From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Robert Richter <rric@kernel.org>,
Alexei Starovoitov <ast@kernel.org>, Jiri Olsa <jolsa@redhat.com>,
Andi Kleen <ak@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Igor Lubashev <ilubashe@akamai.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Song Liu <songliubraving@fb.com>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
oprofile-list@lists.sf.net, Andy Lutomirski <luto@amacapital.net>
Subject: Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Wed, 12 Feb 2020 10:45:12 -0500 [thread overview]
Message-ID: <280e6644-c129-15f6-ea5c-0f66bf764e0f@tycho.nsa.gov> (raw)
In-Reply-To: <7c367905-e8c9-7665-d923-c850e05c757a@tycho.nsa.gov>
On 2/12/20 10:21 AM, Stephen Smalley wrote:
> On 2/12/20 8:53 AM, Alexey Budankov wrote:
>> On 12.02.2020 16:32, Stephen Smalley wrote:
>>> On 2/12/20 3:53 AM, Alexey Budankov wrote:
>>>> Hi Stephen,
>>>>
>>>> On 22.01.2020 17:07, Stephen Smalley wrote:
>>>>> On 1/22/20 5:45 AM, Alexey Budankov wrote:
>>>>>>
>>>>>> On 21.01.2020 21:27, Alexey Budankov wrote:
>>>>>>>
>>>>>>> On 21.01.2020 20:55, Alexei Starovoitov wrote:
>>>>>>>> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
>>>>>>>> <alexey.budankov@linux.intel.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21.01.2020 17:43, Stephen Smalley wrote:
>>>>>>>>>> On 1/20/20 6:23 AM, Alexey Budankov wrote:
>>>>>>>>>>>
>>>> <SNIP>
>>>>>>>>>>> Introduce CAP_PERFMON capability designed to secure system
>>>>>>>>>>> performance
>>>>>>>>>>
>>>>>>>>>> Why _noaudit()? Normally only used when a permission failure
>>>>>>>>>> is non-fatal to the operation. Otherwise, we want the audit
>>>>>>>>>> message.
>>>>>>
>>>>>> So far so good, I suggest using the simplest version for v6:
>>>>>>
>>>>>> static inline bool perfmon_capable(void)
>>>>>> {
>>>>>> return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
>>>>>> }
>>>>>>
>>>>>> It keeps the implementation simple and readable. The
>>>>>> implementation is more
>>>>>> performant in the sense of calling the API - one capable() call
>>>>>> for CAP_PERFMON
>>>>>> privileged process.
>>>>>>
>>>>>> Yes, it bloats audit log for CAP_SYS_ADMIN privileged and
>>>>>> unprivileged processes,
>>>>>> but this bloating also advertises and leverages using more secure
>>>>>> CAP_PERFMON
>>>>>> based approach to use perf_event_open system call.
>>>>>
>>>>> I can live with that. We just need to document that when you see
>>>>> both a CAP_PERFMON and a CAP_SYS_ADMIN audit message for a process,
>>>>> try only allowing CAP_PERFMON first and see if that resolves the
>>>>> issue. We have a similar issue with CAP_DAC_READ_SEARCH versus
>>>>> CAP_DAC_OVERRIDE.
>>>>
>>>> I am trying to reproduce this double logging with CAP_PERFMON.
>>>> I am using the refpolicy version with enabled perf_event tclass [1],
>>>> in permissive mode.
>>>> When running perf stat -a I am observing this AVC audit messages:
>>>>
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { open } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { kernel }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { cpu } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8692): avc: denied { write }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>>
>>>> However there is no capability related messages around. I suppose my
>>>> refpolicy should
>>>> be modified somehow to observe capability related AVCs.
>>>>
>>>> Could you please comment or clarify on how to enable caps related
>>>> AVCs in order
>>>> to test the concerned logging.
>>>
>>> The new perfmon permission has to be defined in your policy; you'll
>>> have a message in dmesg about "Permission perfmon in class
>>> capability2 not defined in policy.". You can either add it to the
>>> common cap2 definition in refpolicy/policy/flask/access_vectors and
>>> rebuild your policy or extract your base module as CIL, add it there,
>>> and insert the updated module.
>>
>> Yes, I already have it like this:
>> common cap2
>> {
>> <------>mac_override<--># unused by SELinux
>> <------>mac_admin
>> <------>syslog
>> <------>wake_alarm
>> <------>block_suspend
>> <------>audit_read
>> <------>perfmon
>> }
>>
>> dmesg stopped reporting perfmon as not defined but audit.log still
>> doesn't report CAP_PERFMON denials.
>> BTW, audit even doesn't report CAP_SYS_ADMIN denials, however
>> perfmon_capable() does check for it.
>
> Some denials may be silenced by dontaudit rules; semodule -DB will strip
> those and semodule -B will restore them. Other possibility is that the
> process doesn't have CAP_PERFMON in its effective set and therefore
> never reaches SELinux at all; denied first by the capability module.
Also, the fact that your denials are showing up in user_systemd_t
suggests that something is off in your policy or userspace/distro; I
assume that is a domain type for the systemd --user instance, but your
shell and commands shouldn't be running in that domain (user_t would be
more appropriate for that).
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Robert Richter <rric@kernel.org>, Alexei Starovoitov <ast@kerne>
Subject: Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Wed, 12 Feb 2020 10:45:12 -0500 [thread overview]
Message-ID: <280e6644-c129-15f6-ea5c-0f66bf764e0f@tycho.nsa.gov> (raw)
In-Reply-To: <7c367905-e8c9-7665-d923-c850e05c757a@tycho.nsa.gov>
On 2/12/20 10:21 AM, Stephen Smalley wrote:
> On 2/12/20 8:53 AM, Alexey Budankov wrote:
>> On 12.02.2020 16:32, Stephen Smalley wrote:
>>> On 2/12/20 3:53 AM, Alexey Budankov wrote:
>>>> Hi Stephen,
>>>>
>>>> On 22.01.2020 17:07, Stephen Smalley wrote:
>>>>> On 1/22/20 5:45 AM, Alexey Budankov wrote:
>>>>>>
>>>>>> On 21.01.2020 21:27, Alexey Budankov wrote:
>>>>>>>
>>>>>>> On 21.01.2020 20:55, Alexei Starovoitov wrote:
>>>>>>>> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
>>>>>>>> <alexey.budankov@linux.intel.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21.01.2020 17:43, Stephen Smalley wrote:
>>>>>>>>>> On 1/20/20 6:23 AM, Alexey Budankov wrote:
>>>>>>>>>>>
>>>> <SNIP>
>>>>>>>>>>> Introduce CAP_PERFMON capability designed to secure system
>>>>>>>>>>> performance
>>>>>>>>>>
>>>>>>>>>> Why _noaudit()? Normally only used when a permission failure
>>>>>>>>>> is non-fatal to the operation. Otherwise, we want the audit
>>>>>>>>>> message.
>>>>>>
>>>>>> So far so good, I suggest using the simplest version for v6:
>>>>>>
>>>>>> static inline bool perfmon_capable(void)
>>>>>> {
>>>>>> return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
>>>>>> }
>>>>>>
>>>>>> It keeps the implementation simple and readable. The
>>>>>> implementation is more
>>>>>> performant in the sense of calling the API - one capable() call
>>>>>> for CAP_PERFMON
>>>>>> privileged process.
>>>>>>
>>>>>> Yes, it bloats audit log for CAP_SYS_ADMIN privileged and
>>>>>> unprivileged processes,
>>>>>> but this bloating also advertises and leverages using more secure
>>>>>> CAP_PERFMON
>>>>>> based approach to use perf_event_open system call.
>>>>>
>>>>> I can live with that. We just need to document that when you see
>>>>> both a CAP_PERFMON and a CAP_SYS_ADMIN audit message for a process,
>>>>> try only allowing CAP_PERFMON first and see if that resolves the
>>>>> issue. We have a similar issue with CAP_DAC_READ_SEARCH versus
>>>>> CAP_DAC_OVERRIDE.
>>>>
>>>> I am trying to reproduce this double logging with CAP_PERFMON.
>>>> I am using the refpolicy version with enabled perf_event tclass [1],
>>>> in permissive mode.
>>>> When running perf stat -a I am observing this AVC audit messages:
>>>>
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { open } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { kernel }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { cpu } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8692): avc: denied { write }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>>
>>>> However there is no capability related messages around. I suppose my
>>>> refpolicy should
>>>> be modified somehow to observe capability related AVCs.
>>>>
>>>> Could you please comment or clarify on how to enable caps related
>>>> AVCs in order
>>>> to test the concerned logging.
>>>
>>> The new perfmon permission has to be defined in your policy; you'll
>>> have a message in dmesg about "Permission perfmon in class
>>> capability2 not defined in policy.". You can either add it to the
>>> common cap2 definition in refpolicy/policy/flask/access_vectors and
>>> rebuild your policy or extract your base module as CIL, add it there,
>>> and insert the updated module.
>>
>> Yes, I already have it like this:
>> common cap2
>> {
>> <------>mac_override<--># unused by SELinux
>> <------>mac_admin
>> <------>syslog
>> <------>wake_alarm
>> <------>block_suspend
>> <------>audit_read
>> <------>perfmon
>> }
>>
>> dmesg stopped reporting perfmon as not defined but audit.log still
>> doesn't report CAP_PERFMON denials.
