From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Andi Kleen <ak@linux.intel.com>, Jonatan Corbet <corbet@lwn.net>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Tvrtko Ursulin <tursulin@ursulin.net>,
linux-kernel <linux-kernel@vger.kernel.org>,
kernel-hardening@lists.openwall.com, linux-doc@vger.kernel.org
Subject: Re: [PATCH v1 2/2]: Documentation/admin-guide: introduce perf-security.rst file
Date: Tue, 27 Nov 2018 11:17:00 +0300 [thread overview]
Message-ID: <acc29e9c-39ce-d255-66aa-1886a351476e@linux.intel.com> (raw)
In-Reply-To: <20181119103337.GZ9761@hirez.programming.kicks-ass.net>
Hi,
On 19.11.2018 13:33, Peter Zijlstra wrote:
> On Mon, Nov 19, 2018 at 08:42:52AM +0300, Alexey Budankov wrote:
>>
>> Implement initial version of perf-security.rst documentation file
>> initially covering security concerns related to PCL/Perf performance
>> monitoring in multiuser environments.
>
> Ditch the PCL thing. That's not a term used anywhere in the kernel.
Addressed. Please see v4.
>
> Also:
>
>> +PCL/Perf unprivileged users
>> +---------------------------
>> +
>> +PCL/Perf *scope* and *access* control for unprivileged processes is governed by
>> +perf_event_paranoid [2]_ setting:
>> +
>> +**-1**:
>> + Impose no *scope* and *access* restrictions on using PCL performance
>> + monitoring. Per-user per-cpu perf_event_mlock_kb [2]_ locking limit is
>> + ignored when allocating memory buffers for storing performance data.
>> + This is the least secure mode since allowed monitored *scope* is
>> + maximized and no PCL specific limits are imposed on *resources*
>> + allocated for performance monitoring.
>> +
>> +**>=0**:
>> + *scope* includes per-process and system wide performance monitoring
>> + but excludes raw tracepoints and ftrace function tracepoints monitoring.
>> + CPU and system events happened when executing either in user or
>> + in kernel space can be monitored and captured for later analysis.
>> + Per-user per-cpu perf_event_mlock_kb locking limit is imposed but
>> + ignored for unprivileged processes with CAP_IPC_LOCK [6]_ capability.
>> +
>> +**>=1**:
>> + *scope* includes per-process performance monitoring only and excludes
>> + system wide performance monitoring. CPU and system events happened when
>> + executing either in user or in kernel space can be monitored and
>> + captured for later analysis. Per-user per-cpu perf_event_mlock_kb
>> + locking limit is imposed but ignored for unprivileged processes with
>> + CAP_IPC_LOCK capability.
>> +
>> +**>=2**:
>> + *scope* includes per-process performance monitoring only. CPU and system
>> + events happened when executing in user space only can be monitored and
>> + captured for later analysis. Per-user per-cpu perf_event_mlock_kb
>> + locking limit is imposed but ignored for unprivileged processes with
>> + CAP_IPC_LOCK capability.
>> +
>> +**>=3**:
>> + Restrict *access* to PCL performance monitoring for unprivileged processes.
>> + This is the default on Debian and Android [7]_ , [8]_ .
>
> that ** crud is unreadable.
>
> http://lkml.kernel.org/r/094556ca-ea87-9c4a-2115-600d2833fb2a@darmarit.de
>
Addressed. Please see v4.
Thanks,
Alexey
next prev parent reply other threads:[~2018-11-27 8:17 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 5:37 [PATCH v1 0/2]: Documentation/admin-guide: introduce perf-security.rst file and extend perf_event_paranoid documentation Alexey Budankov
2018-11-19 5:41 ` [PATCH v1 1/2]: Documentation/admin-guide: update admin-guide index.rst Alexey Budankov
2018-11-19 10:03 ` Greg KH
2018-11-19 15:12 ` Alexey Budankov
2018-11-19 5:42 ` [PATCH v1 2/2]: Documentation/admin-guide: introduce perf-security.rst file Alexey Budankov
2018-11-19 10:33 ` Peter Zijlstra
2018-11-19 15:13 ` Alexey Budankov
2018-11-27 8:17 ` Alexey Budankov [this message]
2018-11-19 10:35 ` Jordan Glover
2018-11-19 10:35 ` Jordan Glover
2018-11-19 10:46 ` Peter Zijlstra
2018-11-19 10:46 ` Peter Zijlstra
2018-11-19 10:49 ` Jordan Glover
2018-11-19 10:49 ` Jordan Glover
2018-11-19 15:19 ` Alexey Budankov
2018-11-19 15:19 ` Alexey Budankov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acc29e9c-39ce-d255-66aa-1886a351476e@linux.intel.com \
--to=alexey.budankov@linux.intel.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=corbet@lwn.net \
--cc=jannh@google.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tursulin@ursulin.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.