From: Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>
To: Igor Lubashev <ilubashe@akamai.com>
Cc: Jiri Olsa <jolsa@redhat.com>,
linux-kernel@vger.kernel.org,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
James Morris <jmorris@namei.org>
Subject: Re: [PATCH 1/3] perf: Add capability-related utilities
Date: Wed, 17 Jul 2019 20:48:43 -0300 [thread overview]
Message-ID: <20190717234843.GK3624@kernel.org> (raw)
In-Reply-To: <20190717234652.GJ3624@kernel.org>
Em Wed, Jul 17, 2019 at 08:46:52PM -0300, Arnaldo Carvalho de Melo escreveu:
> I'll do it if there is any difficulty, just not right now as I'm busy
> and want to get a pull req out of the door.
Also please find the first patch fixed up wrt a conflict with the
pythong binding, please use it instead as that is what applies to my
current perf/core branch.
It has the ack from Alexey and one I think Jiri would provide, judging
from his positive tone to the patches :)
- Arnaldo
commit 8048a0884a3f98bae2434d141711d72382b784b0
Author: Igor Lubashev <ilubashe@akamai.com>
Date: Wed Jul 17 20:39:03 2019 -0300
perf tools: Add capability-related utilities
Add utilities to help checking capabilities of the running process.
Make perf link with libcap.
Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
Acked-by: Alexey Budankov <alexey.budankov@linux.intel.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
CC: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lkml.kernel.org/r/1562112605-6235-2-git-send-email-ilubashe@akamai.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index 89ac5a1f1550..b9cf084f32d7 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
# adding assembler files missing the .GNU-stack linker note.
LDFLAGS += -Wl,-z,noexecstack
-EXTLIBS = -lpthread -lrt -lm -ldl
+EXTLIBS = -lpthread -lrt -lm -ldl -lcap
ifeq ($(FEATURES_DUMP),)
include $(srctree)/tools/build/Makefile.feature
diff --git a/tools/perf/util/Build b/tools/perf/util/Build
index 14f812bb07a7..61ed1a3005d4 100644
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
@@ -1,6 +1,7 @@
perf-y += annotate.o
perf-y += block-range.o
perf-y += build-id.o
+perf-y += cap.o
perf-y += config.o
perf-y += ctype.o
perf-y += db-export.o
diff --git a/tools/perf/util/cap.c b/tools/perf/util/cap.c
new file mode 100644
index 000000000000..c42ea32663cf
--- /dev/null
+++ b/tools/perf/util/cap.c
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Capability utilities
+ */
+#include "cap.h"
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap)
+{
+ cap_flag_value_t val;
+ cap_t caps = cap_get_proc();
+
+ if (!caps)
+ return false;
+
+ if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val) != 0)
+ val = CAP_CLEAR;
+
+ if (cap_free(caps) != 0)
+ return false;
+
+ return val == CAP_SET;
+}
diff --git a/tools/perf/util/cap.h b/tools/perf/util/cap.h
new file mode 100644
index 000000000000..5521de78b228
--- /dev/null
+++ b/tools/perf/util/cap.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __PERF_CAP_H
+#define __PERF_CAP_H
+
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap);
+
+#endif /* __PERF_CAP_H */
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 1f1da6082806..b4128f72f2e8 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -851,6 +851,7 @@ void cpu_map_data__synthesize(struct cpu_map_data *data, struct cpu_map *map,
void event_attr_init(struct perf_event_attr *attr);
int perf_event_paranoid(void);
+bool perf_event_paranoid_check(int max_level);
extern int sysctl_perf_event_max_stack;
extern int sysctl_perf_event_max_contexts_per_stack;
diff --git a/tools/perf/util/python-ext-sources b/tools/perf/util/python-ext-sources
index ceb8afdf9a89..afba10684b65 100644
--- a/tools/perf/util/python-ext-sources
+++ b/tools/perf/util/python-ext-sources
@@ -9,6 +9,7 @@ util/python.c
../lib/ctype.c
util/evlist.c
util/evsel.c
+util/cap.c
util/cpumap.c
util/memswap.c
util/mmap.c
diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c
index a61535cf1bca..4f0da8a03697 100644
--- a/tools/perf/util/util.c
+++ b/tools/perf/util/util.c
@@ -16,10 +16,12 @@
#include <string.h>
#include <errno.h>
#include <limits.h>
+#include <linux/capability.h>
#include <linux/kernel.h>
#include <linux/log2.h>
#include <linux/time64.h>
#include <unistd.h>
+#include "cap.h"
#include "strlist.h"
#include "string2.h"
@@ -443,6 +445,13 @@ int perf_event_paranoid(void)
return value;
}
+
+bool perf_event_paranoid_check(int max_level)
+{
+ return perf_cap__capable(CAP_SYS_ADMIN) ||
+ perf_event_paranoid() <= max_level;
+}
+
static int
fetch_ubuntu_kernel_version(unsigned int *puint)
{
next prev parent reply other threads:[~2019-07-17 23:48 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-03 0:10 [PATCH 0/3] perf: Use capabilities instead of uid and euid Igor Lubashev
2019-07-03 0:10 ` [PATCH 1/3] perf: Add capability-related utilities Igor Lubashev
2019-07-16 8:46 ` Jiri Olsa
2019-07-17 21:05 ` Arnaldo Carvalho de Melo
2019-07-17 23:46 ` Arnaldo Carvalho de Melo
2019-07-17 23:48 ` Arnaldo Carvalho de Melo [this message]
2019-07-18 21:00 ` Lubashev, Igor
2019-08-07 3:58 ` Lubashev, Igor
2019-07-03 0:10 ` [PATCH 2/3] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks Igor Lubashev
2019-07-16 8:47 ` Jiri Olsa
2019-07-16 17:01 ` Lubashev, Igor
2019-07-17 7:10 ` Jiri Olsa
2019-07-17 18:33 ` Lubashev, Igor
2019-07-03 0:10 ` [PATCH 3/3] perf: Use CAP_SYSLOG with kptr_restrict checks Igor Lubashev
2019-07-16 10:51 ` [PATCH 0/3] perf: Use capabilities instead of uid and euid Alexey Budankov
2019-07-17 18:15 ` [PATCH 4/3] perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace Igor Lubashev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190717234843.GK3624@kernel.org \
--to=arnaldo.melo@gmail.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=ilubashe@akamai.com \
--cc=jmorris@namei.org \
--cc=jolsa@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.poirier@linaro.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).