>> BTW, audit even doesn't report CAP_SYS_ADMIN denials, however
>> perfmon_capable() does check for it.
>
> Some denials may be silenced by dontaudit rules; semodule -DB will strip
> those and semodule -B will restore them. Other possibility is that the
> process doesn't have CAP_PERFMON in its effective set and therefore
> never reaches SELinux at all; denied first by the capability module.
Also, the fact that your denials are showing up in user_systemd_t
suggests that something is off in your policy or userspace/distro; I
assume that is a domain type for the systemd --user instance, but your
shell and commands shouldn't be running in that domain (user_t would be
more appropriate for that).
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Song Liu <songliubraving@fb.com>,
Peter Zijlstra <peterz@infradead.org>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
Will Deacon <will.deacon@arm.com>,
Alexei Starovoitov <ast@kernel.org>,
Stephane Eranian <eranian@google.com>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Paul Mackerras <paulus@samba.org>, Jiri Olsa <jolsa@redhat.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Andi Kleen <ak@linux.intel.com>,
Igor Lubashev <ilubashe@akamai.com>,
James Morris <jmorris@namei.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
oprofile-list@lists.sf.net, Serge Hallyn <serge@hallyn.com>,
Robert Richter <rric@kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Andy Lutomirski <luto@amacapital.net>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Wed, 12 Feb 2020 10:45:12 -0500 [thread overview]
Message-ID: <280e6644-c129-15f6-ea5c-0f66bf764e0f@tycho.nsa.gov> (raw)
In-Reply-To: <7c367905-e8c9-7665-d923-c850e05c757a@tycho.nsa.gov>
On 2/12/20 10:21 AM, Stephen Smalley wrote:
> On 2/12/20 8:53 AM, Alexey Budankov wrote:
>> On 12.02.2020 16:32, Stephen Smalley wrote:
>>> On 2/12/20 3:53 AM, Alexey Budankov wrote:
>>>> Hi Stephen,
>>>>
>>>> On 22.01.2020 17:07, Stephen Smalley wrote:
>>>>> On 1/22/20 5:45 AM, Alexey Budankov wrote:
>>>>>>
>>>>>> On 21.01.2020 21:27, Alexey Budankov wrote:
>>>>>>>
>>>>>>> On 21.01.2020 20:55, Alexei Starovoitov wrote:
>>>>>>>> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
>>>>>>>> <alexey.budankov@linux.intel.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21.01.2020 17:43, Stephen Smalley wrote:
>>>>>>>>>> On 1/20/20 6:23 AM, Alexey Budankov wrote:
>>>>>>>>>>>
>>>> <SNIP>
>>>>>>>>>>> Introduce CAP_PERFMON capability designed to secure system
>>>>>>>>>>> performance
>>>>>>>>>>
>>>>>>>>>> Why _noaudit()? Normally only used when a permission failure
>>>>>>>>>> is non-fatal to the operation. Otherwise, we want the audit
>>>>>>>>>> message.
>>>>>>
>>>>>> So far so good, I suggest using the simplest version for v6:
>>>>>>
>>>>>> static inline bool perfmon_capable(void)
>>>>>> {
>>>>>> return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
>>>>>> }
>>>>>>
>>>>>> It keeps the implementation simple and readable. The
>>>>>> implementation is more
>>>>>> performant in the sense of calling the API - one capable() call
>>>>>> for CAP_PERFMON
>>>>>> privileged process.
>>>>>>
>>>>>> Yes, it bloats audit log for CAP_SYS_ADMIN privileged and
>>>>>> unprivileged processes,
>>>>>> but this bloating also advertises and leverages using more secure
>>>>>> CAP_PERFMON
>>>>>> based approach to use perf_event_open system call.
>>>>>
>>>>> I can live with that. We just need to document that when you see
>>>>> both a CAP_PERFMON and a CAP_SYS_ADMIN audit message for a process,
>>>>> try only allowing CAP_PERFMON first and see if that resolves the
>>>>> issue. We have a similar issue with CAP_DAC_READ_SEARCH versus
>>>>> CAP_DAC_OVERRIDE.
>>>>
>>>> I am trying to reproduce this double logging with CAP_PERFMON.
>>>> I am using the refpolicy version with enabled perf_event tclass [1],
>>>> in permissive mode.
>>>> When running perf stat -a I am observing this AVC audit messages:
>>>>
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { open } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { kernel }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { cpu } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8692): avc: denied { write }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>>
>>>> However there is no capability related messages around. I suppose my
>>>> refpolicy should
>>>> be modified somehow to observe capability related AVCs.
