From mboxrd@z Thu Jan 1 00:00:00 1970 From: Song Liu Subject: Re: [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process Date: Mon, 13 Jan 2020 20:47:04 +0000 Message-ID: References: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> Content-Language: en-US Content-ID: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane-mx.org@lists.infradead.org To: Alexey Budankov Cc: Mark Rutland , Peter Zijlstra , Benjamin Herrenschmidt , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , "oprofile-list@lists.sf.net" , Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , seli List-Id: linux-perf-users.vger.kernel.org > On Dec 18, 2019, at 1:28 AM, Alexey Budankov wrote: > > > Open access to bpf_trace monitoring for CAP_SYS_PERFMON privileged > processes. For backward compatibility reasons access to bpf_trace > monitoring remains open for CAP_SYS_ADMIN privileged processes but > CAP_SYS_ADMIN usage for secure bpf_trace monitoring is discouraged > with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov Acked-by: Song Liu > --- > kernel/trace/bpf_trace.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index 44bd08f2443b..bafe21ac6d92 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -1272,7 +1272,7 @@ int perf_event_query_prog_array(struct perf_event *event, void __user *info) > u32 *ids, prog_cnt, ids_len; > int ret; > > - if (!capable(CAP_SYS_ADMIN)) > + if (!perfmon_capable()) > return -EPERM; > if (event->attr.type != PERF_TYPE_TRACEPOINT) > return -EINVAL; I guess we need to fix this check for kprobe/uprobe created with perf_event_open()... Thanks, Song From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEC57C33CA9 for ; Mon, 13 Jan 2020 20:49:48 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0D2CF24658 for ; Mon, 13 Jan 2020 20:49:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=fb.com header.i=@fb.com header.b="K+bUezrV"; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com header.b="jRyZG3sQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0D2CF24658 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=fb.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47xQgs5VcxzDqNd for ; Tue, 14 Jan 2020 07:49:45 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=fb.com (client-ip=67.231.145.42; helo=mx0a-00082601.pphosted.com; envelope-from=prvs=8281b9063c=songliubraving@fb.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=fb.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=fb.com header.i=@fb.com header.a=rsa-sha256 header.s=facebook header.b=K+bUezrV; dkim=pass (1024-bit key; unprotected) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-fb-onmicrosoft-com header.b=jRyZG3sQ; dkim-atps=neutral Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47xQdq4drZzDq9b for ; Tue, 14 Jan 2020 07:47:58 +1100 (AEDT) Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00DKftlr004890; Mon, 13 Jan 2020 12:47:07 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=K+bUezrVf4b4H1WAtbTnqOy7DtVIa/XmTbISVS8G3cVzzyq8XJ+mo3Ede1WVRBm4RTHk RKM2prW4EhNjAoUMjmrO0j9pEdWQgZviWjpyZEPbRUoFrCVd08en4FcvPODUFsJHcudG wX4Le1gX2lgyzXvbAJCNCZIGNOfZYazwpsQ= Received: from mail.thefacebook.com (mailout.thefacebook.com [199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2xgw2egx8q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 13 Jan 2020 12:47:07 -0800 Received: from prn-hub06.TheFacebook.com (2620:10d:c081:35::130) by prn-hub06.TheFacebook.com (2620:10d:c081:35::130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Mon, 