All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v1] perf/core: take over CAP_SYS_PTRACE creds to CAP_PERFMON cap
@ 2020-08-05  7:56 Alexey Budankov
  2020-08-06 12:16 ` Arnaldo Carvalho de Melo
  2020-08-06 17:09 ` [tip: perf/urgent] perf/core: Take over CAP_SYS_PTRACE creds to CAP_PERFMON capability tip-bot2 for Alexey Budankov
  0 siblings, 2 replies; 3+ messages in thread
From: Alexey Budankov @ 2020-08-05  7:56 UTC (permalink / raw)
  To: Peter Zijlstra, Arnaldo Carvalho de Melo
  Cc: Alexander Shishkin, Jiri Olsa, Namhyung Kim, Ingo Molnar,
	Andi Kleen, linux-kernel


Open access to per-process monitoring for CAP_PERFMON only
privileged processes [1]. Extend ptrace_may_access() check
in perf_events subsystem with perfmon_capable() to simplify
user experience and make monitoring more secure by reducing
attack surface.

[1] https://lore.kernel.org/lkml/7776fa40-6c65-2aa6-1322-eb3a01201000@linux.intel.com/

Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
---
 kernel/events/core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 856d98c36f56..f50d528af444 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -11587,7 +11587,7 @@ SYSCALL_DEFINE5(perf_event_open,
 			goto err_task;
 
 		/*
-		 * Reuse ptrace permission checks for now.
+		 * Preserve ptrace permission check for backwards compatibility.
 		 *
 		 * We must hold exec_update_mutex across this and any potential
 		 * perf_install_in_context() call for this new event to
@@ -11595,7 +11595,7 @@ SYSCALL_DEFINE5(perf_event_open,
 		 * perf_event_exit_task() that could imply).
 		 */
 		err = -EACCES;
-		if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
+		if (!perfmon_capable() && !ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
 			goto err_cred;
 	}
 
-- 
2.24.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v1] perf/core: take over CAP_SYS_PTRACE creds to CAP_PERFMON cap
  2020-08-05  7:56 [PATCH v1] perf/core: take over CAP_SYS_PTRACE creds to CAP_PERFMON cap Alexey Budankov
@ 2020-08-06 12:16 ` Arnaldo Carvalho de Melo
  2020-08-06 17:09 ` [tip: perf/urgent] perf/core: Take over CAP_SYS_PTRACE creds to CAP_PERFMON capability tip-bot2 for Alexey Budankov
  1 sibling, 0 replies; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2020-08-06 12:16 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: Alexey Budankov, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
	Ingo Molnar, Andi Kleen, linux-kernel

Em Wed, Aug 05, 2020 at 10:56:56AM +0300, Alexey Budankov escreveu:
> 
> Open access to per-process monitoring for CAP_PERFMON only
> privileged processes [1]. Extend ptrace_may_access() check
> in perf_events subsystem with perfmon_capable() to simplify
> user experience and make monitoring more secure by reducing
> attack surface.


Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>

Peter, can you pick up this one? You said it was ok last time we
discussed this.

- Arnaldo
 
> [1] https://lore.kernel.org/lkml/7776fa40-6c65-2aa6-1322-eb3a01201000@linux.intel.com/
> 
> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
> ---
>  kernel/events/core.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 856d98c36f56..f50d528af444 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -11587,7 +11587,7 @@ SYSCALL_DEFINE5(perf_event_open,
>  			goto err_task;
>  
>  		/*
> -		 * Reuse ptrace permission checks for now.
> +		 * Preserve ptrace permission check for backwards compatibility.
>  		 *
>  		 * We must hold exec_update_mutex across this and any potential
>  		 * perf_install_in_context() call for this new event to
> @@ -11595,7 +11595,7 @@ SYSCALL_DEFINE5(perf_event_open,
>  		 * perf_event_exit_task() that could imply).
>  		 */
>  		err = -EACCES;
> -		if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
> +		if (!perfmon_capable() && !ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
>  			goto err_cred;
>  	}
>  
> -- 
> 2.24.1
> 

-- 

- Arnaldo

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [tip: perf/urgent] perf/core: Take over CAP_SYS_PTRACE creds to CAP_PERFMON capability
  2020-08-05  7:56 [PATCH v1] perf/core: take over CAP_SYS_PTRACE creds to CAP_PERFMON cap Alexey Budankov
  2020-08-06 12:16 ` Arnaldo Carvalho de Melo
@ 2020-08-06 17:09 ` tip-bot2 for Alexey Budankov
  1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Alexey Budankov @ 2020-08-06 17:09 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Alexey Budankov, Ingo Molnar, Peter Zijlstra, x86, LKML

The following commit has been merged into the perf/urgent branch of tip:

Commit-ID:     45fd22da97c6125d8d0d35bd1791e7c0c4175279
Gitweb:        https://git.kernel.org/tip/45fd22da97c6125d8d0d35bd1791e7c0c4175279
Author:        Alexey Budankov <alexey.budankov@linux.intel.com>
AuthorDate:    Wed, 05 Aug 2020 10:56:56 +03:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 06 Aug 2020 15:03:20 +02:00

perf/core: Take over CAP_SYS_PTRACE creds to CAP_PERFMON capability

Open access to per-process monitoring for CAP_PERFMON only
privileged processes [1]. Extend ptrace_may_access() check
in perf_events subsystem with perfmon_capable() to simplify
user experience and make monitoring more secure by reducing
attack surface.

[1] https://lore.kernel.org/lkml/7776fa40-6c65-2aa6-1322-eb3a01201000@linux.intel.com/

Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/6e8392ff-4732-0012-2949-e1587709f0f6@linux.intel.com
---
 kernel/events/core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 78e69e1..41e0cef 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -11689,7 +11689,7 @@ SYSCALL_DEFINE5(perf_event_open,
 			goto err_task;
 
 		/*
-		 * Reuse ptrace permission checks for now.
+		 * Preserve ptrace permission check for backwards compatibility.
 		 *
 		 * We must hold exec_update_mutex across this and any potential
 		 * perf_install_in_context() call for this new event to
@@ -11697,7 +11697,7 @@ SYSCALL_DEFINE5(perf_event_open,
 		 * perf_event_exit_task() that could imply).
 		 */
 		err = -EACCES;
-		if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
+		if (!perfmon_capable() && !ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
 			goto err_cred;
 	}
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-06 17:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-05  7:56 [PATCH v1] perf/core: take over CAP_SYS_PTRACE creds to CAP_PERFMON cap Alexey Budankov
2020-08-06 12:16 ` Arnaldo Carvalho de Melo
2020-08-06 17:09 ` [tip: perf/urgent] perf/core: Take over CAP_SYS_PTRACE creds to CAP_PERFMON capability tip-bot2 for Alexey Budankov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.