Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1211405imm; Tue, 2 Oct 2018 04:47:11 -0700 (PDT) X-Google-Smtp-Source: ACcGV63yxMr5vg3kS6V02DXODxZWbLYhVni26lcoKMtylexOAy16drA4r0Cm8eKb/f8l/IRYSU+i X-Received: by 2002:a63:9612:: with SMTP id c18-v6mr13765375pge.21.1538480831682; Tue, 02 Oct 2018 04:47:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538480831; cv=none; d=google.com; s=arc-20160816; b=VsCQ2fcH0bRcxiV78hO91qCt0nSdru48vh+2KYLEJcptqu7eKcdKRgi7L9M2J+V5Ck 7F0X/gj+Vly/P12YvoVf8y7heMtYCwe0J7plpBwtcJZTJUz9K/jzwWLXR+dXv/vb5WBz tAEwZUvPH1J57OsWouWf5F2UsF+5cYD6abVWZj+S7sKVhq20SO1rKBlYD1jufSOQ8ccU eMxILBeikJvDmqhnKlA6XZL8WW7Yn6HCHuKCl7qyOUcvZLUup2xfOCEZ90u5xr/VOJ7Y e2zJHcECEptuPhqlQcQ/4Slalf+w60CldncKnqPuwPw5BbbTjR5/lWJgmW4zE2Xc3xNn cvxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:references:cc:to:subject:from; bh=1fKI8RqzK48hDwsdef/FoldKidY2C0IXE6Bh0D5koyg=; b=a7szF3SLPj4DInhfkrX7xtnvzh6iJTd2BtsesgKA3QWJN/0Gssgwh+5UEDtWJG/VSG M1LBAIi5x2zKe6393XWg/ExvVE2+gjTXZt8AGbmNBL01ck6KTbyL4T+R7zjUcX3P41P2 lf5Z8GxkZfH+8zOQk3jzDpvoGommXWtaVXp7CYIkGlhy6JptR1pwapNbYYITpsyWzImd BokfTiD11nOsQFQjugwltnhLwwYgk0XZg+X0PrxHyuA0WHAxSDGklcQuy2kZlql7ysXz /wSn9G7G1nl0LETyNXiN4GwcdDHc/ZO2w99nzLIi5TZHgktPkQTQS9Yc+OjhRMVD560g i9DA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9-v6si18219491pln.265.2018.10.02.04.46.57; Tue, 02 Oct 2018 04:47:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727622AbeJBS2B (ORCPT + 99 others); Tue, 2 Oct 2018 14:28:01 -0400 Received: from mga12.intel.com ([192.55.52.136]:37717 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727434AbeJBS2B (ORCPT ); Tue, 2 Oct 2018 14:28:01 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Oct 2018 04:45:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,331,1534834800"; d="scan'208";a="88480239" Received: from linux.intel.com ([10.54.29.200]) by orsmga003.jf.intel.com with ESMTP; 02 Oct 2018 04:44:10 -0700 Received: from [10.125.252.11] (abudanko-mobl.ccr.corp.intel.com [10.125.252.11]) by linux.intel.com (Postfix) with ESMTP id 216895802A4; Tue, 2 Oct 2018 04:44:05 -0700 (PDT) From: Alexey Budankov Subject: Re: [RFC 0/5] perf: Per PMU access controls (paranoid setting) To: Thomas Gleixner Cc: Jann Horn , Mark Rutland , Peter Zijlstra , Kees Cook , Andi Kleen , tursulin@ursulin.net, kernel list , tvrtko.ursulin@linux.intel.com, the arch/x86 maintainers , "H . Peter Anvin" , acme@kernel.org, alexander.shishkin@linux.intel.com, jolsa@redhat.com, namhyung@kernel.org, maddy@linux.vnet.ibm.com References: <20180919122751.12439-1-tvrtko.ursulin@linux.intel.com> <20180928164111.i6nba2j6mnegwslw@lakrids.cambridge.arm.com> <20180928172340.GA32651@tassilo.jf.intel.com> <20180928174016.i7d24puv7y3jwzf6@lakrids.cambridge.arm.com> <20180928204930.GC32651@tassilo.jf.intel.com> <20180928205907.GD32651@tassilo.jf.intel.com> <20180928212757.GE32651@tassilo.jf.intel.com> <22155f49-2f57-73b8-6e89-ddd8a127967b@linux.intel.com> <905796f8-4704-66a8-ee0a-ac8aba90b179@linux.intel.com> Organization: Intel Corp. Message-ID: <47c60dc1-47ed-ca31-cc3d-d26a1b00d19a@linux.intel.com> Date: Tue, 2 Oct 2018 14:44:04 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On 02.10.2018 9:40, Thomas Gleixner wrote: > > Not only the user group, it really should do the full security checks which > are done on open(). I expect it is already implemented by some internal kernel API so that it could be reused. > >> b) then traditional checks against perf_event_pranoid content are applied; > > Hmm, not sure about that because that might be conflicting. Well, possible contradictions could be converged to some reasonable point during technical review stage. Current perf_event_paranoid semantics is still required for PMUs that are governed by global setting at /proc/sys/kernel/perf_event_paranoid. >> 4. Documentation/admin-guide/perf-security.rst file is introduced that: > > 0) Better documentation of /proc/sys/kernel/perf_even_paranoid Exactly. perf_event_open man7 [1] requires update as well, however this is not a part of kernel source tree so these docs changes are to be mailed TO: mtk.manpages@gmail.com and CC: linux-api@vger.kernel.org. Thanks, Alexey [1] http://man7.org/linux/man-pages/man2/perf_event_open.2.html