From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Robert Richter <rric@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Igor Lubashev <ilubashe@akamai.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Song Liu <songliubraving@fb.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
linux-arm-kernel@lists.infradead.org, oprofile-list@lists.sf.net
Subject: [PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability
Date: Wed, 18 Dec 2019 12:16:58 +0300 [thread overview]
Message-ID: <c0460c78-b1a6-b5f7-7119-d97e5998f308@linux.intel.com> (raw)
Currently access to perf_events, i915_perf and other performance monitoring and
observability subsystems of the kernel is open for a privileged process [1] with
CAP_SYS_ADMIN capability enabled in the process effective set [2].
This patch set introduces CAP_SYS_PERFMON capability devoted to secure system
performance monitoring and observability operations so that CAP_SYS_PERFMON would
assist CAP_SYS_ADMIN capability in its governing role for perf_events, i915_perf
and other performance monitoring and observability subsystems of the kernel.
CAP_SYS_PERFMON intends to meet the demand to secure system performance monitoring
and observability operations in security sensitive, restricted, production
environments (e.g. HPC clusters, cloud and virtual compute environments) where root
or CAP_SYS_ADMIN credentials are not available to mass users of a system because
of security considerations.
CAP_SYS_PERFMON intends to harden system security and integrity during system
performance monitoring and observability operations by decreasing attack surface
that is available to CAP_SYS_ADMIN privileged processes [2].
CAP_SYS_PERFMON intends to take over CAP_SYS_ADMIN credentials related to system
performance monitoring and observability operations and balance amount of
CAP_SYS_ADMIN credentials following the recommendations in the capabilities man
page [2] for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to
kernel developers, below."
For backward compatibility reasons access to system performance monitoring and
observability subsystems of the kernel remains open for CAP_SYS_ADMIN privileged
processes but CAP_SYS_ADMIN capability usage for secure system performance
monitoring and observability operations is discouraged with respect to the
introduced CAP_SYS_PERFMON capability.
The patch set is for tip perf/core repository:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip perf/core
sha1: ceb9e77324fa661b1001a0ae66f061b5fcb4e4e6
---
Changes in v4:
- converted perfmon_capable() into an inline function
- made perf_events kprobes, uprobes, hw breakpoints and namespaces data available
to CAP_SYS_PERFMON privileged processes
- applied perfmon_capable() to drivers/perf and drivers/oprofile
- extended __cmd_ftrace() with support of CAP_SYS_PERFMON
Changes in v3:
- implemented perfmon_capable() macros aggregating required capabilities checks
Changes in v2:
- made perf_events trace points available to CAP_SYS_PERFMON privileged processes
- made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN
- applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system
performance monitoring and observability related subsystems
---
Alexey Budankov (9):
capabilities: introduce CAP_SYS_PERFMON to kernel and user space
perf/core: open access for CAP_SYS_PERFMON privileged process
perf tool: extend Perf tool with CAP_SYS_PERFMON capability support
drm/i915/perf: open access for CAP_SYS_PERFMON privileged process
trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process
powerpc/perf: open access for CAP_SYS_PERFMON privileged process
parisc/perf: open access for CAP_SYS_PERFMON privileged process
drivers/perf: open access for CAP_SYS_PERFMON privileged process
drivers/oprofile: open access for CAP_SYS_PERFMON privileged process
arch/parisc/kernel/perf.c | 2 +-
arch/powerpc/perf/imc-pmu.c | 4 ++--
drivers/gpu/drm/i915/i915_perf.c | 13 ++++++-------
drivers/oprofile/event_buffer.c | 2 +-
drivers/perf/arm_spe_pmu.c | 4 ++--
include/linux/capability.h | 4 ++++
include/linux/perf_event.h | 6 +++---
include/uapi/linux/capability.h | 8 +++++++-
kernel/events/core.c | 6 +++---
kernel/trace/bpf_trace.c | 2 +-
security/selinux/include/classmap.h | 4 ++--
tools/perf/builtin-ftrace.c | 5 +++--
tools/perf/design.txt | 3 ++-
tools/perf/util/cap.h | 4 ++++
tools/perf/util/evsel.c | 10 +++++-----
tools/perf/util/util.c | 1 +
16 files changed, 47 insertions(+), 31 deletions(-)
---
Testing and validation (Intel Skylake, 8 cores, Fedora 29, 5.4.0-rc8+, x86_64):
libcap library [3], [4] and Perf tool can be used to apply CAP_SYS_PERFMON
capability for secure system performance monitoring and observability beyond the
scope permitted by the system wide perf_event_paranoid kernel setting [5] and
below are the steps for evaluation:
- patch, build and boot the kernel
- patch, build Perf tool e.g. to /home/user/perf
...
# git clone git://git.kernel.org/pub/scm/libs/libcap/libcap.git libcap
# pushd libcap
# patch libcap/include/uapi/linux/capabilities.h with [PATCH 1]
# make
# pushd progs
# ./setcap "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
# ./setcap -v "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
/home/user/perf: OK
# ./getcap /home/user/perf
/home/user/perf = cap_sys_ptrace,cap_syslog,cap_sys_perfmon+ep
# echo 2 > /proc/sys/kernel/perf_event_paranoid
# cat /proc/sys/kernel/perf_event_paranoid
2
...
$ /home/user/perf top
... works as expected ...
