Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1323999imm; Tue, 22 May 2018 02:07:53 -0700 (PDT) X-Google-Smtp-Source: AB8JxZofA8sjrrMqXbUib9/0DQPCUaoRQaYegB30YSWfD3DAqfPoQE2MaTN4Q3XcgzFM/t91SqZi X-Received: by 2002:a63:7905:: with SMTP id u5-v6mr7500796pgc.411.1526980073539; Tue, 22 May 2018 02:07:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526980073; cv=none; d=google.com; s=arc-20160816; b=L0kmhR/XkA7wE88AzRQaIVxZuVyG5xWVUtu4pvBvNTxt4WnL2iK1JrF/q+9EkIw04e QzTEsOPzSQqNoaYXddP4fCXv+IFmEOUno8WGhImRtAz7jnh3DgiHzpCosrm74SNSZF5F hD5Mba8H95N6lCrAiV6pmXD++UPnL5H4yBTYKnIHWi/WJRWQwImwZZ5ljwwgcu3wnUya iPk8hk3ff0GVkZH6XizrHET4fB8Huk9zG1eO0SYk7slwgvkemnK4EHKdk7hnaZz2E/a6 mSKB2ZzvnAexF2809HEfuA4tGu0X8BdogQyMhMWodLzWFhNXxuKlXTUemznTIrftTlxY yfOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=gPhAB0wmoAKNhdICex+7+PvS0ay/k7KUQQWx7zCsEBs=; b=zkY+dCM52jkaslm7Hqhjq5UtPT2S98CnXAtKRuqEovijR+VEGl3x0xj4sOginS47SW qijstJMZR1T7cLvL0cllrInGU+aQ2tdfD67tyR9qJmmD5uyeK6yef1apF4nD8OML67r6 RLGzs2R1kDNrWQfvKuRhMpQCh7QNKR4/1coeLz/7CD4KbmwZkYCtIuIFtZqLufgYSSzy xXSnFOP3DPyFzs/e9wVgsrnoLzv0omnLqrl3NaSw+Npx76ecvrl/Eq9xzcp+CxKF373c z9VMNSk/if9tJhD3GQIJbOcokuQswCf9UfEEOzo+1xZtg/8Ss+k2bRr0FPboVOsyn3GI 9akg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=Zdt3BgBb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r87-v6si16340900pfg.305.2018.05.22.02.07.38; Tue, 22 May 2018 02:07:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=Zdt3BgBb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751538AbeEVJGF (ORCPT + 99 others); Tue, 22 May 2018 05:06:05 -0400 Received: from merlin.infradead.org ([205.233.59.134]:52312 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751229AbeEVJGB (ORCPT ); Tue, 22 May 2018 05:06:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gPhAB0wmoAKNhdICex+7+PvS0ay/k7KUQQWx7zCsEBs=; b=Zdt3BgBbSOOXIw3qywKWxr1Bb wy5CvfIq9Ai3w2nwZybImNP/jaiNUS/5tm7tOR7R1Mnzm0vHbQgZv/tXeBu14lZzKv6HXBgqGOmhu rsgPkYYWGSx/Bq/93iydJms8AEgtRMIdgmaQlcCXf4UI8L5+1lzmbISNoXcfAlVt2nyK1d+EvqKS7 h45MLXipi55S3+YUefnPuZosaheLeDFc6EIAeNwkDoJc2STZSAlEPvwYfLRsmOe3bk0qle5UJjwX+ bbBGId8/274Hy6zPXaUqphPOGUCXw8PmGnAe3TzZdyhj8Lur6vioXox4IORnPCROwHFksr6vY9+tJ TjttCS/Hw==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux)) id 1fL3EW-0003qA-O0; Tue, 22 May 2018 09:05:29 +0000 Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 21F1A2029F1C1; Tue, 22 May 2018 11:05:27 +0200 (CEST) Date: Tue, 22 May 2018 11:05:27 +0200 From: Peter Zijlstra To: Tvrtko Ursulin Cc: linux-kernel@vger.kernel.org, Tvrtko Ursulin , Ingo Molnar , Arnaldo Carvalho de Melo , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Mark Rutland Subject: Re: [RFC] perf: Allow fine-grained PMU access control Message-ID: <20180522090527.GP12198@hirez.programming.kicks-ass.net> References: <20180521092549.5349-1-tvrtko.ursulin@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180521092549.5349-1-tvrtko.ursulin@linux.intel.com> User-Agent: Mutt/1.9.5 (2018-04-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 21, 2018 at 10:25:49AM +0100, Tvrtko Ursulin wrote: > From: Tvrtko Ursulin > > For situations where sysadmins might want to allow different level of > of access control for different PMUs, we start creating per-PMU > perf_event_paranoid controls in sysfs. Could you explain how exactly this makes sense? For example, how does it make sense for one PMU to reveal kernel data while another PMU is not allowed. Once you allow one PMU to do so, the secret is out. So please explain, in excruciating detail, how you want to use this and how exactly that makes sense from a security pov. > These work in equivalent fashion as the existing perf_event_paranoid > sysctl, which now becomes the parent control for each PMU. > > On PMU registration the global/parent value will be inherited by each PMU, > as it will be propagated to all registered PMUs when the sysctl is > updated. > > At any later point individual PMU access controls, located in > /device//perf_event_paranoid, can be adjusted to achieve > fine grained access control. >