From mboxrd@z Thu Jan 1 00:00:00 1970 From: Will Deacon Subject: Re: [PATCH v4 8/9] drivers/perf: open access for CAP_SYS_PERFMON privileged process Date: Fri, 17 Jan 2020 10:51:54 +0000 Message-ID: <20200117105153.GB6144@willie-the-truck> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane-mx.org@lists.infradead.org To: Alexey Budankov Cc: Mark Rutland , Song Liu , Peter Zijlstra , Benjamin Herrenschmidt , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn s List-Id: linux-perf-users.vger.kernel.org On Wed, Dec 18, 2019 at 12:30:29PM +0300, Alexey Budankov wrote: > > Open access to monitoring for CAP_SYS_PERFMON privileged processes. > For backward compatibility reasons access to the monitoring remains open > for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure > monitoring is discouraged with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov > --- > drivers/perf/arm_spe_pmu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c > index 4e4984a55cd1..5dff81bc3324 100644 > --- a/drivers/perf/arm_spe_pmu.c > +++ b/drivers/perf/arm_spe_pmu.c > @@ -274,7 +274,7 @@ static u64 arm_spe_event_to_pmscr(struct perf_event *event) > if (!attr->exclude_kernel) > reg |= BIT(SYS_PMSCR_EL1_E1SPE_SHIFT); > > - if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && capable(CAP_SYS_ADMIN)) > + if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && perfmon_capable()) > reg |= BIT(SYS_PMSCR_EL1_CX_SHIFT); > > return reg; > @@ -700,7 +700,7 @@ static int arm_spe_pmu_event_init(struct perf_event *event) > return -EOPNOTSUPP; > > reg = arm_spe_event_to_pmscr(event); > - if (!capable(CAP_SYS_ADMIN) && > + if (!perfmon_capable() && > (reg & (BIT(SYS_PMSCR_EL1_PA_SHIFT) | > BIT(SYS_PMSCR_EL1_CX_SHIFT) | > BIT(SYS_PMSCR_EL1_PCT_SHIFT)))) Acked-by: Will Deacon Worth noting that this allows profiling of *physical* addresses used by memory access instructions and so probably has some security implications beyond the usual "but perf is buggy" line of reasoning. Will From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B93DC33CB1 for ; Fri, 17 Jan 2020 10:54:02 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8745F2072B for ; Fri, 17 Jan 2020 10:54:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="DpbJccVe" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8745F2072B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47zdGb2yJczDqrC for ; Fri, 17 Jan 2020 21:53:59 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=kernel.org (client-ip=198.145.29.99; helo=mail.kernel.org; envelope-from=will@kernel.org; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=default header.b=DpbJccVe; dkim-atps=neutral Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47zdDR2DcPzDqhn for ; Fri, 17 Jan 2020 21:52:06 +1100 (AEDT) Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 721152072B; Fri, 17 Jan 2020 10:51:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579258323; bh=wqYL+3CAN6StLGVXFL0NElBOuM/XDqClD5Vd37mJACw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DpbJccVe1MfTBbPFmG44vbN7nZIE9wFXJF1eYsvMK5u+iHUr9FB2Y5YJuuiQnF310 oZTfzNV1ZyqPfJAdjcUOZHI+Sd22iXo5wgVZeD5+ahNkmeMHXSl1SkIpDEp40Hr4+H mANLCazuTEkfauOxA++ovr0SeHzQTv1Hl47yBmYI= Date: Fri, 17 Jan 2020 10:51:54 +0000 From: Will Deacon To: Alexey Budankov Subject: Re: [PATCH v4 8/9] drivers/perf: open access for CAP_SYS_PERFMON privileged process Message-ID: <20200117105153.GB6144@willie-the-truck> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Song Liu , Peter Zijlstra , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , "jani.nikula@linux.intel.com" , Arnaldo Carvalho de Melo , "rodrigo.vivi@intel.com" , Namhyung Kim , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Tvrtko Ursulin , "linux-parisc@vger.kernel.org" , linux-kernel , Lionel Landwerlin , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Wed, Dec 18, 2019 at 12:30:29PM +0300, Alexey Budankov wrote: > > Open access to monitoring for CAP_SYS_PERFMON privileged processes. > For backward compatibility reasons access to the monitoring remains open > for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure > monitoring is discouraged