Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp5278068imm; Tue, 26 Jun 2018 08:38:31 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLQ8SXqviGyGUZQrdo/ZCiE1XmImLDvN81CX6KK+dbSHkdCZ2yTyd4XKxMV4xbaKReXczD9 X-Received: by 2002:a17:902:9a8a:: with SMTP id w10-v6mr2137591plp.333.1530027511113; Tue, 26 Jun 2018 08:38:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530027511; cv=none; d=google.com; s=arc-20160816; b=Fm0Ex/Mcx+uNr8zeXfDpx1UX6J1Wq7Bu6gJc8CoDzRonYClLZ07kG1/6WI34vlbmgN l+i2d8M7wOzPWV2ZBgkexA73Vz+19AoCoHdW/DwToI3cRHC2W1M23EMcAIBiIFeSlnfb aesysDUzySxmnp4uI0xGpsCU6OaF3b2P6Eu4JIx/AaYMO8i1QUoVVZKhpmSlsekhJs3S nqB+v/XcTc+S+TDcLZcTrpNFF6mc9oaTUGNfVrYAzUbSGtsLXriKBxHXv7rvzehkuLXA 20jxfayf/cs/j8klfR2anmYQiC8olPteB1uTXA9RJ62adz4PMskpZI0K/NcLdW5dezqH ZHVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=5tcfLx0xi3PDdpIUWtJ4i3RUXH3rng78vOaEle6+ojY=; b=OAPDSuzSmf4/joAqXZtrTfnn8OjTfuuF2WmW23TcyBN4rc3uV8K/qKb0rzMHjTmIeQ ZQg6ByhF8uujadLNQjUOCRBOSQFQo/xYl3a5qmXwNQKvki8POhBquEN49xmlkL9GjL7R T7jWtmehtx+rmp39ssn1GesXIikuAfvJcJJn5hsQBa84REa5QqvWlN4QMhCdm8zTFvuD 2esbDFGt4k5Fm+WCasv5QOAk1FRc4dDoe+i01dpKquXQOBMX2O6KzWjkG0knmrkqjddr pKsj7WIYw6JfB8Kp9j4DeD/HxfxCnr74MtWFDhtbe6LDeBK33/6eV1AtkoaxOGPLCrm0 /jww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ursulin-net.20150623.gappssmtp.com header.s=20150623 header.b=iGwve+Mk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a20-v6si1528792pga.70.2018.06.26.08.38.16; Tue, 26 Jun 2018 08:38:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ursulin-net.20150623.gappssmtp.com header.s=20150623 header.b=iGwve+Mk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752159AbeFZPhV (ORCPT + 99 others); Tue, 26 Jun 2018 11:37:21 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:44251 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751558AbeFZPhS (ORCPT ); Tue, 26 Jun 2018 11:37:18 -0400 Received: by mail-wr0-f195.google.com with SMTP id p12-v6so16088182wrn.11 for ; Tue, 26 Jun 2018 08:37:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ursulin-net.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5tcfLx0xi3PDdpIUWtJ4i3RUXH3rng78vOaEle6+ojY=; b=iGwve+MkUPU5fpQDJ+NXjxhbU5Tx9LsHz8qSyTSBR03KnoOFfhp3HslA9gn+dXHUhD gWHOL37DrKNhJBXF+995Zw8mtUe2J1o6aIt86XxQaFabQsiBwGBNk2+EteoC8iLj4Bxe F9jZDP7hHeieXq3hcq5itXg/f+RjvQwJH8a5PYKMVM3npSca96gBuNXMx35z8cY7pt3j oO63FdYykf/dIPkOuLziqll5g4RTF9TH56rh9t1tq4nVDSsuXSsOcvXTvBPyIzOBTXyn 9n2xJuX5+4x9GTFKokaR0A033hgcSPdBM1Npy6p5ZwwyLL1G4G8Hak3VzeZqkIP8mIcQ 9myg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5tcfLx0xi3PDdpIUWtJ4i3RUXH3rng78vOaEle6+ojY=; b=dgi4VNerZWdzcdHuAO5gLoF/gXhuqqshhTAJqOdkwzP7RMqatKtVam+vGoX0m957a+ 0P20lMlcEgIa2aYzUs8ayXevoJ/hl3gSF3BMCdFC3a4jVvCSkn92ZAUkAGvqi1Sy2fYY 6ULDzctLuhV7uAdeBznBZTqMTvNWHQBXj5UNIuT5cqqTZod8BULqw+OhtO3Z6U5aGpLd 7ThnW3SpD6iHIHW2/CyMZFC1cuFUehIkqDy1GST8wYenY1tfDJRT23fMKAvtC39/kR1A O/aNqJ04Ck/sykyWxfQrgL+nOYg+SBEBK6wppfW+hehjFvd0KJkppo/a5GwquJl48VGq j4nA== X-Gm-Message-State: APt69E2sx+C9q2sZwMXz5fOmLyNEGcAuQa/ext4prununagBjbGgvOzj fqKi3dGOA9AVVo78zZwnfOM3xWSn X-Received: by 2002:adf:9487:: with SMTP id 7-v6mr2041642wrr.82.1530027436930; Tue, 26 Jun 2018 08:37:16 -0700 (PDT) Received: from localhost.localdomain ([95.146.151.144]) by smtp.gmail.com with ESMTPSA id l84-v6sm3411176wmi.3.2018.06.26.08.37.