13 Jan 2020 12:47:05 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5 via Frontend Transport; Mon, 13 Jan 2020 12:47:05 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VxMtD+UI3GwJy+f/2g8V+EI1T1ZwhD3XbW4Qg4Ere2u99wVVBogxwdZQ12ROcqrIVd7g7D2fWHkm6ysKOJTQ6Wpy1fHEKP+l2HvBUQNnkPEBqP/ufWvu9FBLl01nJKv86r8cxODB+f55VfLsUbbBQFPf8c5mR5sncQ9D29/kts9xoZitil6joItJezJPsuCDq/bMC1GQPTuXLe2w7ITxQJBm5DOPZHeKtHubgrhTU1wx+fZ38PZjcvLMJ5ZPQpqn0G3gKswhqCSPuscoifvU89g3FieZVupzaSNmOrCXlp4/elho++xZVF3b3Pg5rJ2nQ9SgMhuGW0BeItN7gfFBRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=AMHmmBG1CZhIpP37RW3iW114gCsjBBhOwOx/1ILI7jBY/T/tmaJQxMh9js5wMM+NLqF5qpHdO1D2eANIcLiglU+9yLEKxQa9IkbqncHYsZrnYpDoVh9yLT+L/ciR2oqybycvpktCLiHUPV/v74jPsb/F3oe9EbtGpguIHtCENm75QlJpGJeyXd8V8MGEgXAfwhfKzDlIoVxf/xE1aLuQtVW7jlQyTtfuDyfg6a3k7+ZWvbVPngkJAaEEE2fkqnKWoIsGqA9ghtJtQxkQAn6KCbPGY2qT7aq5ZwapbgV6yb45+NOm3fJTNPFK1Fmlcv9ew/WUxVGlwSxMackNDIRSMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector2-fb-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=jRyZG3sQZIDfr3FKZQ9qUnH2jx5PvVSR5jwt1dHLWjAkfZ8Bm7b4uCl0vxMY2N5xamLdVn/GNv9F3fxiGqaEsfWWCLdbyMo0/0ZTrCJv70U1agGVANPEAiVFoyLLePVcfij2bAMHepOMwTSChL5H3WTs53UZGzFvsy7K79CB0rY= Received: from BYAPR15MB3029.namprd15.prod.outlook.com (20.178.238.208) by BYAPR15MB2215.namprd15.prod.outlook.com (52.135.196.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.13; Mon, 13 Jan 2020 20:47:05 +0000 Received: from BYAPR15MB3029.namprd15.prod.outlook.com ([fe80::3541:85d8:c4c8:760d]) by BYAPR15MB3029.namprd15.prod.outlook.com ([fe80::3541:85d8:c4c8:760d%3]) with mapi id 15.20.2623.015; Mon, 13 Jan 2020 20:47:05 +0000 From: Song Liu To: Alexey Budankov Subject: Re: [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process Thread-Topic: [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process Thread-Index: AQHVtYWFShQHtNvcRUuY/VfR2deyJafpOi4A Date: Mon, 13 Jan 2020 20:47:04 +0000 Message-ID: References: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> In-Reply-To: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3608.40.2.2.4) x-originating-ip: [2620:10d:c090:200::6df5] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a0304726-4b48-4085-2a9d-08d79869bfa9 x-ms-traffictypediagnostic: BYAPR15MB2215: x-microsoft-antispam-prvs: x-fb-source: Internal x-ms-oob-tlc-oobclassifiers: OLM:3826; x-forefront-prvs: 028166BF91 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(136003)(346002)(396003)(376002)(189003)(199004)(2616005)(478600001)(6486002)(54906003)(33656002)(71200400001)(6506007)(53546011)(6916009)(81166006)(4326008)(81156014)(66446008)(5660300002)(7406005)(7416002)(66556008)(66476007)(64756008)(8936002)(76116006)(91956017)(66946007)(316002)(186003)(2906002)(8676002)(36756003)(86362001)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR15MB2215; H:BYAPR15MB3029.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jErti10l4i5ZsrfYYM9/ZyKuOAphVPD4H8OCHVg+ePhZ+qTNYdHnbbgOjzNM9JgOFBZPx3m2MxHKCEBuXNyb8sTMHepnSJuElvM8Rg00lJl9JnuQaIle4RSIEMXA4t8mDO5SPifzmkGHWCUSMZEAjw0gGPLrsZwarsr8szGr0AMXItJHkNotQTbVNrlHwIGbZxQO7yaSJtQt48M+SDIYsV3O0CSyUR7d+N6H/jdu+tH/+ZdWPqxgG92jFK9VVLrTYjimFAeSVSJgoOYdn/H4BnY5tJkf/gYJZotftikRZ19TFckR/JgBrPpv0SNp1Y5u4+7bRUjRjrW4boEhBkQ+inPIYQVxm8N1iW4sQACd5vt1yuh+g2KRAY2HT6jMN9RHgDH1yCX6agStzuYdSMDH+humifhbOH7GyWTeFiy4PfzM1yLMZMK9j1q7LpY4aSMP x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: a0304726-4b48-4085-2a9d-08d79869bfa9 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2020 