linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Igor Lubashev <ilubashe@akamai.com>
To: <linux-kernel@vger.kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Igor Lubashev <ilubashe@akamai.com>,
	James Morris <jmorris@namei.org>,
	Namhyung Kim <namhyung@kernel.org>, Jiri Olsa <jolsa@redhat.com>,
	linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/3] perf: Add capability-related utilities
Date: Tue, 2 Jul 2019 20:10:03 -0400	[thread overview]
Message-ID: <1562112605-6235-2-git-send-email-ilubashe@akamai.com> (raw)
In-Reply-To: <1562112605-6235-1-git-send-email-ilubashe@akamai.com>

Add utilities to help checking capabilities of the running process.
Make perf link with libcap.

Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
---
 tools/perf/Makefile.config         |  2 +-
 tools/perf/util/Build              |  1 +
 tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
 tools/perf/util/cap.h              | 10 ++++++++++
 tools/perf/util/event.h            |  1 +
 tools/perf/util/python-ext-sources |  1 +
 tools/perf/util/util.c             |  9 +++++++++
 7 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 tools/perf/util/cap.c
 create mode 100644 tools/perf/util/cap.h

diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index 85fbcd265351..21470a50ed39 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
 # adding assembler files missing the .GNU-stack linker note.
 LDFLAGS += -Wl,-z,noexecstack
 
-EXTLIBS = -lpthread -lrt -lm -ldl
+EXTLIBS = -lpthread -lrt -lm -ldl -lcap
 
 ifeq ($(FEATURES_DUMP),)
 include $(srctree)/tools/build/Makefile.feature
diff --git a/tools/perf/util/Build b/tools/perf/util/Build
index 6d5bbc8b589b..9cc6e9b34ebd 100644
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
@@ -1,6 +1,7 @@
 perf-y += annotate.o
 perf-y += block-range.o
 perf-y += build-id.o
+perf-y += cap.o
 perf-y += config.o
 perf-y += ctype.o
 perf-y += db-export.o
diff --git a/tools/perf/util/cap.c b/tools/perf/util/cap.c
new file mode 100644
index 000000000000..c42ea32663cf
--- /dev/null
+++ b/tools/perf/util/cap.c
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Capability utilities
+ */
+#include "cap.h"
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap)
+{
+	cap_flag_value_t val;
+	cap_t caps = cap_get_proc();
+
+	if (!caps)
+		return false;
+
+	if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val) != 0)
+		val = CAP_CLEAR;
+
+	if (cap_free(caps) != 0)
+		return false;
+
+	return val == CAP_SET;
+}
diff --git a/tools/perf/util/cap.h b/tools/perf/util/cap.h
new file mode 100644
index 000000000000..5521de78b228
--- /dev/null
+++ b/tools/perf/util/cap.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __PERF_CAP_H
+#define __PERF_CAP_H
+
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap);
+
+#endif /* __PERF_CAP_H */
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 9e999550f247..013d9e28fcac 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -849,6 +849,7 @@ void  cpu_map_data__synthesize(struct cpu_map_data *data, struct cpu_map *map,
 void event_attr_init(struct perf_event_attr *attr);
 
 int perf_event_paranoid(void);
+bool perf_event_paranoid_check(int max_level);
 
 extern int sysctl_perf_event_max_stack;
 extern int sysctl_perf_event_max_contexts_per_stack;
diff --git a/tools/perf/util/python-ext-sources b/tools/perf/util/python-ext-sources
index 7aa0ea64544e..4545eaf018b5 100644
--- a/tools/perf/util/python-ext-sources
+++ b/tools/perf/util/python-ext-sources
@@ -6,6 +6,7 @@
 #
 
 util/python.c
+util/cap.c
 util/ctype.c
 util/evlist.c
 util/evsel.c
diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c
index d388f80d8703..cde538ec727d 100644
--- a/tools/perf/util/util.c
+++ b/tools/perf/util/util.c
@@ -16,10 +16,12 @@
 #include <string.h>
 #include <errno.h>
 #include <limits.h>
+#include <linux/capability.h>
 #include <linux/kernel.h>
 #include <linux/log2.h>
 #include <linux/time64.h>
 #include <unistd.h>
+#include "cap.h"
 #include "strlist.h"
 #include "string2.h"
 
@@ -456,6 +458,13 @@ int perf_event_paranoid(void)
 
 	return value;
 }
+
+bool perf_event_paranoid_check(int max_level)
+{
+	return perf_cap__capable(CAP_SYS_ADMIN) ||
+			perf_event_paranoid() <= max_level;
+}
+
 static int
 fetch_ubuntu_kernel_version(unsigned int *puint)
 {
-- 
2.7.4


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2019-07-03  0:11 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-03  0:10 [PATCH 0/3] perf: Use capabilities instead of uid and euid Igor Lubashev
2019-07-03  0:10 ` Igor Lubashev [this message]
2019-07-16  8:46   ` [PATCH 1/3] perf: Add capability-related utilities Jiri Olsa
2019-07-17 21:05     ` Arnaldo Carvalho de Melo
2019-07-17 23:46       ` Arnaldo Carvalho de Melo
2019-07-17 23:48         ` Arnaldo Carvalho de Melo
2019-07-18 21:00         ` Lubashev, Igor
2019-08-07  3:58         ` Lubashev, Igor
2019-07-03  0:10 ` [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks Igor Lubashev
2019-07-16  8:47   ` Jiri Olsa
2019-07-16 17:01     ` Lubashev, Igor
2019-07-17  7:10       ` Jiri Olsa
2019-07-17 18:33         ` Lubashev, Igor
2019-07-03  0:10 ` [PATCH 3/3] perf: Use CAP_SYSLOG with kptr_restrict checks Igor Lubashev
2019-07-16 10:51 ` [PATCH 0/3] perf: Use capabilities instead of uid and euid Alexey Budankov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1562112605-6235-2-git-send-email-ilubashe@akamai.com \
    --to=ilubashe@akamai.com \
    --cc=acme@kernel.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=jmorris@namei.org \
    --cc=jolsa@redhat.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.poirier@linaro.org \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=suzuki.poulose@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).