$ cat /proc/`pidof perf`/status
Name: perf
Umask: 0002
State: S (sleeping)
Tgid: 2958
Ngid: 0
Pid: 2958
PPid: 9847
TracerPid: 0
Uid: 500 500 500 500
Gid: 500 500 500 500
FDSize: 256
...
CapInh: 0000000000000000
CapPrm: 0000004400080000
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
cap_sys_perfmon,cap_sys_ptrace,cap_syslog
CapBnd: 0000007fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: ff
Cpus_allowed_list: 0-7
...
Usage of cap_sys_perfmon effectively avoids unused credentials excess:
- with cap_sys_admin:
CapEff: 0000007fffffffff => 01111111 11111111 11111111 11111111 11111111
- with cap_sys_perfmon:
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
38 34 19
sys_perfmon syslog sys_ptrace
---
[1] https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
[2] http://man7.org/linux/man-pages/man7/capabilities.7.html
[3] http://man7.org/linux/man-pages/man8/setcap.8.html
[4] https://git.kernel.org/pub/scm/libs/libcap/libcap.git
[5] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
[6] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Robert Richter <rric@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Igor Lubashev <ilubashe@akamai.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Song Liu <songliubraving@fb.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>
Subject: [PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability
Date: Wed, 18 Dec 2019 12:16:58 +0300 [thread overview]
Message-ID: <c0460c78-b1a6-b5f7-7119-d97e5998f308@linux.intel.com> (raw)
Currently access to perf_events, i915_perf and other performance monitoring and
observability subsystems of the kernel is open for a privileged process [1] with
CAP_SYS_ADMIN capability enabled in the process effective set [2].
This patch set introduces CAP_SYS_PERFMON capability devoted to secure system
performance monitoring and observability operations so that CAP_SYS_PERFMON would
assist CAP_SYS_ADMIN capability in its governing role for perf_events, i915_perf
and other performance monitoring and observability subsystems of the kernel.
CAP_SYS_PERFMON intends to meet the demand to secure system performance monitoring
and observability operations in security sensitive, restricted, production
environments (e.g. HPC clusters, cloud and virtual compute environments) where root
or CAP_SYS_ADMIN credentials are not available to mass users of a system because
of security considerations.
CAP_SYS_PERFMON intends to harden system security and integrity during system
performance monitoring and observability operations by decreasing attack surface
that is available to CAP_SYS_ADMIN privileged processes [2].
CAP_SYS_PERFMON intends to take over CAP_SYS_ADMIN credentials related to system
performance monitoring and observability operations and balance amount of
CAP_SYS_ADMIN credentials following the recommendations in the capabilities man
page [2] for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to
kernel developers, below."
For backward compatibility reasons access to system performance monitoring and
observability subsystems of the kernel remains open for CAP_SYS_ADMIN privileged
processes but CAP_SYS_ADMIN capability usage for secure system performance
monitoring and observability operations is discouraged with respect to the
introduced CAP_SYS_PERFMON capability.
The patch set is for tip perf/core repository:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip perf/core
sha1: ceb9e77324fa661b1001a0ae66f061b5fcb4e4e6
---
Changes in v4:
- converted perfmon_capable() into an inline function
- made perf_events kprobes, uprobes, hw breakpoints and namespaces data available
to CAP_SYS_PERFMON privileged processes
- applied perfmon_capable() to drivers/perf and drivers/oprofile
- extended __cmd_ftrace() with support of CAP_SYS_PERFMON
Changes in v3:
- implemented perfmon_capable() macros aggregating required capabilities checks
Changes in v2:
- made perf_events trace points available to CAP_SYS_PERFMON privileged processes
- made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN
- applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system
performance monitoring and observability related subsystems
---
Alexey Budankov (9):
capabilities: introduce CAP_SYS_PERFMON to kernel and user space
perf/core: open access for CAP_SYS_PERFMON privileged process
perf tool: extend Perf tool with CAP_SYS_PERFMON capability support
drm/i915/perf: open access for CAP_SYS_PERFMON privileged process
trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process
powerpc/perf: open access for CAP_SYS_PERFMON privileged process
parisc/perf: open access for CAP_SYS_PERFMON privileged process
drivers/perf: open access for CAP_SYS_PERFMON privileged process
drivers/oprofile: open access for CAP_SYS_PERFMON privileged process
arch/parisc/kernel/perf.c | 2 +-
arch/powerpc/perf/imc-pmu.c | 4 ++--
drivers/gpu/drm/i915/i915_perf.c | 13 ++++++-------
drivers/oprofile/event_buffer.c | 2 +-
drivers/perf/arm_spe_pmu.c | 4 ++--
include/linux/capability.h | 4 ++++
include/linux/perf_event.h | 6 +++---
include/uapi/linux/capability.h | 8 +++++++-
kernel/events/core.c | 6 +++---
kernel/trace/bpf_trace.c | 2 +-
security/selinux/include/classmap.h | 4 ++--
tools/perf/builtin-ftrace.c | 5 +++--
tools/perf/design.txt | 3 ++-
tools/perf/util/cap.h | 4 ++++
tools/perf/util/evsel.c | 10 +++++-----
tools/perf/util/util.c | 1 +
16 files changed, 47 insertions(+), 31 deletions(-)
---
Testing and validation (Intel Skylake, 8 cores, Fedora 29, 5.4.0-rc8+, x86_64):
libcap library [3], [4] and Perf tool can be used to apply CAP_SYS_PERFMON
capability for secure system performance monitoring and observability beyond the
scope permitted by the system wide perf_event_paranoid kernel setting [5] and
below are the steps for evaluation:
- patch, build and boot the kernel
- patch, build Perf tool e.g. to /home/user/perf
...
# git clone git://git.kernel.org/pub/scm/libs/libcap/libcap.git libcap
# pushd libcap
# patch libcap/include/uapi/linux/capabilities.h with [PATCH 1]
# make
# pushd progs
# ./setcap "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
# ./setcap -v "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
/home/user/perf: OK
# ./getcap /home/user/perf
/home/user/perf = cap_sys_ptrace,cap_syslog,cap_sys_perfmon+ep
# echo 2 > /proc/sys/kernel/perf_event_paranoid
# cat /proc/sys/kernel/perf_event_paranoid
2
...
$ /home/user/perf top
... works as expected ...
$ cat /proc/`pidof perf`/status
Name: perf
Umask: 0002
State: S (sleeping)
Tgid: 2958
Ngid: 0
Pid: 2958
PPid: 9847
TracerPid: 0
Uid: 500 500 500 500
Gid: 500 500 500 500
FDSize: 256
...
CapInh: 0000000000000000
CapPrm: 0000004400080000
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
cap_sys_perfmon,cap_sys_ptrace,cap_syslog
CapBnd: 0000007fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: ff
Cpus_allowed_list: 0-7
...
Usage of cap_sys_perfmon effectively avoids unused credentials excess:
- with cap_sys_admin:
CapEff: 0000007fffffffff => 01111111 11111111 11111111 11111111 11111111
- with cap_sys_perfmon:
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
38 34 19
sys_perfmon syslog sys_ptrace
---
[1] https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
[2] http://man7.org/linux/man-pages/man7/capabilities.7.html
[3] http://man7.org/linux/man-pages/man8/setcap.8.html
[4] https://git.kernel.org/pub/scm/libs/libcap/libcap.git
[5] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
[6] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Robert Richter <rric@kernel.org>
Cc: Song Liu <songliubraving@fb.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Igor Lubashev <ilubashe@akamai.com>,
oprofile-list@lists.sf.net, Kees Cook <keescook@chromium.org>,
Jann Horn <jannh@google.com>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: [PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability
Date: Wed, 18 Dec 2019 12:16:58 +0300 [thread overview]
Message-ID: <c0460c78-b1a6-b5f7-7119-d97e5998f308@linux.intel.com> (raw)
Currently access to perf_events, i915_perf and other performance monitoring and
observability subsystems of the kernel is open for a privileged process [1] with
CAP_SYS_ADMIN capability enabled in the process effective set [2].
This patch set introduces CAP_SYS_PERFMON capability devoted to secure system
performance monitoring and observability operations so that CAP_SYS_PERFMON would
assist CAP_SYS_ADMIN capability in its governing role for perf_events, i915_perf
and other performance monitoring and observability subsystems of the kernel.
CAP_SYS_PERFMON intends to meet the demand to secure system performance monitoring
and observability operations in security sensitive, restricted, production
environments (e.g. HPC clusters, cloud and virtual compute environments) where root
or CAP_SYS_ADMIN credentials are not available to mass users of a system because
of security considerations.
CAP_SYS_PERFMON intends to harden system security and integrity during system
performance monitoring and observability operations by decreasing attack surface
that is available to CAP_SYS_ADMIN privileged processes [2].
CAP_SYS_PERFMON intends to take over CAP_SYS_ADMIN credentials related to system
performance monitoring and observability operations and balance amount of
CAP_SYS_ADMIN credentials following the recommendations in the capabilities man
page [2] for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to
kernel developers, below."
For backward compatibility reasons access to system performance monitoring and
observability subsystems of the kernel remains open for CAP_SYS_ADMIN privileged
processes but CAP_SYS_ADMIN capability usage for secure system performance
monitoring and observability operations is discouraged with respect to the
introduced CAP_SYS_PERFMON capability.
