From: Jiri Olsa <jolsa@redhat.com>
To: Igor Lubashev <ilubashe@akamai.com>
Cc: linux-kernel@vger.kernel.org,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
James Morris <jmorris@namei.org>
Subject: Re: [PATCH v3 0/4] perf: Use capabilities instead of uid and euid
Date: Mon, 12 Aug 2019 11:13:48 +0200 [thread overview]
Message-ID: <20190812091348.GA11946@krava> (raw)
In-Reply-To: <cover.1565188228.git.ilubashe@akamai.com>
On Wed, Aug 07, 2019 at 10:44:13AM -0400, Igor Lubashev wrote:
> Series v1: https://lkml.kernel.org/lkml/1562112605-6235-1-git-send-email-ilubashe@akamai.com
>
>
> Kernel is using capabilities instead of uid and euid to restrict access to
> kernel pointers and tracing facilities. This patch series updates the perf to
> better match the security model used by the kernel.
>
> This series enables instructions in Documentation/admin-guide/perf-security.rst
> to actually work, even when kernel.perf_event_paranoid=2 and
> kernel.kptr_restrict=1.
>
> The series consists of four patches:
>
> 01: perf: Add capability-related utilities
> Add utility functions to check capabilities and perf_event_paranoid checks,
> if libcap-dev[el] is available. (Otherwise, assume no capabilities.)
>
> 02: perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
> Replace the use of euid==0 with a check for CAP_SYS_ADMIN whenever
> perf_event_paranoid level is verified.
>
> 03: perf: Use CAP_SYSLOG with kptr_restrict checks
> Replace the use of uid and euid with a check for CAP_SYSLOG when
> kptr_restrict is verified (similar to kernel/kallsyms.c and lib/vsprintf.c).
> Consult perf_event_paranoid when kptr_restrict==0 (see kernel/kallsyms.c).
>
> 04: perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace
> Replace the use of euid==0 with a check for CAP_SYS_ADMIN before mounting
> debugfs for ftrace.
>
> I tested this by following Documentation/admin-guide/perf-security.rst
> guidelines and setting sysctls:
>
> kernel.perf_event_paranoid=2
> kernel.kptr_restrict=1
>
> As an unprivileged user who is in perf_users group (setup via instructions
> above), I executed:
> perf record -a -- sleep 1
>
> Without the patch, perf record did not capture any kernel functions.
> With the patch, perf included all kernel functions.
>
>
> Changelog:
> v3: * Fix arm64 compilation (thanks, Alexey and Jiri)
Acked-by: Jiri Olsa <jolsa@kernel.org>
thanks,
jirka
> v2: * Added a build feature check for libcap-dev[el] as suggested by Arnaldo
>
>
> Igor Lubashev (4):
> perf: Add capability-related utilities
> perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
> perf: Use CAP_SYSLOG with kptr_restrict checks
> perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace
>
> tools/build/Makefile.feature | 2 ++
> tools/build/feature/Makefile | 4 ++++
> tools/build/feature/test-libcap.c | 20 ++++++++++++++++++++
> tools/perf/Makefile.config | 11 +++++++++++
> tools/perf/Makefile.perf | 2 ++
> tools/perf/arch/arm/util/cs-etm.c | 3 ++-
> tools/perf/arch/arm64/util/arm-spe.c | 3 ++-
> tools/perf/arch/x86/util/intel-bts.c | 3 ++-
> tools/perf/arch/x86/util/intel-pt.c | 2 +-
> tools/perf/builtin-ftrace.c | 4 +++-
> tools/perf/util/Build | 2 ++
> tools/perf/util/cap.c | 29 +++++++++++++++++++++++++++++
> tools/perf/util/cap.h | 24 ++++++++++++++++++++++++
> tools/perf/util/event.h | 1 +
> tools/perf/util/evsel.c | 2 +-
> tools/perf/util/python-ext-sources | 1 +
> tools/perf/util/symbol.c | 15 +++++++++++----
> tools/perf/util/util.c | 9 +++++++++
> 18 files changed, 127 insertions(+), 10 deletions(-)
> create mode 100644 tools/build/feature/test-libcap.c
> create mode 100644 tools/perf/util/cap.c
> create mode 100644 tools/perf/util/cap.h
>
> --
> 2.7.4
>
prev parent reply other threads:[~2019-08-12 9:13 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-07 14:44 [PATCH v3 0/4] perf: Use capabilities instead of uid and euid Igor Lubashev
2019-08-07 14:44 ` [PATCH v3 1/4] perf: Add capability-related utilities Igor Lubashev
2019-08-12 19:43 ` Arnaldo Carvalho de Melo
2019-08-15 9:24 ` [tip:perf/core] tools build: Add capability-related feature detection tip-bot for Igor Lubashev
2019-08-15 9:25 ` [tip:perf/core] perf tools: Add helpers to use capabilities if present tip-bot for Igor Lubashev
2019-08-07 14:44 ` [PATCH v3 2/4] perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks Igor Lubashev
2019-08-12 20:01 ` Arnaldo Carvalho de Melo
2019-08-12 20:15 ` Arnaldo Carvalho de Melo
2019-08-12 22:33 ` Lubashev, Igor
2019-08-13 13:20 ` Arnaldo Carvalho de Melo
2019-08-07 14:44 ` [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Igor Lubashev
2019-08-14 18:04 ` Mathieu Poirier
2019-08-14 18:48 ` Arnaldo Carvalho de Melo
2019-08-14 18:52 ` Arnaldo Carvalho de Melo
2019-08-14 20:02 ` Lubashev, Igor
2019-08-15 15:01 ` Mathieu Poirier
2019-08-15 20:16 ` Mathieu Poirier
2019-08-15 21:42 ` Arnaldo Carvalho de Melo
2019-08-19 16:51 ` Mathieu Poirier
2019-08-19 22:22 ` Lubashev, Igor
2019-08-20 16:57 ` Mathieu Poirier
2019-08-20 17:13 ` Arnaldo Carvalho de Melo
2019-08-27 1:58 ` Lubashev, Igor
2019-08-15 22:27 ` Lubashev, Igor
2019-08-07 14:44 ` [PATCH v3 4/4] perf: Use CAP_SYS_ADMIN instead of euid==0 with ftrace Igor Lubashev
2019-08-12 20:22 ` Arnaldo Carvalho de Melo
2019-08-12 20:27 ` Arnaldo Carvalho de Melo
2019-08-12 20:29 ` Arnaldo Carvalho de Melo
2019-08-12 21:42 ` Mathieu Poirier
2019-08-13 13:23 ` Arnaldo Carvalho de Melo
2019-08-13 16:35 ` Mathieu Poirier
2019-08-15 9:27 ` [tip:perf/core] perf ftrace: Use CAP_SYS_ADMIN instead of euid==0 tip-bot for Igor Lubashev
2019-08-12 9:13 ` Jiri Olsa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190812091348.GA11946@krava \
--to=jolsa@redhat.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=ilubashe@akamai.com \
--cc=jmorris@namei.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.poirier@linaro.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).