20:47:04.7729 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FHw0NUkoGMeLObzirpj63/cn4tT1tWAxsL3qXKZ6lxQ7MwCBVPORypJar15TOVVEI7kfvAdCXJ4h5dfnT5i6wA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2215 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-13_06:2020-01-13, 2020-01-13 signatures=0 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1015 spamscore=0 priorityscore=1501 bulkscore=0 malwarescore=0 adultscore=0 suspectscore=0 mlxscore=0 phishscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001130168 X-FB-Internal: deliver X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Peter Zijlstra , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , "oprofile-list@lists.sf.net" , Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , "jani.nikula@linux.intel.com" , Arnaldo Carvalho de Melo , "rodrigo.vivi@intel.com" , Namhyung Kim , Thomas Gleixner , "linux-arm-kernel@lists.infradead.org" , Tvrtko Ursulin , "linux-parisc@vger.kernel.org" , linux-kernel , Lionel Landwerlin , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" > On Dec 18, 2019, at 1:28 AM, Alexey Budankov wrote: >=20 >=20 > Open access to bpf_trace monitoring for CAP_SYS_PERFMON privileged > processes. For backward compatibility reasons access to bpf_trace > monitoring remains open for CAP_SYS_ADMIN privileged processes but > CAP_SYS_ADMIN usage for secure bpf_trace monitoring is discouraged > with respect to CAP_SYS_PERFMON capability. >=20 > Signed-off-by: Alexey Budankov Acked-by: Song Liu > --- > kernel/trace/bpf_trace.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index 44bd08f2443b..bafe21ac6d92 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -1272,7 +1272,7 @@ int perf_event_query_prog_array(struct perf_event *= event, void __user *info) > u32 *ids, prog_cnt, ids_len; > int ret; >=20 > - if (!capable(CAP_SYS_ADMIN)) > + if (!perfmon_capable()) > return -EPERM; > if (event->attr.type !=3D PERF_TYPE_TRACEPOINT) > return -EINVAL; I guess we need to fix this check for kprobe/uprobe created with=20 perf_event_open()... Thanks, Song From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF9B7C33CA9 for ; Mon, 13 Jan 2020 20:47:59 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 70A8124658 for ; Mon, 13 Jan 2020 20:47:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OxWU8l6i"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=fb.com header.i=@fb.com header.b="K+bUezrV"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com header.b="jRyZG3sQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 70A8124658 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=fb.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Content-ID:In-Reply-To: References:Message-ID:Date:Subject:To:From:Reply-To:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=HR4EY6uG5uwAEL6zLn+ZnOdYoJ9fK4ORW2M+UtlMLg0=; b=OxWU8l6ig5MBCL AtSskWkVe93Hg/doL2ie5pfqJIxmqkUCWi2TzEQWjDOLk83jA2qLBhWBbFjVrJP2bmNQQPBZXZaUt e30j6fCD36DYLBhn5hy7omjkRc7FXJr1tiBothCrL9UcjYQ27xM19rfiD/RRmsNzpXLU8m48FWC1M AvOQeyTwMUocXq4MhUwmKCPygsO4EJe0DICPKa4xB/i5mjUvwHH0YZ0fR5ROcpD+q5zpez5Vu7N9G J1NQ/HWlFnahQoAi/6CpfHFyrll3mbwjBkEivT9wGQJBImwJn1D6zErODxDxzCh6eweYsFcyr2tU1 46C4xJRPn0GD9GVj32yg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1ir6cw-0007tj-QP; Mon, 13 Jan 2020 20:47:58 +0000 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1ir6ct-0007t4-Dj for linux-arm-kernel@lists.infradead.org; Mon, 13 Jan 2020 20:47:56 +0000 Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00DKftlr004890; Mon, 