The patch set is for tip perf/core repository:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip perf/core
sha1: ceb9e77324fa661b1001a0ae66f061b5fcb4e4e6
---
Changes in v4:
- converted perfmon_capable() into an inline function
- made perf_events kprobes, uprobes, hw breakpoints and namespaces data available
to CAP_SYS_PERFMON privileged processes
- applied perfmon_capable() to drivers/perf and drivers/oprofile
- extended __cmd_ftrace() with support of CAP_SYS_PERFMON
Changes in v3:
- implemented perfmon_capable() macros aggregating required capabilities checks
Changes in v2:
- made perf_events trace points available to CAP_SYS_PERFMON privileged processes
- made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN
- applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system
performance monitoring and observability related subsystems
---
Alexey Budankov (9):
capabilities: introduce CAP_SYS_PERFMON to kernel and user space
perf/core: open access for CAP_SYS_PERFMON privileged process
perf tool: extend Perf tool with CAP_SYS_PERFMON capability support
drm/i915/perf: open access for CAP_SYS_PERFMON privileged process
trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process
powerpc/perf: open access for CAP_SYS_PERFMON privileged process
parisc/perf: open access for CAP_SYS_PERFMON privileged process
drivers/perf: open access for CAP_SYS_PERFMON privileged process
drivers/oprofile: open access for CAP_SYS_PERFMON privileged process
arch/parisc/kernel/perf.c | 2 +-
arch/powerpc/perf/imc-pmu.c | 4 ++--
drivers/gpu/drm/i915/i915_perf.c | 13 ++++++-------
drivers/oprofile/event_buffer.c | 2 +-
drivers/perf/arm_spe_pmu.c | 4 ++--
include/linux/capability.h | 4 ++++
include/linux/perf_event.h | 6 +++---
include/uapi/linux/capability.h | 8 +++++++-
kernel/events/core.c | 6 +++---
kernel/trace/bpf_trace.c | 2 +-
security/selinux/include/classmap.h | 4 ++--
tools/perf/builtin-ftrace.c | 5 +++--
tools/perf/design.txt | 3 ++-
tools/perf/util/cap.h | 4 ++++
tools/perf/util/evsel.c | 10 +++++-----
tools/perf/util/util.c | 1 +
16 files changed, 47 insertions(+), 31 deletions(-)
---
Testing and validation (Intel Skylake, 8 cores, Fedora 29, 5.4.0-rc8+, x86_64):
libcap library [3], [4] and Perf tool can be used to apply CAP_SYS_PERFMON
capability for secure system performance monitoring and observability beyond the
scope permitted by the system wide perf_event_paranoid kernel setting [5] and
below are the steps for evaluation:
- patch, build and boot the kernel
- patch, build Perf tool e.g. to /home/user/perf
...
# git clone git://git.kernel.org/pub/scm/libs/libcap/libcap.git libcap
# pushd libcap
# patch libcap/include/uapi/linux/capabilities.h with [PATCH 1]
# make
# pushd progs
# ./setcap "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
# ./setcap -v "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
/home/user/perf: OK
# ./getcap /home/user/perf
/home/user/perf = cap_sys_ptrace,cap_syslog,cap_sys_perfmon+ep
# echo 2 > /proc/sys/kernel/perf_event_paranoid
# cat /proc/sys/kernel/perf_event_paranoid
2
...
$ /home/user/perf top
... works as expected ...
$ cat /proc/`pidof perf`/status
Name: perf
Umask: 0002
State: S (sleeping)
Tgid: 2958
Ngid: 0
Pid: 2958
PPid: 9847
TracerPid: 0
Uid: 500 500 500 500
Gid: 500 500 500 500
FDSize: 256
...
CapInh: 0000000000000000
CapPrm: 0000004400080000
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
cap_sys_perfmon,cap_sys_ptrace,cap_syslog
CapBnd: 0000007fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: ff
Cpus_allowed_list: 0-7
...
Usage of cap_sys_perfmon effectively avoids unused credentials excess:
- with cap_sys_admin:
CapEff: 0000007fffffffff => 01111111 11111111 11111111 11111111 11111111
- with cap_sys_perfmon:
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
38 34 19
sys_perfmon syslog sys_ptrace
---
[1] https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
[2] http://man7.org/linux/man-pages/man7/capabilities.7.html
[3] http://man7.org/linux/man-pages/man8/setcap.8.html
[4] https://git.kernel.org/pub/scm/libs/libcap/libcap.git
[5] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
[6] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Robert Richter <rric@kernel.org>
Cc: Song Liu <songliubraving@fb.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Igor Lubashev <ilubashe@akamai.com>,
oprofile-list@lists.sf.net, Kees Cook <keescook@chromium.org>,
Jann Horn <jannh@google.com>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: [PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability
Date: Wed, 18 Dec 2019 12:16:58 +0300 [thread overview]
Message-ID: <c0460c78-b1a6-b5f7-7119-d97e5998f308@linux.intel.com> (raw)
Currently access to perf_events, i915_perf and other performance monitoring and
observability subsystems of the kernel is open for a privileged process [1] with
CAP_SYS_ADMIN capability enabled in the process effective set [2].
This patch set introduces CAP_SYS_PERFMON capability devoted to secure system
performance monitoring and observability operations so that CAP_SYS_PERFMON would
assist CAP_SYS_ADMIN capability in its governing role for perf_events, i915_perf
and other performance monitoring and observability subsystems of the kernel.
CAP_SYS_PERFMON intends to meet the demand to secure system performance monitoring
and observability operations in security sensitive, restricted, production
environments (e.g. HPC clusters, cloud and virtual compute environments) where root
or CAP_SYS_ADMIN credentials are not available to mass users of a system because
of security considerations.
CAP_SYS_PERFMON intends to harden system security and integrity during system
performance monitoring and observability operations by decreasing attack surface
that is available to CAP_SYS_ADMIN privileged processes [2].
CAP_SYS_PERFMON intends to take over CAP_SYS_ADMIN credentials related to system
performance monitoring and observability operations and balance amount of
CAP_SYS_ADMIN credentials following the recommendations in the capabilities man
page [2] for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to
kernel developers, below."
For backward compatibility reasons access to system performance monitoring and
observability subsystems of the kernel remains open for CAP_SYS_ADMIN privileged
processes but CAP_SYS_ADMIN capability usage for secure system performance
monitoring and observability operations is discouraged with respect to the
introduced CAP_SYS_PERFMON capability.
The patch set is for tip perf/core repository:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip perf/core
sha1: ceb9e77324fa661b1001a0ae66f061b5fcb4e4e6
---
Changes in v4:
- converted perfmon_capable() into an inline function
- made perf_events kprobes, uprobes, hw breakpoints and namespaces data available
to CAP_SYS_PERFMON privileged processes
- applied perfmon_capable() to drivers/perf and drivers/oprofile
- extended __cmd_ftrace() with support of CAP_SYS_PERFMON
Changes in v3:
- implemented perfmon_capable() macros aggregating required capabilities checks
Changes in v2:
- made perf_events trace points available to CAP_SYS_PERFMON privileged processes
- made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN
- applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system
performance monitoring and observability related subsystems
---
Alexey Budankov (9):
capabilities: introduce CAP_SYS_PERFMON to kernel and user space
perf/core: open access for CAP_SYS_PERFMON privileged process
perf tool: extend Perf tool with CAP_SYS_PERFMON capability support
drm/i915/perf: open access for CAP_SYS_PERFMON privileged process
trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process
powerpc/perf: open access for CAP_SYS_PERFMON privileged process
parisc/perf: open access for CAP_SYS_PERFMON privileged process
drivers/perf: open access for CAP_SYS_PERFMON privileged process
drivers/oprofile: open access for CAP_SYS_PERFMON privileged process
arch/parisc/kernel/perf.c | 2 +-
arch/powerpc/perf/imc-pmu.c | 4 ++--
drivers/gpu/drm/i915/i915_perf.c | 13 ++++++-------
drivers/oprofile/event_buffer.c | 2 +-
drivers/perf/arm_spe_pmu.c | 4 ++--
include/linux/capability.h | 4 ++++
include/linux/perf_event.h | 6 +++---
include/uapi/linux/capability.h | 8 +++++++-
kernel/events/core.c | 6 +++---
kernel/trace/bpf_trace.c | 2 +-
security/selinux/include/classmap.h | 4 ++--
tools/perf/builtin-ftrace.c | 5 +++--
tools/perf/design.txt | 3 ++-
tools/perf/util/cap.h | 4 ++++
tools/perf/util/evsel.c | 10 +++++-----
tools/perf/util/util.c | 1 +
16 files changed, 47 insertions(+), 31 deletions(-)
---
Testing and validation (Intel Skylake, 8 cores, Fedora 29, 5.4.0-rc8+, x86_64):
libcap library [3], [4] and Perf tool can be used to apply CAP_SYS_PERFMON
capability for secure system performance monitoring and observability beyond the
scope permitted by the system wide perf_event_paranoid kernel setting [5] and
below are the steps for evaluation:
- patch, build and boot the kernel
- patch, build Perf tool e.g. to /home/user/perf
...
# git clone git://git.kernel.org/pub/scm/libs/libcap/libcap.git libcap
# pushd libcap
# patch libcap/include/uapi/linux/capabilities.h with [PATCH 1]
# make
# pushd progs
# ./setcap "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
# ./setcap -v "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
/home/user/perf: OK
# ./getcap /home/user/perf
/home/user/perf = cap_sys_ptrace,cap_syslog,cap_sys_perfmon+ep
# echo 2 > /proc/sys/kernel/perf_event_paranoid
# cat /proc/sys/kernel/perf_event_paranoid
2
...
$ /home/user/perf top
... works as expected ...
$ cat /proc/`pidof perf`/status
Name: perf
Umask: 0002
State: S (sleeping)
Tgid: 2958
Ngid: 0
Pid: 2958
PPid: 9847
TracerPid: 0
Uid: 500 500 500 500
Gid: 500 500 500 500
FDSize: 256
...
CapInh: 0000000000000000
CapPrm: 0000004400080000
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
cap_sys_perfmon,cap_sys_ptrace,cap_syslog
CapBnd: 0000007fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: ff
Cpus_allowed_list: 0-7
...
Usage of cap_sys_perfmon effectively avoids unused credentials excess:
- with cap_sys_admin:
CapEff: 0000007fffffffff => 01111111 11111111 11111111 11111111 11111111
- with cap_sys_perfmon:
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
38 34 19
sys_perfmon syslog sys_ptrace
---
[1] https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
[2] http://man7.org/linux/man-pages/man7/capabilities.7.html
[3] http://man7.org/linux/man-pages/man8/setcap.8.html
[4] https://git.kernel.org/pub/scm/libs/libcap/libcap.git
[5] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
[6] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Budankov <alexey.budankov@linux.intel.com>
To: Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
"jani.nikula@linux.intel.com" <jani.nikula@linux.intel.com>,
"joonas.lahtinen@linux.intel.com"
<joonas.lahtinen@linux.intel.com>,
"rodrigo.vivi@intel.com" <rodrigo.vivi@intel.com>,
Alexei Starovoitov <ast@kernel.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
"james.bottomley@hansenpartnership.com"
<james.bottomley@hansenpartnership.com>,
Serge Hallyn <serge@hallyn.com>, James Morris <jmorris@namei.org>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Robert Richter <rric@kernel.org>
Cc: Song Liu <songliubraving@fb.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Stephane Eranian <eranian@google.com>,
Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
Igor Lubashev <ilubashe@akamai.com>,
oprofile-list@lists.sf.net, Kees Cook <keescook@chromium.org>,
Jann Horn <jannh@google.com>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
Namhyung Kim <namhyung@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"linux-perf-users@vger.kernel.org"
<linux-perf-users@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: [Intel-gfx] [PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability
Date: Wed, 18 Dec 2019 12:16:58 +0300 [thread overview]
Message-ID: <c0460c78-b1a6-b5f7-7119-d97e5998f308@linux.intel.com> (raw)
Currently access to perf_events, i915_perf and other performance monitoring and
observability subsystems of the kernel is open for a privileged process [1] with
CAP_SYS_ADMIN capability enabled in the process effective set [2].
This patch set introduces CAP_SYS_PERFMON capability devoted to secure system
performance monitoring and observability operations so that CAP_SYS_PERFMON would
assist CAP_SYS_ADMIN capability in its governing role for perf_events, i915_perf
and other performance monitoring and observability subsystems of the kernel.
CAP_SYS_PERFMON intends to meet the demand to secure system performance monitoring
and observability operations in security sensitive, restricted, production
environments (e.g. HPC clusters, cloud and virtual compute environments) where root
or CAP_SYS_ADMIN credentials are not available to mass users of a system because
of security considerations.
CAP_SYS_PERFMON intends to harden system security and integrity during system
performance monitoring and observability operations by decreasing attack surface
that is available to CAP_SYS_ADMIN privileged processes [2].
CAP_SYS_PERFMON intends to take over CAP_SYS_ADMIN credentials related to system
performance monitoring and observability operations and balance amount of
CAP_SYS_ADMIN credentials following the recommendations in the capabilities man
page [2] for CAP_SYS_ADMIN: "Note: this capability is overloaded; see Notes to
kernel developers, below."
For backward compatibility reasons access to system performance monitoring and
observability subsystems of the kernel remains open for CAP_SYS_ADMIN privileged
processes but CAP_SYS_ADMIN capability usage for secure system performance
monitoring and observability operations is discouraged with respect to the
introduced CAP_SYS_PERFMON capability.
The patch set is for tip perf/core repository:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip perf/core
sha1: ceb9e77324fa661b1001a0ae66f061b5fcb4e4e6
---
Changes in v4:
- converted perfmon_capable() into an inline function
- made perf_events kprobes, uprobes, hw breakpoints and namespaces data available
to CAP_SYS_PERFMON privileged processes
- applied perfmon_capable() to drivers/perf and drivers/oprofile
- extended __cmd_ftrace() with support of CAP_SYS_PERFMON
Changes in v3:
- implemented perfmon_capable() macros aggregating required capabilities checks
Changes in v2:
- made perf_events trace points available to CAP_SYS_PERFMON privileged processes
- made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN
- applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system
performance monitoring and observability related subsystems
---
Alexey Budankov (9):
capabilities: introduce CAP_SYS_PERFMON to kernel and user space
perf/core: open access for CAP_SYS_PERFMON privileged process
perf tool: extend Perf tool with CAP_SYS_PERFMON capability support
drm/i915/perf: open access for CAP_SYS_PERFMON privileged process
trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process
powerpc/perf: open access for CAP_SYS_PERFMON privileged process
parisc/perf: open access for CAP_SYS_PERFMON privileged process
drivers/perf: open access for CAP_SYS_PERFMON privileged process
drivers/oprofile: open access for CAP_SYS_PERFMON privileged process
arch/parisc/kernel/perf.c | 2 +-
arch/powerpc/perf/imc-pmu.c | 4 ++--
drivers/gpu/drm/i915/i915_perf.c | 13 ++++++-------
drivers/oprofile/event_buffer.c | 2 +-
drivers/perf/arm_spe_pmu.c | 4 ++--
include/linux/capability.h | 4 ++++
include/linux/perf_event.h | 6 +++---
include/uapi/linux/capability.h | 8 +++++++-
kernel/events/core.c | 6 +++---
kernel/trace/bpf_trace.c | 2 +-
security/selinux/include/classmap.h | 4 ++--
tools/perf/builtin-ftrace.c | 5 +++--
tools/perf/design.txt | 3 ++-
tools/perf/util/cap.h | 4 ++++
tools/perf/util/evsel.c | 10 +++++-----
tools/perf/util/util.c | 1 +
16 files changed, 47 insertions(+), 31 deletions(-)
---
Testing and validation (Intel Skylake, 8 cores, Fedora 29, 5.4.0-rc8+, x86_64):
libcap library [3], [4] and Perf tool can be used to apply CAP_SYS_PERFMON
capability for secure system performance monitoring and observability beyond the
scope permitted by the system wide perf_event_paranoid kernel setting [5] and
below are the steps for evaluation:
- patch, build and boot the kernel
- patch, build Perf tool e.g. to /home/user/perf
...
# git clone git://git.kernel.org/pub/scm/libs/libcap/libcap.git libcap
# pushd libcap
# patch libcap/include/uapi/linux/capabilities.h with [PATCH 1]
# make
# pushd progs
# ./setcap "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
# ./setcap -v "cap_sys_perfmon,cap_sys_ptrace,cap_syslog=ep" /home/user/perf
/home/user/perf: OK
# ./getcap /home/user/perf
/home/user/perf = cap_sys_ptrace,cap_syslog,cap_sys_perfmon+ep
# echo 2 > /proc/sys/kernel/perf_event_paranoid
# cat /proc/sys/kernel/perf_event_paranoid
2
...
$ /home/user/perf top
... works as expected ...
$ cat /proc/`pidof perf`/status
Name: perf
Umask: 0002
State: S (sleeping)
Tgid: 2958
Ngid: 0
Pid: 2958
PPid: 9847
TracerPid: 0
Uid: 500 500 500 500
Gid: 500 500 500 500
FDSize: 256
...
