linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jiri Olsa <jolsa@redhat.com>
To: Igor Lubashev <ilubashe@akamai.com>
Cc: linux-kernel@vger.kernel.org,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Alexey Budankov <alexey.budankov@linux.intel.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Mathieu Poirier <mathieu.poirier@linaro.org>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Namhyung Kim <namhyung@kernel.org>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	linux-arm-kernel@lists.infradead.org,
	James Morris <jmorris@namei.org>
Subject: Re: [PATCH v3 0/4] perf: Use capabilities instead of uid and euid
Date: Mon, 12 Aug 2019 11:13:48 +0200	[thread overview]
Message-ID: <20190812091348.GA11946@krava> (raw)
In-Reply-To: <cover.1565188228.git.ilubashe@akamai.com>

On Wed, Aug 07, 2019 at 10:44:13AM -0400, Igor Lubashev wrote:
> Series v1: https://lkml.kernel.org/lkml/1562112605-6235-1-git-send-email-ilubashe@akamai.com
> 
> 
> Kernel is using capabilities instead of uid and euid to restrict access to
> kernel pointers and tracing facilities.  This patch series updates the perf to
> better match the security model used by the kernel.
> 
> This series enables instructions in Documentation/admin-guide/perf-security.rst
> to actually work, even when kernel.perf_event_paranoid=2 and
> kernel.kptr_restrict=1.
> 
> The series consists of four patches:
> 
>   01: perf: Add capability-related utilities
>     Add utility functions to check capabilities and perf_event_paranoid checks,
>     if libcap-dev[el] is available. (Otherwise, assume no capabilities.)
> 
>   02: perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
>     Replace the use of euid==0 with a check for CAP_SYS_ADMIN whenever
>     perf_event_paranoid level is verified.
> 
>   03: perf: Use CAP_SYSLOG with kptr_restrict checks
>     Replace the use of uid and euid with a check for CAP_SYSLOG when
>     kptr_restrict is verified (similar to kernel/kallsyms.c and lib/vsprintf.c).
>     Consult perf_event_paranoid when kptr_restrict==0 (see kernel/kallsyms.c).
> 
>   04: perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace
>     Replace the use of euid==0 with a check for CAP_SYS_ADMIN before mounting
>     debugfs for ftrace.
> 
> I tested this by following Documentation/admin-guide/perf-security.rst
> guidelines and setting sysctls:
> 
>    kernel.perf_event_paranoid=2
>    kernel.kptr_restrict=1
> 
> As an unprivileged user who is in perf_users group (setup via instructions
> above), I executed:
>    perf record -a -- sleep 1
> 
> Without the patch, perf record did not capture any kernel functions.
> With the patch, perf included all kernel functions.
> 
> 
> Changelog:
> v3:  * Fix arm64 compilation (thanks, Alexey and Jiri)

Acked-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka


> v2:  * Added a build feature check for libcap-dev[el] as suggested by Arnaldo
> 
> 
> Igor Lubashev (4):
>   perf: Add capability-related utilities
>   perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
>   perf: Use CAP_SYSLOG with kptr_restrict checks
>   perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace
> 
>  tools/build/Makefile.feature         |  2 ++
>  tools/build/feature/Makefile         |  4 ++++
>  tools/build/feature/test-libcap.c    | 20 ++++++++++++++++++++
>  tools/perf/Makefile.config           | 11 +++++++++++
>  tools/perf/Makefile.perf             |  2 ++
>  tools/perf/arch/arm/util/cs-etm.c    |  3 ++-
>  tools/perf/arch/arm64/util/arm-spe.c |  3 ++-
>  tools/perf/arch/x86/util/intel-bts.c |  3 ++-
>  tools/perf/arch/x86/util/intel-pt.c  |  2 +-
>  tools/perf/builtin-ftrace.c          |  4 +++-
>  tools/perf/util/Build                |  2 ++
>  tools/perf/util/cap.c                | 29 +++++++++++++++++++++++++++++
>  tools/perf/util/cap.h                | 24 ++++++++++++++++++++++++
>  tools/perf/util/event.h              |  1 +
>  tools/perf/util/evsel.c              |  2 +-
>  tools/perf/util/python-ext-sources   |  1 +
>  tools/perf/util/symbol.c             | 15 +++++++++++----
>  tools/perf/util/util.c               |  9 +++++++++
>  18 files changed, 127 insertions(+), 10 deletions(-)
>  create mode 100644 tools/build/feature/test-libcap.c
>  create mode 100644 tools/perf/util/cap.c
>  create mode 100644 tools/perf/util/cap.h
> 
> -- 
> 2.7.4
> 

      parent reply	other threads:[~2019-08-12  9:13 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-07 14:44 [PATCH v3 0/4] perf: Use capabilities instead of uid and euid Igor Lubashev
2019-08-07 14:44 ` [PATCH v3 1/4] perf: Add capability-related utilities Igor Lubashev
2019-08-12 19:43   ` Arnaldo Carvalho de Melo
2019-08-15  9:24   ` [tip:perf/core] tools build: Add capability-related feature detection tip-bot for Igor Lubashev
2019-08-15  9:25   ` [tip:perf/core] perf tools: Add helpers to use capabilities if present tip-bot for Igor Lubashev
2019-08-07 14:44 ` [PATCH v3 2/4] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks Igor Lubashev
2019-08-12 20:01   ` Arnaldo Carvalho de Melo
2019-08-12 20:15     ` Arnaldo Carvalho de Melo
2019-08-12 22:33       ` Lubashev, Igor
2019-08-13 13:20         ` Arnaldo Carvalho de Melo
2019-08-07 14:44 ` [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Igor Lubashev
2019-08-14 18:04   ` Mathieu Poirier
2019-08-14 18:48     ` Arnaldo Carvalho de Melo
2019-08-14 18:52       ` Arnaldo Carvalho de Melo
2019-08-14 20:02         ` Lubashev, Igor
2019-08-15 15:01           ` Mathieu Poirier
2019-08-15 20:16           ` Mathieu Poirier
2019-08-15 21:42             ` Arnaldo Carvalho de Melo
2019-08-19 16:51               ` Mathieu Poirier
2019-08-19 22:22                 ` Lubashev, Igor
2019-08-20 16:57                   ` Mathieu Poirier
2019-08-20 17:13                   ` Arnaldo Carvalho de Melo
2019-08-27  1:58                     ` Lubashev, Igor
2019-08-15 22:27             ` Lubashev, Igor
2019-08-07 14:44 ` [PATCH v3 4/4] perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace Igor Lubashev
2019-08-12 20:22   ` Arnaldo Carvalho de Melo
2019-08-12 20:27     ` Arnaldo Carvalho de Melo
2019-08-12 20:29       ` Arnaldo Carvalho de Melo
2019-08-12 21:42         ` Mathieu Poirier
2019-08-13 13:23           ` Arnaldo Carvalho de Melo
2019-08-13 16:35             ` Mathieu Poirier
2019-08-15  9:27   ` [tip:perf/core] perf ftrace: Use CAP_SYS_ADMIN instead of euid==0 tip-bot for Igor Lubashev
2019-08-12  9:13 ` Jiri Olsa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190812091348.GA11946@krava \
    --to=jolsa@redhat.com \
    --cc=acme@kernel.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=alexey.budankov@linux.intel.com \
    --cc=ilubashe@akamai.com \
    --cc=jmorris@namei.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.poirier@linaro.org \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=suzuki.poulose@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).