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Jun 2018 08:37:16 -0700 (PDT) From: Tvrtko Ursulin X-Google-Original-From: Tvrtko Ursulin To: linux-kernel@vger.kernel.org Cc: Tvrtko Ursulin , Thomas Gleixner , Peter Zijlstra , Ingo Molnar , "H. Peter Anvin" , Arnaldo Carvalho de Melo , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Madhavan Srinivasan , Andi Kleen , Alexey Budankov , x86@kernel.org Subject: [RFC 1/4] perf: Move some access checks later in perf_event_open Date: Tue, 26 Jun 2018 16:36:39 +0100 Message-Id: <20180626153642.5587-2-tvrtko.ursulin@linux.intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180626153642.5587-1-tvrtko.ursulin@linux.intel.com> References: <20180626153642.5587-1-tvrtko.ursulin@linux.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tvrtko Ursulin To enable per-PMU access controls in a following patch first move all call sites of perf_paranoid_kernel() to after the event has been created. Signed-off-by: Tvrtko Ursulin Cc: Thomas Gleixner Cc: Peter Zijlstra Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Namhyung Kim Cc: Madhavan Srinivasan Cc: Andi Kleen Cc: Alexey Budankov Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org --- kernel/events/core.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index f490caca9aa4..12de95b0472e 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -10189,10 +10189,6 @@ static int perf_copy_attr(struct perf_event_attr __user *uattr, */ attr->branch_sample_type = mask; } - /* privileged levels capture (kernel, hv): check permissions */ - if ((mask & PERF_SAMPLE_BRANCH_PERM_PLM) - && perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) - return -EACCES; } if (attr->sample_type & PERF_SAMPLE_REGS_USER) { @@ -10409,11 +10405,6 @@ SYSCALL_DEFINE5(perf_event_open, if (err) return err; - if (!attr.exclude_kernel) { - if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) - return -EACCES; - } - if (attr.namespaces) { if (!capable(CAP_SYS_ADMIN)) return -EACCES; @@ -10427,11 +10418,6 @@ SYSCALL_DEFINE5(perf_event_open, return -EINVAL; } - /* Only privileged users can get physical addresses */ - if ((attr.sample_type & PERF_SAMPLE_PHYS_ADDR) && - perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) - return -EACCES; - /* * In cgroup mode, the pid argument is used to pass the fd * opened to the cgroup directory in cgroupfs. The cpu argument @@ -10501,6 +10487,28 @@ SYSCALL_DEFINE5(perf_event_open, goto err_cred; } + if (!attr.exclude_kernel) { + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) { + err = -EACCES; + goto err_alloc; + } + } + + /* Only privileged users can get physical addresses */ + if ((attr.sample_type & PERF_SAMPLE_PHYS_ADDR) && + perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) { + err = -EACCES; + goto err_alloc; + } + + /* privileged levels capture (kernel, hv): check permissions */ + if ((attr.sample_type & PERF_SAMPLE_BRANCH_STACK) && + (attr.branch_sample_type & PERF_SAMPLE_BRANCH_PERM_PLM) && + perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) { + err = -EACCES; + goto err_alloc; + } + if (is_sampling_event(event)) { if (event->pmu->capabilities & PERF_PMU_CAP_NO_INTERRUPT) { err = -EOPNOTSUPP; -- 2.17.1