CapInh: 0000000000000000
CapPrm: 0000004400080000
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
cap_sys_perfmon,cap_sys_ptrace,cap_syslog
CapBnd: 0000007fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: ff
Cpus_allowed_list: 0-7
...
Usage of cap_sys_perfmon effectively avoids unused credentials excess:
- with cap_sys_admin:
CapEff: 0000007fffffffff => 01111111 11111111 11111111 11111111 11111111
- with cap_sys_perfmon:
CapEff: 0000004400080000 => 01000100 00000000 00001000 00000000 00000000
38 34 19
sys_perfmon syslog sys_ptrace
---
[1] https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
[2] http://man7.org/linux/man-pages/man7/capabilities.7.html
[3] http://man7.org/linux/man-pages/man8/setcap.8.html
[4] https://git.kernel.org/pub/scm/libs/libcap/libcap.git
[5] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
[6] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
--
2.20.1
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next reply other threads:[~2019-12-18 9:18 UTC|newest]
Thread overview: 148+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 9:16 Alexey Budankov [this message]
2019-12-18 9:16 ` [Intel-gfx] [PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability Alexey Budankov
2019-12-18 9:16 ` Alexey Budankov
2019-12-18 9:16 ` Alexey Budankov
2019-12-18 9:16 ` Alexey Budankov
2019-12-18 9:24 ` [PATCH v4 1/9] capabilities: introduce CAP_SYS_PERFMON to kernel and user space Alexey Budankov
2019-12-18 9:24 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:24 ` Alexey Budankov
2019-12-18 9:24 ` Alexey Budankov
2019-12-18 9:24 ` Alexey Budankov
2019-12-18 19:56 ` Stephen Smalley
2019-12-18 19:56 ` [Intel-gfx] " Stephen Smalley
2019-12-18 19:56 ` Stephen Smalley
2019-12-18 19:56 ` Stephen Smalley
2019-12-18 19:56 ` Stephen Smalley
2019-12-28 3:53 ` Serge E. Hallyn
2019-12-28 3:53 ` [Intel-gfx] " Serge E. Hallyn
2019-12-28 3:53 ` Serge E. Hallyn
2019-12-28 3:53 ` Serge E. Hallyn
2020-01-13 20:25 ` Song Liu
2020-01-13 20:25 ` [Intel-gfx] " Song Liu
2020-01-13 20:25 ` Song Liu
2020-01-13 20:25 ` Song Liu
2019-12-18 9:25 ` [PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process Alexey Budankov
2019-12-18 9:25 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:25 ` Alexey Budankov
2019-12-18 9:25 ` Alexey Budankov
2019-12-18 9:25 ` Alexey Budankov
2020-01-08 16:07 ` Peter Zijlstra
2020-01-08 16:07 ` [Intel-gfx] " Peter Zijlstra
2020-01-08 16:07 ` Peter Zijlstra
2020-01-08 16:07 ` Peter Zijlstra
2020-01-08 16:07 ` Peter Zijlstra
2020-01-09 11:36 ` Alexey Budankov
2020-01-09 11:36 ` [Intel-gfx] " Alexey Budankov
2020-01-09 11:36 ` Alexey Budankov
2020-01-09 11:36 ` Alexey Budankov
2020-01-09 11:36 ` Alexey Budankov
2020-01-10 14:02 ` Peter Zijlstra
2020-01-10 14:02 ` [Intel-gfx] " Peter Zijlstra
2020-01-10 14:02 ` Peter Zijlstra
2020-01-10 14:02 ` Peter Zijlstra
2020-01-10 15:52 ` Masami Hiramatsu
2020-01-10 15:52 ` [Intel-gfx] " Masami Hiramatsu
2020-01-10 15:52 ` Masami Hiramatsu
2020-01-10 15:52 ` Masami Hiramatsu
2020-01-10 16:45 ` Arnaldo Carvalho de Melo
2020-01-10 16:45 ` [Intel-gfx] " Arnaldo Carvalho de Melo
2020-01-10 16:45 ` Arnaldo Carvalho de Melo
2020-01-10 16:45 ` Arnaldo Carvalho de Melo
2020-01-10 23:47 ` Masami Hiramatsu
2020-01-10 23:47 ` [Intel-gfx] " Masami Hiramatsu
2020-01-10 23:47 ` Masami Hiramatsu
2020-01-10 23:47 ` Masami Hiramatsu
2020-01-11 0:23 ` Song Liu
2020-01-11 0:23 ` [Intel-gfx] " Song Liu
2020-01-11 0:23 ` Song Liu
2020-01-11 0:23 ` Song Liu
2020-01-11 0:35 ` arnaldo.melo
2020-01-11 0:35 ` [Intel-gfx] " arnaldo.melo
2020-01-11 9:57 ` Alexey Budankov
2020-01-13 20:39 ` Song Liu
2020-01-14 3:25 ` Masami Hiramatsu
2020-01-14 5:17 ` Alexei Starovoitov
2020-01-14 9:47 ` Alexey Budankov
2020-01-14 18:06 ` Alexei Starovoitov
2020-01-14 18:50 ` Alexey Budankov
2020-01-15 1:52 ` Alexei Starovoitov
2020-01-15 5:15 ` Alexey Budankov
2020-04-01 20:50 ` Alexey Budankov
2020-04-03 13:55 ` Alexey Budankov
2020-04-03 13:56 ` Alexey Budankov
2020-01-15 9:45 ` Masami Hiramatsu
2020-01-15 12:11 ` Alexey Budankov
2020-01-14 12:04 ` Masami Hiramatsu
2020-01-12 1:44 ` Masami Hiramatsu
