From: Igor Lubashev <ilubashe@akamai.com> To: <linux-kernel@vger.kernel.org>, Arnaldo Carvalho de Melo <acme@kernel.org>, Jiri Olsa <jolsa@redhat.com>, Alexey Budankov <alexey.budankov@linux.intel.com> Cc: Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>, Mathieu Poirier <mathieu.poirier@linaro.org>, Alexander Shishkin <alexander.shishkin@linux.intel.com>, Namhyung Kim <namhyung@kernel.org>, Suzuki K Poulose <suzuki.poulose@arm.com>, <linux-arm-kernel@lists.infradead.org>, James Morris <jmorris@namei.org>, Igor Lubashev <ilubashe@akamai.com> Subject: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Date: Wed, 7 Aug 2019 10:44:16 -0400 [thread overview] Message-ID: <291d2cda6ee75b4cd4c9ce717c177db18bf03a31.1565188228.git.ilubashe@akamai.com> (raw) In-Reply-To: <cover.1565188228.git.ilubashe@akamai.com> Kernel is using CAP_SYSLOG capability instead of uid==0 and euid==0 when checking kptr_restrict. Make perf do the same. Also, the kernel is a more restrictive than "no restrictions" in case of kptr_restrict==0, so add the same logic to perf. Signed-off-by: Igor Lubashev <ilubashe@akamai.com> --- tools/perf/util/symbol.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c index 173f3378aaa0..046271103499 100644 --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -4,6 +4,7 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> +#include <linux/capability.h> #include <linux/kernel.h> #include <linux/mman.h> #include <linux/time64.h> @@ -15,8 +16,10 @@ #include <inttypes.h> #include "annotate.h" #include "build-id.h" +#include "cap.h" #include "util.h" #include "debug.h" +#include "event.h" #include "machine.h" #include "map.h" #include "symbol.h" @@ -890,7 +893,11 @@ bool symbol__restricted_filename(const char *filename, { bool restricted = false; - if (symbol_conf.kptr_restrict) { + /* Per kernel/kallsyms.c: + * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG + */ + if (symbol_conf.kptr_restrict || + (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))) { char *r = realpath(filename, NULL); if (r != NULL) { @@ -2190,9 +2197,9 @@ static bool symbol__read_kptr_restrict(void) char line[8]; if (fgets(line, sizeof(line), fp) != NULL) - value = ((geteuid() != 0) || (getuid() != 0)) ? - (atoi(line) != 0) : - (atoi(line) == 2); + value = perf_cap__capable(CAP_SYSLOG) ? + (atoi(line) >= 2) : + (atoi(line) != 0); fclose(fp); } -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Igor Lubashev <ilubashe@akamai.com> To: <linux-kernel@vger.kernel.org>, Arnaldo Carvalho de Melo <acme@kernel.org>, Jiri Olsa <jolsa@redhat.com>, Alexey Budankov <alexey.budankov@linux.intel.com> Cc: Mathieu Poirier <mathieu.poirier@linaro.org>, Suzuki K Poulose <suzuki.poulose@arm.com>, Peter Zijlstra <peterz@infradead.org>, Igor Lubashev <ilubashe@akamai.com>, James Morris <jmorris@namei.org>, Alexander Shishkin <alexander.shishkin@linux.intel.com>, Ingo Molnar <mingo@redhat.com>, Namhyung Kim <namhyung@kernel.org>, linux-arm-kernel@lists.infradead.org Subject: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Date: Wed, 7 Aug 2019 10:44:16 -0400 [thread overview] Message-ID: <291d2cda6ee75b4cd4c9ce717c177db18bf03a31.1565188228.git.ilubashe@akamai.com> (raw) In-Reply-To: <cover.1565188228.git.ilubashe@akamai.com> Kernel is using CAP_SYSLOG capability instead of uid==0 and euid==0 when checking kptr_restrict. Make perf do the same. Also, the kernel is a more restrictive than "no restrictions" in case of kptr_restrict==0, so add the same logic to perf. Signed-off-by: Igor Lubashev <ilubashe@akamai.com> --- tools/perf/util/symbol.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c index 173f3378aaa0..046271103499 100644 --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -4,6 +4,7 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> +#include <linux/capability.h> #include <linux/kernel.h> #include <linux/mman.h> #include <linux/time64.h> @@ -15,8 +16,10 @@ #include <inttypes.h> #include "annotate.h" #include "build-id.h" +#include "cap.h" #include "util.h" #include "debug.h" +#include "event.h" #include "machine.h" #include "map.h" #include "symbol.h" @@ -890,7 +893,11 @@ bool symbol__restricted_filename(const char *filename, { bool restricted = false; - if (symbol_conf.kptr_restrict) { + /* Per kernel/kallsyms.c: + * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG + */ + if (symbol_conf.kptr_restrict || + (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))) { char *r = realpath(filename, NULL); if (r != NULL) { @@ -2190,9 +2197,9 @@ static bool symbol__read_kptr_restrict(void) char line[8]; if (fgets(line, sizeof(line), fp) != NULL) - value = ((geteuid() != 0) || (getuid() != 0)) ? - (atoi(line) != 0) : - (atoi(line) == 2); + value = perf_cap__capable(CAP_SYSLOG) ? + (atoi(line) >= 2) : + (atoi(line) != 0); fclose(fp); } -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-08-07 14:45 UTC|newest] Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-08-07 14:44 [PATCH v3 0/4] perf: Use capabilities instead of uid and euid Igor Lubashev 2019-08-07 14:44 ` Igor Lubashev 2019-08-07 14:44 ` [PATCH v3 1/4] perf: Add capability-related utilities Igor Lubashev 2019-08-07 14:44 ` Igor Lubashev 2019-08-12 19:43 ` Arnaldo Carvalho de Melo 2019-08-12 19:43 ` Arnaldo Carvalho de Melo 2019-08-15 9:24 ` [tip:perf/core] tools build: Add capability-related feature detection tip-bot for Igor Lubashev 2019-08-15 9:25 ` [tip:perf/core] perf tools: Add helpers to use capabilities if present tip-bot for Igor Lubashev 2019-08-07 14:44 ` [PATCH v3 2/4] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks Igor Lubashev 2019-08-07 14:44 ` Igor Lubashev 2019-08-12 20:01 ` Arnaldo Carvalho de Melo 2019-08-12 20:01 ` Arnaldo Carvalho de Melo 2019-08-12 20:15 ` Arnaldo Carvalho de Melo 2019-08-12 20:15 ` Arnaldo Carvalho de Melo 2019-08-12 22:33 ` Lubashev, Igor 2019-08-12 22:33 ` Lubashev, Igor 2019-08-13 13:20 ` Arnaldo Carvalho de Melo 2019-08-13 13:20 ` Arnaldo Carvalho de Melo 2019-08-07 14:44 ` Igor Lubashev [this message] 2019-08-07 14:44 ` [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Igor Lubashev 2019-08-14 18:04 ` Mathieu Poirier 2019-08-14 18:04 ` Mathieu Poirier 2019-08-14 18:48 ` Arnaldo Carvalho de Melo 2019-08-14 18:48 ` Arnaldo Carvalho de Melo 2019-08-14 18:52 ` Arnaldo Carvalho de Melo 2019-08-14 18:52 ` Arnaldo Carvalho de Melo 2019-08-14 20:02 ` Lubashev, Igor 2019-08-14 20:02 ` Lubashev, Igor 2019-08-15 15:01 ` Mathieu Poirier 2019-08-15 15:01 ` Mathieu Poirier 2019-08-15 20:16 ` Mathieu Poirier 2019-08-15 20:16 ` Mathieu Poirier 2019-08-15 21:42 ` Arnaldo Carvalho de Melo 2019-08-15 21:42 ` Arnaldo Carvalho de Melo 2019-08-19 16:51 ` Mathieu Poirier 2019-08-19 16:51 ` Mathieu Poirier 2019-08-19 22:22 ` Lubashev, Igor 2019-08-19 22:22 ` Lubashev, Igor 2019-08-20 16:57 ` Mathieu Poirier 2019-08-20 16:57 ` Mathieu Poirier 2019-08-20 17:13 ` Arnaldo Carvalho de Melo 2019-08-20 17:13 ` Arnaldo Carvalho de Melo 2019-08-27 1:58 ` Lubashev, Igor 2019-08-27 1:58 ` Lubashev, Igor 2019-08-15 22:27 ` Lubashev, Igor 2019-08-15 22:27 ` Lubashev, Igor 2019-08-07 14:44 ` [PATCH v3 4/4] perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace Igor Lubashev 2019-08-07 14:44 ` Igor Lubashev 2019-08-12 20:22 ` Arnaldo Carvalho de Melo 2019-08-12 20:22 ` Arnaldo Carvalho de Melo 2019-08-12 20:27 ` Arnaldo Carvalho de Melo 2019-08-12 20:27 ` Arnaldo Carvalho de Melo 2019-08-12 20:29 ` Arnaldo Carvalho de Melo 2019-08-12 20:29 ` Arnaldo Carvalho de Melo 2019-08-12 21:42 ` Mathieu Poirier 2019-08-12 21:42 ` Mathieu Poirier 2019-08-13 13:23 ` Arnaldo Carvalho de Melo 2019-08-13 13:23 ` Arnaldo Carvalho de Melo 2019-08-13 16:35 ` Mathieu Poirier 2019-08-13 16:35 ` Mathieu Poirier 2019-08-15 9:27 ` [tip:perf/core] perf ftrace: Use CAP_SYS_ADMIN instead of euid==0 tip-bot for Igor Lubashev 2019-08-12 9:13 ` [PATCH v3 0/4] perf: Use capabilities instead of uid and euid Jiri Olsa 2019-08-12 9:13 ` Jiri Olsa
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=291d2cda6ee75b4cd4c9ce717c177db18bf03a31.1565188228.git.ilubashe@akamai.com \ --to=ilubashe@akamai.com \ --cc=acme@kernel.org \ --cc=alexander.shishkin@linux.intel.com \ --cc=alexey.budankov@linux.intel.com \ --cc=jmorris@namei.org \ --cc=jolsa@redhat.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mathieu.poirier@linaro.org \ --cc=mingo@redhat.com \ --cc=namhyung@kernel.org \ --cc=peterz@infradead.org \ --cc=suzuki.poulose@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.