>>>>
>>>> Could you please comment or clarify on how to enable caps related
>>>> AVCs in order
>>>> to test the concerned logging.
>>>
>>> The new perfmon permission has to be defined in your policy; you'll
>>> have a message in dmesg about "Permission perfmon in class
>>> capability2 not defined in policy.". You can either add it to the
>>> common cap2 definition in refpolicy/policy/flask/access_vectors and
>>> rebuild your policy or extract your base module as CIL, add it there,
>>> and insert the updated module.
>>
>> Yes, I already have it like this:
>> common cap2
>> {
>> <------>mac_override<--># unused by SELinux
>> <------>mac_admin
>> <------>syslog
>> <------>wake_alarm
>> <------>block_suspend
>> <------>audit_read
>> <------>perfmon
>> }
>>
>> dmesg stopped reporting perfmon as not defined but audit.log still
>> doesn't report CAP_PERFMON denials.
>> BTW, audit even doesn't report CAP_SYS_ADMIN denials, however
>> perfmon_capable() does check for it.
>
> Some denials may be silenced by dontaudit rules; semodule -DB will strip
> those and semodule -B will restore them. Other possibility is that the
> process doesn't have CAP_PERFMON in its effective set and therefore
> never reaches SELinux at all; denied first by the capability module.
Also, the fact that your denials are showing up in user_systemd_t
suggests that something is off in your policy or userspace/distro; I
assume that is a domain type for the systemd --user instance, but your
shell and commands shouldn't be running in that domain (user_t would be
more appropriate for that).
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Song Liu <songliubraving@fb.com>,
Peter Zijlstra <peterz@infradead.org>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
Will Deacon <will.deacon@arm.com>,
Alexei Starovoitov <ast@kernel.org>,
Stephane Eranian <eranian@google.com>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Paul Mackerras <paulus@samba.org>, Jiri Olsa <jolsa@redhat.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Andi Kleen <ak@linux.intel.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Igor Lubashev <ilubashe@akamai.com>,
James Morris <jmorris@namei.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
oprofile-list@lists.sf.net, Serge Hallyn <serge@hallyn.com>,
Robert Richter <rric@kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Andy Lutomirski <luto@amacapital.net>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Wed, 12 Feb 2020 10:45:12 -0500 [thread overview]
Message-ID: <280e6644-c129-15f6-ea5c-0f66bf764e0f@tycho.nsa.gov> (raw)
In-Reply-To: <7c367905-e8c9-7665-d923-c850e05c757a@tycho.nsa.gov>
On 2/12/20 10:21 AM, Stephen Smalley wrote:
> On 2/12/20 8:53 AM, Alexey Budankov wrote:
>> On 12.02.2020 16:32, Stephen Smalley wrote:
>>> On 2/12/20 3:53 AM, Alexey Budankov wrote:
>>>> Hi Stephen,
>>>>
>>>> On 22.01.2020 17:07, Stephen Smalley wrote:
>>>>> On 1/22/20 5:45 AM, Alexey Budankov wrote:
>>>>>>
>>>>>> On 21.01.2020 21:27, Alexey Budankov wrote:
>>>>>>>
>>>>>>> On 21.01.2020 20:55, Alexei Starovoitov wrote:
>>>>>>>> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
>>>>>>>> <alexey.budankov@linux.intel.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21.01.2020 17:43, Stephen Smalley wrote:
>>>>>>>>>> On 1/20/20 6:23 AM, Alexey Budankov wrote:
>>>>>>>>>>>
>>>> <SNIP>
>>>>>>>>>>> Introduce CAP_PERFMON capability designed to secure system
>>>>>>>>>>> performance
>>>>>>>>>>
>>>>>>>>>> Why _noaudit()? Normally only used when a permission failure
>>>>>>>>>> is non-fatal to the operation. Otherwise, we want the audit
>>>>>>>>>> message.
>>>>>>
>>>>>> So far so good, I suggest using the simplest version for v6:
>>>>>>
>>>>>> static inline bool perfmon_capable(void)
>>>>>> {
>>>>>> return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
>>>>>> }
>>>>>>
>>>>>> It keeps the implementation simple and readable. The
>>>>>> implementation is more
>>>>>> performant in the sense of calling the API - one capable() call
>>>>>> for CAP_PERFMON
>>>>>> privileged process.
>>>>>>
>>>>>> Yes, it bloats audit log for CAP_SYS_ADMIN privileged and
>>>>>> unprivileged processes,
>>>>>> but this bloating also advertises and leverages using more secure
>>>>>> CAP_PERFMON
>>>>>> based approach to use perf_event_open system call.