2020-01-12 1:44 ` [Intel-gfx] " Masami Hiramatsu
2020-01-12 1:44 ` Masami Hiramatsu
2020-01-10 16:41 ` Alexey Budankov
2020-01-10 16:41 ` [Intel-gfx] " Alexey Budankov
2020-01-10 16:41 ` Alexey Budankov
2020-01-10 16:41 ` Alexey Budankov
2020-01-10 17:34 ` Alexey Budankov
2020-01-10 17:34 ` [Intel-gfx] " Alexey Budankov
2020-01-10 17:34 ` Alexey Budankov
2020-01-10 17:34 ` Alexey Budankov
2020-04-01 20:49 ` Alexey Budankov
2020-04-03 14:28 ` Alexey Budankov
2019-12-18 9:26 ` [PATCH v4 3/9] perf tool: extend Perf tool with CAP_SYS_PERFMON capability support Alexey Budankov
2019-12-18 9:26 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:26 ` Alexey Budankov
2019-12-18 9:26 ` Alexey Budankov
2019-12-18 9:26 ` Alexey Budankov
2019-12-18 9:27 ` [PATCH v4 4/9] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process Alexey Budankov
2019-12-18 9:27 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:27 ` Alexey Budankov
2019-12-18 9:27 ` Alexey Budankov
2019-12-18 9:27 ` Alexey Budankov
2019-12-19 9:10 ` Lionel Landwerlin
2019-12-19 9:10 ` [Intel-gfx] " Lionel Landwerlin
2019-12-19 9:10 ` Lionel Landwerlin
2019-12-19 9:10 ` Lionel Landwerlin
2019-12-19 9:10 ` Lionel Landwerlin
2019-12-18 9:28 ` [PATCH v4 5/9] trace/bpf_trace: " Alexey Budankov
2019-12-18 9:28 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:28 ` Alexey Budankov
2019-12-18 9:28 ` Alexey Budankov
2019-12-18 9:28 ` Alexey Budankov
2020-01-13 20:47 ` Song Liu
2020-01-13 20:47 ` [Intel-gfx] " Song Liu
2020-01-13 20:47 ` Song Liu
2020-01-13 20:47 ` Song Liu
2019-12-18 9:28 ` [PATCH v4 6/9] powerpc/perf: " Alexey Budankov
2019-12-18 9:28 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:28 ` Alexey Budankov
2019-12-18 9:28 ` Alexey Budankov
2019-12-18 9:28 ` Alexey Budankov
2019-12-18 9:29 ` [PATCH v4 7/9] parisc/perf: " Alexey Budankov
2019-12-18 9:29 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:29 ` Alexey Budankov
2019-12-18 9:29 ` Alexey Budankov
2019-12-18 9:29 ` Alexey Budankov
2020-01-27 8:52 ` Helge Deller
2020-01-27 8:52 ` [Intel-gfx] " Helge Deller
2020-01-27 8:52 ` Helge Deller
2020-01-27 8:52 ` Helge Deller
2020-01-27 8:52 ` Helge Deller
2019-12-18 9:30 ` [PATCH v4 8/9] drivers/perf: " Alexey Budankov
2019-12-18 9:30 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:30 ` Alexey Budankov
2019-12-18 9:30 ` Alexey Budankov
2019-12-18 9:30 ` Alexey Budankov
2020-01-17 10:51 ` Will Deacon
2020-01-17 10:51 ` [Intel-gfx] " Will Deacon
2020-01-17 10:51 ` Will Deacon
2020-01-17 10:51 ` Will Deacon
2020-01-17 21:33 ` Alexey Budankov
2020-01-17 21:33 ` [Intel-gfx] " Alexey Budankov
2020-01-17 21:33 ` Alexey Budankov
2020-01-17 21:33 ` Alexey Budankov
2020-01-18 18:48 ` Alexey Budankov
2020-01-18 18:48 ` Alexey Budankov
2019-12-18 9:31 ` [PATCH v4 9/9] drivers/oprofile: " Alexey Budankov
2019-12-18 9:31 ` [Intel-gfx] " Alexey Budankov
2019-12-18 9:31 ` Alexey Budankov
2019-12-18 9:31 ` Alexey Budankov
2019-12-18 9:31 ` Alexey Budankov
2019-12-18 10:11 ` [Intel-gfx] ✗ Fi.CI.BUILD: failure for Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability (rev3) Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c0460c78-b1a6-b5f7-7119-d97e5998f308@linux.intel.com \
--to=alexey.budankov@linux.intel.com \
--cc=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=ast@kernel.org \
--cc=benh@kernel.crashing.org \
--cc=bpf@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=eranian@google.com \
--cc=ilubashe@akamai.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=james.bottomley@hansenpartnership.com \
--cc=jani.nikula@linux.intel.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=jolsa@redhat.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lionel.g.landwerlin@intel.com \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=oprofile-list@lists.sf.net \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=rodrigo.vivi@intel.com \
--cc=rric@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=songliubraving@fb.com \
--cc=tglx@linutronix.de \
--cc=tvrtko.ursulin@linux.intel.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.