: <20130515143019.GA13916@laptop.home> (raw)
In-Reply-To: <CABPqkBTvcQAyXfeiJwpPsNtbs4ffsVguXE631dK_rbzHpwBdOg@mail.gmail.com>
On Wed, May 15, 2013 at 03:37:22PM +0200, Stephane Eranian wrote:
> On Fri, May 3, 2013 at 2:11 PM, Peter Zijlstra <a.p.zijlstra@chello.nl> wrote:
> > We should always have proper privileges when requesting kernel data.
> >
> > Cc: Andi Kleen <ak@linux.intel.com>
> > Cc: eranian@google.com
> > Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
> > Link: http://lkml.kernel.org/n/tip-v0x9ky3ahzr6nm3c6ilwrili@git.kernel.org
> > ---
> > arch/x86/kernel/cpu/perf_event_intel_lbr.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > --- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> > +++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> > @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filte
> > if (br_type & PERF_SAMPLE_BRANCH_USER)
> > mask |= X86_BR_USER;
> >
> > - if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
> > + if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
> > + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
> > + return -EACCES;
> > mask |= X86_BR_KERNEL;
> > + }
> >
> This will prevent regular users from capturing kernel -> kernel branches.
> But it won't prevent users from getting kernel -> user branches. Thus
> some kernel address will still be captured. I guess they could be eliminated
> by the sw_filter.
>
> When using LBR priv level filtering, the filter applies to the branch target
> only.
Ah, indeed. I'll try and whip up a patch.
next prev parent reply other threads:[~2013-05-15 14:30 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-03 12:11 [PATCH 0/3] Various perf patches Peter Zijlstra
2013-05-03 12:11 ` [PATCH 1/3] perf, x86: Blacklist all MEM_*_RETIRED events for IVB Peter Zijlstra
2013-05-03 14:35 ` Andi Kleen
2013-05-03 17:00 ` Peter Zijlstra
2013-05-15 14:20 ` Stephane Eranian
2013-05-15 16:51 ` Peter Zijlstra
2013-05-16 15:42 ` Stephane Eranian
2013-05-16 16:07 ` Andi Kleen
2013-05-16 16:26 ` Stephane Eranian
2013-05-04 8:20 ` [tip:perf/urgent] perf/x86: Blacklist all MEM_*_RETIRED events for Ivy Bridge tip-bot for Peter Zijlstra
2013-05-03 12:11 ` [PATCH 2/3] perf, x86, lbr: Fix LBR filter Peter Zijlstra
2013-05-03 14:34 ` Andi Kleen
2013-05-04 6:34 ` Ingo Molnar
2013-05-04 8:21 ` [tip:perf/urgent] perf/x86/intel/lbr: " tip-bot for Peter Zijlstra
2013-05-03 12:11 ` [PATCH 3/3] perf, x86, lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL Peter Zijlstra
2013-05-03 14:41 ` Andi Kleen
2013-05-04 8:22 ` [tip:perf/urgent] perf/x86/intel/lbr: " tip-bot for Peter Zijlstra
2013-05-04 11:19 ` Borislav Petkov
2013-05-05 9:05 ` Ingo Molnar
2013-05-06 8:07 ` Peter Zijlstra
2013-05-06 9:42 ` Ingo Molnar
2013-05-15 13:37 ` [PATCH 3/3] perf, x86, lbr: " Stephane Eranian
2013-05-15 14:30 ` Peter Zijlstra [this message]
2013-05-16 9:09 ` Peter Zijlstra
2013-05-16 9:17 ` Peter Zijlstra
2013-05-16 10:09 ` Michael Neuling
2013-05-16 10:09 ` Michael Neuling
2013-05-16 10:15 ` Michael Neuling
2013-05-16 10:15 ` Michael Neuling
2013-05-16 11:16 ` Peter Zijlstra
2013-05-16 11:16 ` Peter Zijlstra
2013-05-16 15:36 ` Stephane Eranian
2013-05-16 15:36 ` Stephane Eranian
2013-05-17 11:12 ` Peter Zijlstra
2013-05-17 11:12 ` Peter Zijlstra
2013-05-17 11:32 ` Michael Neuling
2013-05-17 11:32 ` Michael Neuling
2013-05-17 11:39 ` Peter Zijlstra
2013-05-17 11:39 ` Peter Zijlstra
2013-05-17 21:39 ` Stephane Eranian
2013-05-17 21:39 ` Stephane Eranian
2013-05-17 22:14 ` Michael Neuling
2013-05-17 22:14 ` Michael Neuling
2013-05-17 22:59 ` Stephane Eranian
2013-05-17 22:59 ` Stephane Eranian
2013-05-21 5:41 ` Michael Neuling
2013-05-21 5:41 ` Michael Neuling
2013-05-21 8:50 ` Peter Zijlstra
2013-05-21 8:50 ` Peter Zijlstra
2013-05-21 13:46 ` Stephane Eranian
2013-05-21 13:46 ` Stephane Eranian
2013-05-21 13:55 ` Stephane Eranian
2013-05-21 13:55 ` Stephane Eranian
2013-05-22 6:43 ` Anshuman Khandual
2013-05-22 12:23 ` Stephane Eranian
2013-05-22 14:51 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130515143019.GA13916@laptop.home \
--to=peterz@infradead.org \
--cc=ak@linux.intel.com \
--cc=eranian@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.