>>>>>
>>>>> I can live with that. We just need to document that when you see
>>>>> both a CAP_PERFMON and a CAP_SYS_ADMIN audit message for a process,
>>>>> try only allowing CAP_PERFMON first and see if that resolves the
>>>>> issue. We have a similar issue with CAP_DAC_READ_SEARCH versus
>>>>> CAP_DAC_OVERRIDE.
>>>>
>>>> I am trying to reproduce this double logging with CAP_PERFMON.
>>>> I am using the refpolicy version with enabled perf_event tclass [1],
>>>> in permissive mode.
>>>> When running perf stat -a I am observing this AVC audit messages:
>>>>
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { open } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { kernel }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { cpu } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8692): avc: denied { write }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>>
>>>> However there is no capability related messages around. I suppose my
>>>> refpolicy should
>>>> be modified somehow to observe capability related AVCs.
>>>>
>>>> Could you please comment or clarify on how to enable caps related
>>>> AVCs in order
>>>> to test the concerned logging.
>>>
>>> The new perfmon permission has to be defined in your policy; you'll
>>> have a message in dmesg about "Permission perfmon in class
>>> capability2 not defined in policy.". You can either add it to the
>>> common cap2 definition in refpolicy/policy/flask/access_vectors and
>>> rebuild your policy or extract your base module as CIL, add it there,
>>> and insert the updated module.
>>
>> Yes, I already have it like this:
>> common cap2
>> {
>> <------>mac_override<--># unused by SELinux
>> <------>mac_admin
>> <------>syslog
>> <------>wake_alarm
>> <------>block_suspend
>> <------>audit_read
>> <------>perfmon
>> }
>>
>> dmesg stopped reporting perfmon as not defined but audit.log still
>> doesn't report CAP_PERFMON denials.
>> BTW, audit even doesn't report CAP_SYS_ADMIN denials, however
>> perfmon_capable() does check for it.
>
> Some denials may be silenced by dontaudit rules; semodule -DB will strip
> those and semodule -B will restore them. Other possibility is that the
> process doesn't have CAP_PERFMON in its effective set and therefore
> never reaches SELinux at all; denied first by the capability module.
Also, the fact that your denials are showing up in user_systemd_t
suggests that something is off in your policy or userspace/distro; I
assume that is a domain type for the systemd --user instance, but your
shell and commands shouldn't be running in that domain (user_t would be
more appropriate for that).
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Song Liu <songliubraving@fb.com>,
Peter Zijlstra <peterz@infradead.org>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
Will Deacon <will.deacon@arm.com>,
Alexei Starovoitov <ast@kernel.org>,
Stephane Eranian <eranian@google.com>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Paul Mackerras <paulus@samba.org>, Jiri Olsa <jolsa@redhat.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Andi Kleen <ak@linux.intel.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Igor Lubashev <ilubashe@akamai.com>,
James Morris <jmorris@namei.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
oprofile-list@lists.sf.net, Serge Hallyn <serge@hallyn.com>,
Robert Richter <rric@kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [Intel-gfx] [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space
Date: Wed, 12 Feb 2020 10:45:12 -0500 [thread overview]
Message-ID: <280e6644-c129-15f6-ea5c-0f66bf764e0f@tycho.nsa.gov> (raw)
In-Reply-To: <7c367905-e8c9-7665-d923-c850e05c757a@tycho.nsa.gov>
On 2/12/20 10:21 AM, Stephen Smalley wrote:
> On 2/12/20 8:53 AM, Alexey Budankov wrote:
>> On 12.02.2020 16:32, Stephen Smalley wrote:
>>> On 2/12/20 3:53 AM, Alexey Budankov wrote:
>>>> Hi Stephen,
>>>>
>>>> On 22.01.2020 17:07, Stephen Smalley wrote:
>>>>> On 1/22/20 5:45 AM, Alexey Budankov wrote:
>>>>>>
>>>>>> On 21.01.2020 21:27, Alexey Budankov wrote:
>>>>>>>
>>>>>>> On 21.01.2020 20:55, Alexei Starovoitov wrote:
>>>>>>>> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov
>>>>>>>> <alexey.budankov@linux.intel.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21.01.2020 17:43, Stephen Smalley wrote:
>>>>>>>>>> On 1/20/20 6:23 AM, Alexey Budankov wrote:
>>>>>>>>>>>
>>>> <SNIP>
>>>>>>>>>>> Introduce CAP_PERFMON capability designed to secure system
>>>>>>>>>>> performance
>>>>>>>>>>
>>>>>>>>>> Why _noaudit()? Normally only used when a permission failure
>>>>>>>>>> is non-fatal to the operation. Otherwise, we want the audit
>>>>>>>>>> message.
>>>>>>
>>>>>> So far so good, I suggest using the simplest version for v6:
>>>>>>
>>>>>> static inline bool perfmon_capable(void)
>>>>>> {
>>>>>> return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
>>>>>> }
>>>>>>
>>>>>> It keeps the implementation simple and readable. The
>>>>>> implementation is more
>>>>>> performant in the sense of calling the API - one capable() call
>>>>>> for CAP_PERFMON
>>>>>> privileged process.
>>>>>>
>>>>>> Yes, it bloats audit log for CAP_SYS_ADMIN privileged and
>>>>>> unprivileged processes,
>>>>>> but this bloating also advertises and leverages using more secure
>>>>>> CAP_PERFMON
>>>>>> based approach to use perf_event_open system call.
>>>>>
>>>>> I can live with that. We just need to document that when you see
>>>>> both a CAP_PERFMON and a CAP_SYS_ADMIN audit message for a process,
>>>>> try only allowing CAP_PERFMON first and see if that resolves the
>>>>> issue. We have a similar issue with CAP_DAC_READ_SEARCH versus
>>>>> CAP_DAC_OVERRIDE.
>>>>
>>>> I am trying to reproduce this double logging with CAP_PERFMON.
>>>> I am using the refpolicy version with enabled perf_event tclass [1],
>>>> in permissive mode.
>>>> When running perf stat -a I am observing this AVC audit messages:
>>>>
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { open } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { kernel }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8691): avc: denied { cpu } for
>>>> pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>> type=AVC msg=audit(1581496695.666:8692): avc: denied { write }
>>>> for pid=2779 comm="perf" scontext=user_u:user_r:user_systemd_t
>>>> tcontext=user_u:user_r:user_systemd_t tclass=perf_event permissive=1
>>>>
>>>> However there is no capability related messages around. I suppose my
>>>> refpolicy should
>>>> be modified somehow to observe capability related AVCs.
>>>>
>>>> Could you please comment or clarify on how to enable caps related
>>>> AVCs in order
>>>> to test the concerned logging.
>>>
>>> The new perfmon permission has to be defined in your policy; you'll
>>> have a message in dmesg about "Permission perfmon in class
>>> capability2 not defined in policy.". You can either add it to the
>>> common cap2 definition in refpolicy/policy/flask/access_vectors and
>>> rebuild your policy or extract your base module as CIL, add it there,
>>> and insert the updated module.
>>
>> Yes, I already have it like this:
>> common cap2
>> {
>> <------>mac_override<--># unused by SELinux
>> <------>mac_admin
>> <------>syslog
>> <------>wake_alarm
>> <------>block_suspend
>> <------>audit_read
>> <------>perfmon
>> }
>>
>> dmesg stopped reporting perfmon as not defined but audit.log still
>> doesn't report CAP_PERFMON denials.
>> BTW, audit even doesn't report CAP_SYS_ADMIN denials, however
>> perfmon_capable() does check for it.
>
> Some denials may be silenced by dontaudit rules; semodule -DB will strip
> those and semodule -B will restore them. Other possibility is that the
> process doesn't have CAP_PERFMON in its effective set and therefore
> never reaches SELinux at all; denied first by the capability module.
Also, the fact that your denials are showing up in user_systemd_t
suggests that something is off in your policy or userspace/distro; I
assume that is a domain type for the systemd --user instance, but your
shell and commands shouldn't be running in that domain (user_t would be
more appropriate for that).
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2020-02-12 15:44 UTC|newest]
Thread overview: 163+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-20 11:18 [PATCH v5 0/10] Introduce CAP_PERFMON to secure system performance monitoring and observability Alexey Budankov
2020-01-20 11:18 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:18 ` Alexey Budankov
2020-01-20 11:18 ` Alexey Budankov
2020-01-20 11:18 ` Alexey Budankov
2020-01-20 11:23 ` [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space Alexey Budankov
2020-01-20 11:23 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:23 ` Alexey Budankov
2020-01-20 11:23 ` Alexey Budankov
2020-01-20 11:23 ` Alexey Budankov
2020-01-21 14:43 ` Stephen Smalley
2020-01-21 14:43 ` [Intel-gfx] " Stephen Smalley
2020-01-21 14:43 ` Stephen Smalley
2020-01-21 14:43 ` Stephen Smalley
2020-01-21 14:43 ` Stephen Smalley
2020-01-21 17:30 ` Alexey Budankov
2020-01-21 17:30 ` [Intel-gfx] " Alexey Budankov
2020-01-21 17:30 ` Alexey Budankov
2020-01-21 17:30 ` Alexey Budankov
2020-01-21 17:30 ` Alexey Budankov
2020-01-21 17:55 ` Alexei Starovoitov
2020-01-21 17:55 ` [Intel-gfx] " Alexei Starovoitov
2020-01-21 17:55 ` Alexei Starovoitov
2020-01-21 17:55 ` Alexei Starovoitov
2020-01-21 17:55 ` Alexei Starovoitov
2020-01-21 18:27 ` Alexey Budankov
2020-01-21 18:27 ` [Intel-gfx] " Alexey Budankov
2020-01-21 18:27 ` Alexey Budankov
2020-01-21 18:27 ` Alexey Budankov
2020-01-21 18:27 ` Alexey Budankov
2020-01-22 10:45 ` Alexey Budankov
2020-01-22 10:45 ` [Intel-gfx] " Alexey Budankov
2020-01-22 10:45 ` Alexey Budankov
2020-01-22 10:45 ` Alexey Budankov
2020-01-22 10:45 ` Alexey Budankov
2020-01-22 14:07 ` Stephen Smalley
2020-01-22 14:07 ` [Intel-gfx] " Stephen Smalley
2020-01-22 14:07 ` Stephen Smalley
2020-01-22 14:07 ` Stephen Smalley
2020-01-22 14:07 ` Stephen Smalley
2020-01-22 14:25 ` Alexey Budankov
2020-01-22 14:25 ` [Intel-gfx] " Alexey Budankov
2020-01-22 14:25 ` Alexey Budankov
2020-01-22 14:25 ` Alexey Budankov
2020-01-22 14:25 ` Alexey Budankov
2020-02-06 18:03 ` Alexey Budankov
2020-02-06 18:03 ` [Intel-gfx] " Alexey Budankov
2020-02-06 18:03 ` Alexey Budankov
2020-02-06 18:03 ` Alexey Budankov
2020-02-06 18:03 ` Alexey Budankov
2020-02-07 11:38 ` Thomas Gleixner
2020-02-07 11:38 ` [Intel-gfx] " Thomas Gleixner
2020-02-07 11:38 ` Thomas Gleixner
2020-02-07 11:38 ` Thomas Gleixner
2020-02-07 11:38 ` Thomas Gleixner
2020-02-07 13:39 ` Alexey Budankov
2020-02-07 13:39 ` [Intel-gfx] " Alexey Budankov
2020-02-07 13:39 ` Alexey Budankov
2020-02-07 13:39 ` Alexey Budankov
2020-02-07 13:39 ` Alexey Budankov
2020-02-20 13:05 ` Alexey Budankov
2020-02-20 13:05 ` [Intel-gfx] " Alexey Budankov
2020-02-20 13:05 ` Alexey Budankov
2020-02-20 13:05 ` Alexey Budankov
2020-02-20 13:05 ` Alexey Budankov
2020-02-12 8:53 ` Alexey Budankov
2020-02-12 8:53 ` [Intel-gfx] " Alexey Budankov
2020-02-12 8:53 ` Alexey Budankov
2020-02-12 8:53 ` Alexey Budankov
2020-02-12 8:53 ` Alexey Budankov
2020-02-12 13:32 ` Stephen Smalley
2020-02-12 13:32 ` [Intel-gfx] " Stephen Smalley
2020-02-12 13:32 ` Stephen Smalley
2020-02-12 13:32 ` Stephen Smalley
2020-02-12 13:32 ` Stephen Smalley
2020-02-12 13:53 ` Alexey Budankov
2020-02-12 13:53 ` [Intel-gfx] " Alexey Budankov
2020-02-12 13:53 ` Alexey Budankov
2020-02-12 13:53 ` Alexey Budankov
2020-02-12 13:53 ` Alexey Budankov
2020-02-12 15:21 ` Stephen Smalley
2020-02-12 15:21 ` [Intel-gfx] " Stephen Smalley
2020-02-12 15:21 ` Stephen Smalley
2020-02-12 15:21 ` Stephen Smalley
2020-02-12 15:21 ` Stephen Smalley
2020-02-12 15:45 ` Stephen Smalley [this message]
2020-02-12 15:45 ` [Intel-gfx] " Stephen Smalley
2020-02-12 15:45 ` Stephen Smalley
2020-02-12 15:45 ` Stephen Smalley
2020-02-12 15:45 ` Stephen Smalley
2020-02-12 16:56 ` Alexey Budankov
2020-02-12 16:56 ` [Intel-gfx] " Alexey Budankov
2020-02-12 16:56 ` Alexey Budankov
2020-02-12 16:56 ` Alexey Budankov
2020-02-12 16:56 ` Alexey Budankov
2020-02-12 17:09 ` Stephen Smalley
2020-02-12 17:09 ` [Intel-gfx] " Stephen Smalley
2020-02-12 17:09 ` Stephen Smalley
2020-02-12 17:09 ` Stephen Smalley
2020-02-12 17:09 ` Stephen Smalley
2020-02-13 9:05 ` Alexey Budankov
2020-02-13 9:05 ` [Intel-gfx] " Alexey Budankov
2020-02-13 9:05 ` Alexey Budankov
2020-02-13 9:05 ` Alexey Budankov
2020-02-13 9:05 ` Alexey Budankov
2020-02-12 16:16 ` Alexey Budankov
2020-02-12 16:16 ` [Intel-gfx] " Alexey Budankov
2020-02-12 16:16 ` Alexey Budankov
2020-02-12 16:16 ` Alexey Budankov
2020-02-12 16:16 ` Alexey Budankov
2020-01-20 11:24 ` [PATCH v5 02/10] perf/core: open access to the core for CAP_PERFMON privileged process Alexey Budankov
2020-01-20 11:24 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:24 ` Alexey Budankov
2020-01-20 11:24 ` Alexey Budankov
2020-01-20 11:24 ` Alexey Budankov
2020-01-20 11:26 ` [PATCH v5 03/10] perf/core: open access to anon probes " Alexey Budankov
2020-01-20 11:26 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:26 ` Alexey Budankov
2020-01-20 11:26 ` Alexey Budankov
2020-01-20 11:26 ` Alexey Budankov
2020-01-20 11:27 ` [PATCH v5 04/10] perf tool: extend Perf tool with CAP_PERFMON capability support Alexey Budankov
2020-01-20 11:27 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:27 ` Alexey Budankov
2020-01-20 11:27 ` Alexey Budankov
2020-01-20 11:27 ` Alexey Budankov
2020-01-20 11:28 ` [PATCH v5 05/10] drm/i915/perf: open access for CAP_PERFMON privileged process Alexey Budankov
2020-01-20 11:28 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:28 ` Alexey Budankov
2020-01-20 11:28 ` Alexey Budankov
2020-01-20 11:28 ` Alexey Budankov
2020-01-20 11:29 ` [PATCH v5 06/10] trace/bpf_trace: " Alexey Budankov
2020-01-20 11:29 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:29 ` Alexey Budankov
2020-01-20 11:29 ` Alexey Budankov
2020-01-20 11:29 ` Alexey Budankov
2020-01-20 11:30 ` [PATCH v5 07/10] powerpc/perf: " Alexey Budankov
2020-01-20 11:30 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:30 ` Alexey Budankov
2020-01-20 11:30 ` Alexey Budankov
2020-01-20 11:30 ` Alexey Budankov
2020-01-22 11:02 ` Anju T Sudhakar
2020-01-22 11:02 ` [Intel-gfx] " Anju T Sudhakar
2020-01-22 11:02 ` Anju T Sudhakar
2020-01-22 11:02 ` Anju T Sudhakar
2020-01-22 11:02 ` Anju T Sudhakar
2020-01-20 11:31 ` [PATCH v5 08/10] parisc/perf: " Alexey Budankov
2020-01-20 11:31 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:31 ` Alexey Budankov
2020-01-20 11:31 ` Alexey Budankov
2020-01-20 11:31 ` Alexey Budankov
2020-01-20 11:32 ` [PATCH v5 09/10] drivers/perf: " Alexey Budankov
2020-01-20 11:32 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:32 ` Alexey Budankov
2020-01-20 11:32 ` Alexey Budankov
2020-01-20 11:32 ` Alexey Budankov
2020-01-20 11:33 ` [PATCH v5 10/10] drivers/oprofile: " Alexey Budankov
2020-01-20 11:33 ` [Intel-gfx] " Alexey Budankov
2020-01-20 11:33 ` Alexey Budankov
2020-01-20 11:33 ` Alexey Budankov
2020-01-20 11:33 ` Alexey Budankov
2020-01-20 16:50 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for Introduce CAP_PERFMON to secure system performance monitoring and observability Patchwork
2020-01-21 0:15 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2020-01-21 11:00 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=280e6644-c129-15f6-ea5c-0f66bf764e0f@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexei.starovoitov@gmail.com \
--cc=alexey.budankov@linux.intel.com \
--cc=ast@kernel.org \
--cc=benh@kernel.crashing.org \
--cc=eranian@google.com \
--cc=ilubashe@akamai.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=james.bottomley@hansenpartnership.com \
--cc=jani.nikula@linux.intel.com \
--cc=jmorris@namei.org \
--cc=jolsa@redhat.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lionel.g.landwerlin@intel.com \
--cc=luto@amacapital.net \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=oprofile-list@lists.sf.net \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=rodrigo.vivi@intel.com \
--cc=rric@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=songliubraving@fb.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.