with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov > --- > drivers/perf/arm_spe_pmu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c > index 4e4984a55cd1..5dff81bc3324 100644 > --- a/drivers/perf/arm_spe_pmu.c > +++ b/drivers/perf/arm_spe_pmu.c > @@ -274,7 +274,7 @@ static u64 arm_spe_event_to_pmscr(struct perf_event *event) > if (!attr->exclude_kernel) > reg |= BIT(SYS_PMSCR_EL1_E1SPE_SHIFT); > > - if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && capable(CAP_SYS_ADMIN)) > + if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && perfmon_capable()) > reg |= BIT(SYS_PMSCR_EL1_CX_SHIFT); > > return reg; > @@ -700,7 +700,7 @@ static int arm_spe_pmu_event_init(struct perf_event *event) > return -EOPNOTSUPP; > > reg = arm_spe_event_to_pmscr(event); > - if (!capable(CAP_SYS_ADMIN) && > + if (!perfmon_capable() && > (reg & (BIT(SYS_PMSCR_EL1_PA_SHIFT) | > BIT(SYS_PMSCR_EL1_CX_SHIFT) | > BIT(SYS_PMSCR_EL1_PCT_SHIFT)))) Acked-by: Will Deacon Worth noting that this allows profiling of *physical* addresses used by memory access instructions and so probably has some security implications beyond the usual "but perf is buggy" line of reasoning. Will From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D850CC33CB1 for ; Fri, 17 Jan 2020 10:52:11 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6A10B2082F for ; Fri, 17 Jan 2020 10:52:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="u+tC7XEM"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="DpbJccVe" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6A10B2082F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=MRX6SkcxdhK4p2b67Ece9CHk5WbqLDuyIYJ9DoHbhBM=; b=u+tC7XEMdOLycb gLLPmC1wLLv/fcg1oZsgu23uOUMLOdC9RCe/xtI0nZIuwoSJMZ9V4x3rst+sceVXp36DPIglAarh+ Be3OSdpcpn9My0lWo0he0EjD08i491iL+CJ02qPqVq6fHPddwiSDTfSkHRFxLBzKmSiJ6zoVP10Xm DVcftK6qfUYgGF2fPXVBqmNebNKYZso1sY5wvGvN4A6DXDTiupdyiS8R3DDZSc4sdhBqtWeBXJLfd fK9lcjkiAaP2uN0L+WUKoI4+E+PQREwg5LFdUMTpTYzxs3ckJdmaLCxPmzzsFIIOwTD94LRmem7ur h23YDO5oXVDTmK83aH1A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1isPEV-0000Ly-2m; Fri, 17 Jan 2020 10:52:07 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1isPES-0000LZ-9b for linux-arm-kernel@lists.infradead.org; Fri, 17 Jan 2020 10:52:05 +0000 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 721152072B; Fri, 17 Jan 2020 10:51:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579258323; bh=wqYL+3CAN6StLGVXFL0NElBOuM/XDqClD5Vd37mJACw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DpbJccVe1MfTBbPFmG44vbN7nZIE9wFXJF1eYsvMK5u+iHUr9FB2Y5YJuuiQnF310 oZTfzNV1ZyqPfJAdjcUOZHI+Sd22iXo5wgVZeD5+ahNkmeMHXSl1SkIpDEp40Hr4+H mANLCazuTEkfauOxA++ovr0SeHzQTv1Hl47yBmYI= Date: Fri, 17 Jan 2020 10:51:54 +0000 From: Will Deacon To: Alexey Budankov Subject: Re: [PATCH v4 8/9] drivers/perf: open access for CAP_SYS_PERFMON privileged process Message-ID: <20200117105153.GB6144@willie-the-truck> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200117_025204_381871_941697A5 X-CRM114-Status: GOOD ( 15.14 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Song Liu , Peter Zijlstra , Benjamin Herrenschmidt , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , "jani.nikula@linux.intel.com" , Arnaldo Carvalho de Melo , "rodrigo.vivi@intel.com" , Namhyung Kim , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Tvrtko Ursulin , "linux-parisc@vger.kernel.org" , linux-kernel , Lionel Landwerlin , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Dec 18, 2019 at 12:30:29PM +0300, Alexey Budankov wrote: > > Open access to monitoring for CAP_SYS_PERFMON privileged processes. > For backward compatibility reasons access to the monitoring remains open > for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure > monitoring is discouraged with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov > --- > drivers/perf/arm_spe_pmu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c > index 4e4984a55cd1..5dff81bc3324 100644 > --- a/drivers/perf/arm_spe_pmu.c > +++ b/drivers/perf/arm_spe_pmu.c > @@ -274,7 +274,7 @@ static u64 arm_spe_event_to_pmscr(struct perf_event *event) > if (!attr->exclude_kernel) > reg |= BIT(SYS_PMSCR_EL1_E1SPE_SHIFT); > > - if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && capable(CAP_SYS_ADMIN)) > + if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && perfmon_capable()) > reg |= BIT(SYS_PMSCR_EL1_CX_SHIFT); > > return reg; > @@ -700,7 +700,7 @@ static int arm_spe_pmu_event_init(struct perf_event *event) > return -EOPNOTSUPP; > > reg = arm_spe_event_to_pmscr(event); > - if (!capable(CAP_SYS_ADMIN) && > + if (!perfmon_capable() && > (reg & (BIT(SYS_PMSCR_EL1_PA_SHIFT) | > BIT(SYS_PMSCR_EL1_CX_SHIFT) | > BIT(SYS_PMSCR_EL1_PCT_SHIFT)))) Acked-by: Will Deacon Worth noting that this allows profiling of *physical* addresses used by memory access instructions and so probably has some security implications beyond the usual "but perf is buggy" line of reasoning. Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2226C33C9E for ; Fri, 17 Jan 2020 21:29:12 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 881582072E for ; Fri, 17 Jan 2020 21:29:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="DpbJccVe" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 881582072E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=intel-gfx-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 06C956F930; Fri, 17 Jan 2020 21:29:10 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by gabe.freedesktop.org (Postfix) with ESMTPS id E093E6F46B for ; Fri, 17 Jan 2020 10:52:03 +0000 (UTC) Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 721152072B; Fri, 17 Jan 2020 10:51:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579258323; bh=wqYL+3CAN6StLGVXFL0NElBOuM/XDqClD5Vd37mJACw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DpbJccVe1MfTBbPFmG44vbN7nZIE9wFXJF1eYsvMK5u+iHUr9FB2Y5YJuuiQnF310 oZTfzNV1ZyqPfJAdjcUOZHI+Sd22iXo5wgVZeD5+ahNkmeMHXSl1SkIpDEp40Hr4+H mANLCazuTEkfauOxA++ovr0SeHzQTv1Hl47yBmYI= Date: Fri, 17 Jan 2020 10:51:54 +0000 From: Will Deacon To: Alexey Budankov Message-ID: <20200117105153.GB6144@willie-the-truck> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Mailman-Approved-At: Fri, 17 Jan 2020 21:29:09 +0000 Subject: Re: [Intel-gfx] [PATCH v4 8/9] drivers/perf: open access for CAP_SYS_PERFMON privileged process X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Song Liu , Peter Zijlstra , Benjamin Herrenschmidt , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , oprofile-list@lists.sf.net, Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , Arnaldo Carvalho de Melo , Namhyung Kim , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, "linux-parisc@vger.kernel.org" , linux-kernel , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" On Wed, Dec 18, 2019 at 12:30:29PM +0300, Alexey Budankov wrote: > > Open access to monitoring for CAP_SYS_PERFMON privileged processes. > For backward compatibility reasons access to the monitoring remains open > for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure > monitoring is discouraged with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov > --- > drivers/perf/arm_spe_pmu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c > index 4e4984a55cd1..5dff81bc3324 100644 > --- a/drivers/perf/arm_spe_pmu.c > +++ b/drivers/perf/arm_spe_pmu.c > @@ -274,7 +274,7 @@ static u64 arm_spe_event_to_pmscr(struct perf_event *event) > if (!attr->exclude_kernel) > reg |= BIT(SYS_PMSCR_EL1_E1SPE_SHIFT); > > - if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && capable(CAP_SYS_ADMIN)) > + if (IS_ENABLED(CONFIG_PID_IN_CONTEXTIDR) && perfmon_capable()) > reg |= BIT(SYS_PMSCR_EL1_CX_SHIFT); > > return reg; > @@ -700,7 +700,7 @@ static int arm_spe_pmu_event_init(struct perf_event *event) > return -EOPNOTSUPP; > > reg = arm_spe_event_to_pmscr(event); > - if (!capable(CAP_SYS_ADMIN) && > + if (!perfmon_capable() && > (reg & (BIT(SYS_PMSCR_EL1_PA_SHIFT) | > BIT(SYS_PMSCR_EL1_CX_SHIFT) | > BIT(SYS_PMSCR_EL1_PCT_SHIFT)))) Acked-by: Will Deacon Worth noting that this allows profiling of *physical* addresses used by memory access instructions and so probably has some security implications beyond the usual "but perf is buggy" line of reasoning. Will _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx