linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: tip-bot for Wang Nan <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: lizefan@huawei.com, hekuang@huawei.com, ast@fb.com,
	acme@redhat.com, hpa@zytor.com, linux-kernel@vger.kernel.org,
	mingo@kernel.org, tglx@linutronix.de, wangnan0@huawei.com
Subject: [tip:perf/core] perf record: Fix segfault when running with suid and kptr_restrict is 1
Date: Fri, 25 Nov 2016 09:21:18 -0800	[thread overview]
Message-ID: <tip-3dbe46c5245f61328797738c6a0a6cd4bf921f61@git.kernel.org> (raw)
In-Reply-To: <20161115040617.69788-3-wangnan0@huawei.com>

Commit-ID:  3dbe46c5245f61328797738c6a0a6cd4bf921f61
Gitweb:     http://git.kernel.org/tip/3dbe46c5245f61328797738c6a0a6cd4bf921f61
Author:     Wang Nan <wangnan0@huawei.com>
AuthorDate: Tue, 15 Nov 2016 04:05:45 +0000
Committer:  Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Fri, 25 Nov 2016 11:11:10 -0300

perf record: Fix segfault when running with suid and kptr_restrict is 1

Before this patch perf panics if kptr_restrict is set to 1 and perf is
owned by root with suid set:

  $ whoami
  wangnan
  $ ls -l ./perf
  -rwsr-xr-x 1 root root 19781908 Sep 21 19:29 /home/wangnan/perf
  $ cat /proc/sys/kernel/kptr_restrict
  1
  $ cat /proc/sys/kernel/perf_event_paranoid
  -1
  $ ./perf record -a
  Segmentation fault (core dumped)
  $

The reason is that perf assumes it is allowed to read kptr from
/proc/kallsyms when euid is root, but in fact the kernel doesn't allow
reading kptr when euid and uid do not match with each other:

  $ cp /bin/cat .
  $ sudo chown root:root ./cat
  $ sudo chmod u+s ./cat
  $ cat /proc/kallsyms | grep do_fork
  0000000000000000 T _do_fork          <--- kptr is hidden even euid is root
  $ sudo cat /proc/kallsyms | grep do_fork
  ffffffff81080230 T _do_fork

See lib/vsprintf.c for kernel side code.

This patch fixes this problem by checking both uid and euid.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: He Kuang <hekuang@huawei.com>
Cc: Zefan Li <lizefan@huawei.com>
Cc: pi3orama@163.com
Link: http://lkml.kernel.org/r/20161115040617.69788-3-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/util/symbol.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index aecff69..420ada9 100644
--- a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -1962,7 +1962,7 @@ static bool symbol__read_kptr_restrict(void)
 		char line[8];
 
 		if (fgets(line, sizeof(line), fp) != NULL)
-			value = (geteuid() != 0) ?
+			value = ((geteuid() != 0) || (getuid() != 0)) ?
 					(atoi(line) != 0) :
 					(atoi(line) == 2);
 

  reply	other threads:[~2016-11-25 17:22 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-15  4:05 [PATCH 00/34] perf clang: Builtin clang and perfhook support Wang Nan
2016-11-15  4:05 ` [PATCH 01/34] perf tools: Fix kernel version error in ubuntu Wang Nan
2016-11-25 17:20   ` [tip:perf/core] " tip-bot for Wang Nan
2016-11-15  4:05 ` [PATCH 02/34] perf record: Fix segfault when running with suid and kptr_restrict is 1 Wang Nan
2016-11-25 17:21   ` tip-bot for Wang Nan [this message]
2016-11-15  4:05 ` [PATCH 03/34] tools perf: Add missing struct defeinition in probe_event.h Wang Nan
2016-11-25 17:21   ` [tip:perf/core] perf tools: Add missing struct definition " tip-bot for Wang Nan
2016-11-15  4:05 ` [PATCH 04/34] tools lib bpf: fix maps resolution Wang Nan
2016-11-25 17:22   ` [tip:perf/core] tools lib bpf: Fix " tip-bot for Eric Leblond
2016-11-15  4:05 ` [PATCH 05/34] tools lib bpf: Add missing bpf map functions Wang Nan
2016-11-17  3:23   ` Wangnan (F)
2016-11-25 14:31     ` Arnaldo Carvalho de Melo
2016-11-15  4:05 ` [PATCH 06/34] tools lib bpf: Add private field for bpf_object Wang Nan
2016-11-15  4:05 ` [PATCH 07/34] tools lib bpf: Retrive bpf_map through offset of bpf_map_def Wang Nan
2016-11-15  4:05 ` [PATCH 08/34] perf tools: Introduce perf hooks Wang Nan
2016-11-15  4:05 ` [PATCH 09/34] perf tools: Pass context to perf hook functions Wang Nan
2016-11-15  4:05 ` [PATCH 10/34] perf llvm: Extract helpers in llvm-utils.c Wang Nan
2016-11-15  4:05 ` [PATCH 11/34] tools build: Add feature detection for LLVM Wang Nan
2016-11-15  4:05 ` [PATCH 12/34] tools build: Add feature detection for clang Wang Nan
2016-11-15  4:05 ` [PATCH 13/34] perf build: Add clang and llvm compile and linking support Wang Nan
2016-11-15  4:05 ` [PATCH 14/34] perf clang: Add builtin clang support ant test case Wang Nan
2016-11-15  4:05 ` [PATCH 15/34] perf clang: Use real file system for #include Wang Nan
2016-11-15  4:05 ` [PATCH 16/34] perf clang: Allow passing CFLAGS to builtin clang Wang Nan
2016-11-15  4:06 ` [PATCH 17/34] perf clang: Update test case to use real BPF script Wang Nan
2016-11-15  4:06 ` [PATCH 18/34] perf clang: Support compile IR to BPF object and add testcase Wang Nan
2016-11-15  4:06 ` [PATCH 19/34] perf clang: Compile BPF script use builtin clang support Wang Nan
2016-11-15  4:06 ` [PATCH 20/34] perf clang: Pass full path to builtin clang Wang Nan
2016-11-15  4:06 ` [PATCH 21/34] perf clang: Pass CFLAGS " Wang Nan
2016-11-15  4:06 ` [PATCH 22/34] perf clang jit: Wrap llvm::Module using PerfModule Wang Nan
2016-11-15  4:06 ` [PATCH 23/34] perf clang jit: Insignt BPF and JIT functions in a Module Wang Nan
2016-11-15  4:06 ` [PATCH 24/34] perf clang jit: add PerfModule::doJIT to JIT perfhook functions Wang Nan
2016-11-15  4:06 ` [PATCH 25/34] perf clang jit: Export functions for jitted code Wang Nan
2016-11-15  4:06 ` [PATCH 26/34] perf clang jit: Actually JIT and hook in bpf loader Wang Nan
2016-11-15  4:06 ` [PATCH 27/34] perf clang jit: Collect the lowest address in maps section as map_base Wang Nan
2016-11-15  4:06 ` [PATCH 28/34] perf clang jit: Access BPF map Wang Nan
2016-11-15  4:06 ` [PATCH 29/34] perf clang jit: Allow jitted perf hook access BPF maps Wang Nan
2016-11-15  4:06 ` [PATCH 30/34] perf clang: Link BPF functions declaration into perf Wang Nan
2016-11-15  4:06 ` [PATCH 31/34] perf clang: Declare BPF functions for BPF scripts automatically Wang Nan
2016-11-15  4:06 ` [PATCH 32/34] perf clang: Include helpers to BPF scripts Wang Nan
2016-11-15  4:06 ` [PATCH 33/34] perf clang builtin: Define hook helpers by default Wang Nan
2016-11-15  4:06 ` [PATCH 34/34] perf clang git: Export getpid() to perf hook Wang Nan
2016-11-15  4:32 ` [PATCH 00/34] perf clang: Builtin clang and perfhook support Wangnan (F)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-3dbe46c5245f61328797738c6a0a6cd4bf921f61@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=acme@redhat.com \
    --cc=ast@fb.com \
    --cc=hekuang@huawei.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=lizefan@huawei.com \
    --cc=mingo@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=wangnan0@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).