13 Jan 2020 12:47:07 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=K+bUezrVf4b4H1WAtbTnqOy7DtVIa/XmTbISVS8G3cVzzyq8XJ+mo3Ede1WVRBm4RTHk RKM2prW4EhNjAoUMjmrO0j9pEdWQgZviWjpyZEPbRUoFrCVd08en4FcvPODUFsJHcudG wX4Le1gX2lgyzXvbAJCNCZIGNOfZYazwpsQ= Received: from mail.thefacebook.com (mailout.thefacebook.com [199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2xgw2egx8q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 13 Jan 2020 12:47:07 -0800 Received: from prn-hub06.TheFacebook.com (2620:10d:c081:35::130) by prn-hub06.TheFacebook.com (2620:10d:c081:35::130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Mon, 13 Jan 2020 12:47:05 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5 via Frontend Transport; Mon, 13 Jan 2020 12:47:05 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VxMtD+UI3GwJy+f/2g8V+EI1T1ZwhD3XbW4Qg4Ere2u99wVVBogxwdZQ12ROcqrIVd7g7D2fWHkm6ysKOJTQ6Wpy1fHEKP+l2HvBUQNnkPEBqP/ufWvu9FBLl01nJKv86r8cxODB+f55VfLsUbbBQFPf8c5mR5sncQ9D29/kts9xoZitil6joItJezJPsuCDq/bMC1GQPTuXLe2w7ITxQJBm5DOPZHeKtHubgrhTU1wx+fZ38PZjcvLMJ5ZPQpqn0G3gKswhqCSPuscoifvU89g3FieZVupzaSNmOrCXlp4/elho++xZVF3b3Pg5rJ2nQ9SgMhuGW0BeItN7gfFBRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=AMHmmBG1CZhIpP37RW3iW114gCsjBBhOwOx/1ILI7jBY/T/tmaJQxMh9js5wMM+NLqF5qpHdO1D2eANIcLiglU+9yLEKxQa9IkbqncHYsZrnYpDoVh9yLT+L/ciR2oqybycvpktCLiHUPV/v74jPsb/F3oe9EbtGpguIHtCENm75QlJpGJeyXd8V8MGEgXAfwhfKzDlIoVxf/xE1aLuQtVW7jlQyTtfuDyfg6a3k7+ZWvbVPngkJAaEEE2fkqnKWoIsGqA9ghtJtQxkQAn6KCbPGY2qT7aq5ZwapbgV6yb45+NOm3fJTNPFK1Fmlcv9ew/WUxVGlwSxMackNDIRSMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector2-fb-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=jRyZG3sQZIDfr3FKZQ9qUnH2jx5PvVSR5jwt1dHLWjAkfZ8Bm7b4uCl0vxMY2N5xamLdVn/GNv9F3fxiGqaEsfWWCLdbyMo0/0ZTrCJv70U1agGVANPEAiVFoyLLePVcfij2bAMHepOMwTSChL5H3WTs53UZGzFvsy7K79CB0rY= Received: from BYAPR15MB3029.namprd15.prod.outlook.com (20.178.238.208) by BYAPR15MB2215.namprd15.prod.outlook.com (52.135.196.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.13; Mon, 13 Jan 2020 20:47:05 +0000 Received: from BYAPR15MB3029.namprd15.prod.outlook.com ([fe80::3541:85d8:c4c8:760d]) by BYAPR15MB3029.namprd15.prod.outlook.com ([fe80::3541:85d8:c4c8:760d%3]) with mapi id 15.20.2623.015; Mon, 13 Jan 2020 20:47:05 +0000 From: Song Liu To: Alexey Budankov Subject: Re: [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process Thread-Topic: [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process Thread-Index: AQHVtYWFShQHtNvcRUuY/VfR2deyJafpOi4A Date: Mon, 13 Jan 2020 20:47:04 +0000 Message-ID: References: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> In-Reply-To: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3608.40.2.2.4) x-originating-ip: [2620:10d:c090:200::6df5] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a0304726-4b48-4085-2a9d-08d79869bfa9 x-ms-traffictypediagnostic: BYAPR15MB2215: x-microsoft-antispam-prvs: x-fb-source: Internal x-ms-oob-tlc-oobclassifiers: OLM:3826; x-forefront-prvs: 028166BF91 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(136003)(346002)(396003)(376002)(189003)(199004)(2616005)(478600001)(6486002)(54906003)(33656002)(71200400001)(6506007)(53546011)(6916009)(81166006)(4326008)(81156014)(66446008)(5660300002)(7406005)(7416002)(66556008)(66476007)(64756008)(8936002)(76116006)(91956017)(66946007)(316002)(186003)(2906002)(8676002)(36756003)(86362001)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR15MB2215; H:BYAPR15MB3029.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jErti10l4i5ZsrfYYM9/ZyKuOAphVPD4H8OCHVg+ePhZ+qTNYdHnbbgOjzNM9JgOFBZPx3m2MxHKCEBuXNyb8sTMHepnSJuElvM8Rg00lJl9JnuQaIle4RSIEMXA4t8mDO5SPifzmkGHWCUSMZEAjw0gGPLrsZwarsr8szGr0AMXItJHkNotQTbVNrlHwIGbZxQO7yaSJtQt48M+SDIYsV3O0CSyUR7d+N6H/jdu+tH/+ZdWPqxgG92jFK9VVLrTYjimFAeSVSJgoOYdn/H4BnY5tJkf/gYJZotftikRZ19TFckR/JgBrPpv0SNp1Y5u4+7bRUjRjrW4boEhBkQ+inPIYQVxm8N1iW4sQACd5vt1yuh+g2KRAY2HT6jMN9RHgDH1yCX6agStzuYdSMDH+humifhbOH7GyWTeFiy4PfzM1yLMZMK9j1q7LpY4aSMP x-ms-exchange-transport-forked: True Content-ID: MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: a0304726-4b48-4085-2a9d-08d79869bfa9 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2020 20:47:04.7729 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FHw0NUkoGMeLObzirpj63/cn4tT1tWAxsL3qXKZ6lxQ7MwCBVPORypJar15TOVVEI7kfvAdCXJ4h5dfnT5i6wA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2215 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-13_06:2020-01-13, 2020-01-13 signatures=0 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1015 spamscore=0 priorityscore=1501 bulkscore=0 malwarescore=0 adultscore=0 suspectscore=0 mlxscore=0 phishscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001130168 X-FB-Internal: deliver X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200113_124755_471879_1B908EB0 X-CRM114-Status: GOOD ( 17.69 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Peter Zijlstra , Benjamin Herrenschmidt , "joonas.lahtinen@linux.intel.com" , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , "oprofile-list@lists.sf.net" , Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , "jani.nikula@linux.intel.com" , Arnaldo Carvalho de Melo , "rodrigo.vivi@intel.com" , Namhyung Kim , Thomas Gleixner , "linux-arm-kernel@lists.infradead.org" , Tvrtko Ursulin , "linux-parisc@vger.kernel.org" , linux-kernel , Lionel Landwerlin , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org > On Dec 18, 2019, at 1:28 AM, Alexey Budankov wrote: > > > Open access to bpf_trace monitoring for CAP_SYS_PERFMON privileged > processes. For backward compatibility reasons access to bpf_trace > monitoring remains open for CAP_SYS_ADMIN privileged processes but > CAP_SYS_ADMIN usage for secure bpf_trace monitoring is discouraged > with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov Acked-by: Song Liu > --- > kernel/trace/bpf_trace.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index 44bd08f2443b..bafe21ac6d92 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -1272,7 +1272,7 @@ int perf_event_query_prog_array(struct perf_event *event, void __user *info) > u32 *ids, prog_cnt, ids_len; > int ret; > > - if (!capable(CAP_SYS_ADMIN)) > + if (!perfmon_capable()) > return -EPERM; > if (event->attr.type != PERF_TYPE_TRACEPOINT) > return -EINVAL; I guess we need to fix this check for kprobe/uprobe created with perf_event_open()... Thanks, Song _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37E65C33CB6 for ; Thu, 16 Jan 2020 05:50:51 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 04CEA2077B for ; Thu, 16 Jan 2020 05:50:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=fb.com header.i=@fb.com header.b="K+bUezrV"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com header.b="jRyZG3sQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 04CEA2077B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=fb.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=intel-gfx-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 2EB396EBE0; Thu, 16 Jan 2020 05:50:44 +0000 (UTC) X-Greylist: delayed 1148 seconds by postgrey-1.36 at gabe; Mon, 13 Jan 2020 21:07:02 UTC Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by gabe.freedesktop.org (Postfix) with ESMTPS id 00B316E160 for ; Mon, 13 Jan 2020 21:07:02 +0000 (UTC) Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00DKftlr004890; Mon, 13 Jan 2020 12:47:07 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=K+bUezrVf4b4H1WAtbTnqOy7DtVIa/XmTbISVS8G3cVzzyq8XJ+mo3Ede1WVRBm4RTHk RKM2prW4EhNjAoUMjmrO0j9pEdWQgZviWjpyZEPbRUoFrCVd08en4FcvPODUFsJHcudG wX4Le1gX2lgyzXvbAJCNCZIGNOfZYazwpsQ= Received: from mail.thefacebook.com (mailout.thefacebook.com [199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2xgw2egx8q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 13 Jan 2020 12:47:07 -0800 Received: from prn-hub06.TheFacebook.com (2620:10d:c081:35::130) by prn-hub06.TheFacebook.com (2620:10d:c081:35::130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Mon, 13 Jan 2020 12:47:05 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5 via Frontend Transport; Mon, 13 Jan 2020 12:47:05 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VxMtD+UI3GwJy+f/2g8V+EI1T1ZwhD3XbW4Qg4Ere2u99wVVBogxwdZQ12ROcqrIVd7g7D2fWHkm6ysKOJTQ6Wpy1fHEKP+l2HvBUQNnkPEBqP/ufWvu9FBLl01nJKv86r8cxODB+f55VfLsUbbBQFPf8c5mR5sncQ9D29/kts9xoZitil6joItJezJPsuCDq/bMC1GQPTuXLe2w7ITxQJBm5DOPZHeKtHubgrhTU1wx+fZ38PZjcvLMJ5ZPQpqn0G3gKswhqCSPuscoifvU89g3FieZVupzaSNmOrCXlp4/elho++xZVF3b3Pg5rJ2nQ9SgMhuGW0BeItN7gfFBRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=AMHmmBG1CZhIpP37RW3iW114gCsjBBhOwOx/1ILI7jBY/T/tmaJQxMh9js5wMM+NLqF5qpHdO1D2eANIcLiglU+9yLEKxQa9IkbqncHYsZrnYpDoVh9yLT+L/ciR2oqybycvpktCLiHUPV/v74jPsb/F3oe9EbtGpguIHtCENm75QlJpGJeyXd8V8MGEgXAfwhfKzDlIoVxf/xE1aLuQtVW7jlQyTtfuDyfg6a3k7+ZWvbVPngkJAaEEE2fkqnKWoIsGqA9ghtJtQxkQAn6KCbPGY2qT7aq5ZwapbgV6yb45+NOm3fJTNPFK1Fmlcv9ew/WUxVGlwSxMackNDIRSMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector2-fb-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqTtxbMQ2UzsyuZCZ8lAx13lyT5t3RtvOoGzVOw8UyA=; b=jRyZG3sQZIDfr3FKZQ9qUnH2jx5PvVSR5jwt1dHLWjAkfZ8Bm7b4uCl0vxMY2N5xamLdVn/GNv9F3fxiGqaEsfWWCLdbyMo0/0ZTrCJv70U1agGVANPEAiVFoyLLePVcfij2bAMHepOMwTSChL5H3WTs53UZGzFvsy7K79CB0rY= Received: from BYAPR15MB3029.namprd15.prod.outlook.com (20.178.238.208) by BYAPR15MB2215.namprd15.prod.outlook.com (52.135.196.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.13; Mon, 13 Jan 2020 20:47:05 +0000 Received: from BYAPR15MB3029.namprd15.prod.outlook.com ([fe80::3541:85d8:c4c8:760d]) by BYAPR15MB3029.namprd15.prod.outlook.com ([fe80::3541:85d8:c4c8:760d%3]) with mapi id 15.20.2623.015; Mon, 13 Jan 2020 20:47:05 +0000 From: Song Liu To: Alexey Budankov Thread-Topic: [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process Thread-Index: AQHVtYWFShQHtNvcRUuY/VfR2deyJafpOi4A Date: Mon, 13 Jan 2020 20:47:04 +0000 Message-ID: References: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> In-Reply-To: <1d46cc07-ced7-9a29-a9a3-3cba6ef2df21@linux.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3608.40.2.2.4) x-originating-ip: [2620:10d:c090:200::6df5] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a0304726-4b48-4085-2a9d-08d79869bfa9 x-ms-traffictypediagnostic: BYAPR15MB2215: x-microsoft-antispam-prvs: x-fb-source: Internal x-ms-oob-tlc-oobclassifiers: OLM:3826; x-forefront-prvs: 028166BF91 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(136003)(346002)(396003)(376002)(189003)(199004)(2616005)(478600001)(6486002)(54906003)(33656002)(71200400001)(6506007)(53546011)(6916009)(81166006)(4326008)(81156014)(66446008)(5660300002)(7406005)(7416002)(66556008)(66476007)(64756008)(8936002)(76116006)(91956017)(66946007)(316002)(186003)(2906002)(8676002)(36756003)(86362001)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR15MB2215; H:BYAPR15MB3029.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jErti10l4i5ZsrfYYM9/ZyKuOAphVPD4H8OCHVg+ePhZ+qTNYdHnbbgOjzNM9JgOFBZPx3m2MxHKCEBuXNyb8sTMHepnSJuElvM8Rg00lJl9JnuQaIle4RSIEMXA4t8mDO5SPifzmkGHWCUSMZEAjw0gGPLrsZwarsr8szGr0AMXItJHkNotQTbVNrlHwIGbZxQO7yaSJtQt48M+SDIYsV3O0CSyUR7d+N6H/jdu+tH/+ZdWPqxgG92jFK9VVLrTYjimFAeSVSJgoOYdn/H4BnY5tJkf/gYJZotftikRZ19TFckR/JgBrPpv0SNp1Y5u4+7bRUjRjrW4boEhBkQ+inPIYQVxm8N1iW4sQACd5vt1yuh+g2KRAY2HT6jMN9RHgDH1yCX6agStzuYdSMDH+humifhbOH7GyWTeFiy4PfzM1yLMZMK9j1q7LpY4aSMP x-ms-exchange-transport-forked: True Content-ID: MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: a0304726-4b48-4085-2a9d-08d79869bfa9 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2020 20:47:04.7729 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FHw0NUkoGMeLObzirpj63/cn4tT1tWAxsL3qXKZ6lxQ7MwCBVPORypJar15TOVVEI7kfvAdCXJ4h5dfnT5i6wA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2215 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-13_06:2020-01-13, 2020-01-13 signatures=0 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1015 spamscore=0 priorityscore=1501 bulkscore=0 malwarescore=0 adultscore=0 suspectscore=0 mlxscore=0 phishscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001130168 X-FB-Internal: deliver X-Mailman-Approved-At: Thu, 16 Jan 2020 05:50:43 +0000 Subject: Re: [Intel-gfx] [PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Peter Zijlstra , Benjamin Herrenschmidt , Will Deacon , Alexei Starovoitov , Stephane Eranian , "james.bottomley@hansenpartnership.com" , Paul Mackerras , Jiri Olsa , Andi Kleen , Michael Ellerman , Igor Lubashev , James Morris , Alexander Shishkin , Ingo Molnar , "oprofile-list@lists.sf.net" , Serge Hallyn , Robert Richter , Kees Cook , Jann Horn , "selinux@vger.kernel.org" , "intel-gfx@lists.freedesktop.org" , Arnaldo Carvalho de Melo , Namhyung Kim , Thomas Gleixner , "linux-arm-kernel@lists.infradead.org" , "linux-parisc@vger.kernel.org" , linux-kernel , "linux-perf-users@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Casey Schaufler , "bpf@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" > On Dec 18, 2019, at 1:28 AM, Alexey Budankov wrote: > > > Open access to bpf_trace monitoring for CAP_SYS_PERFMON privileged > processes. For backward compatibility reasons access to bpf_trace > monitoring remains open for CAP_SYS_ADMIN privileged processes but > CAP_SYS_ADMIN usage for secure bpf_trace monitoring is discouraged > with respect to CAP_SYS_PERFMON capability. > > Signed-off-by: Alexey Budankov Acked-by: Song Liu > --- > kernel/trace/bpf_trace.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index 44bd08f2443b..bafe21ac6d92 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -1272,7 +1272,7 @@ int perf_event_query_prog_array(struct perf_event *event, void __user *info) > u32 *ids, prog_cnt, ids_len; > int ret; > > - if (!capable(CAP_SYS_ADMIN)) > + if (!perfmon_capable()) > return -EPERM; > if (event->attr.type != PERF_TYPE_TRACEPOINT) > return -EINVAL; I guess we need to fix this check for kprobe/uprobe created with perf_event_open()... Thanks, Song _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx