Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp141156ybi;
        Tue, 2 Jul 2019 17:52:13 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzs8to9fMTfdCqR1x69E00JnFAMmm5w/o+XOpG0jpkftlUnNvBdTyudeaLyg/DkPuhH2TKx
X-Received: by 2002:a65:534b:: with SMTP id w11mr34132163pgr.210.1562115133349;
        Tue, 02 Jul 2019 17:52:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562115133; cv=none;
        d=google.com; s=arc-20160816;
        b=BNkGmXczFh03FKrLtjS+7FOhfJHgL0ptwR+LvyYpSU8K0upCvqNQiLVhjvpemZP1y3
         fx9JjXAHvlylozQc2wdcnOGYRzwZupmGxMnozZ2Dcb7aODC0p/enlleO2VDffhsPh1vI
         CFo4ChnkHb9xSW2hSJ0Q05UjXR+a5OOhObxSvGOEmcrecJXUX18RadHsPbjCC2BSFy9O
         cVs38NkByvwuqOe364TBu6maGy5yFErVOXOml+FWex9rM5pJ+8Wv2uUqLoxCXdWHqNSW
         U7JBNTu7wVf+ZQaM5DDg+BUPSGxBWCzFotaz4xuJxmzq87eFwjfK2X8qSu/gDemeBbbk
         ZVPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:subject:cc
         :to:from:dkim-signature;
        bh=NBhp0VNKqsN8dR0Rg+MFGXOHNBagdyx9X/DM8wfLcf4=;
        b=S9PS8sg7pSi+hCnmXq85c+cp5T785iaUZ4aktU7fYMZarsZeIcI/xowLuxSU8sx7DO
         /T8ZpxbXNb/IwMomKvK4NiQmokP0QaWagm6mICnxnAIJCgAlrImkHuFXQRnA4rtTr5B/
         gt6m7pjSJF0K8FFlsynVbmeJUvgU/STWNAhBlsXT3QBezNsC6mdgFj+Oo/Im+RqJnXUW
         buMFaQn62ZL2K5pBDyUGtuQWPgabM7qQrF5PEQczzuRSn/popwEPeYN0d+50eFXUkH3O
         8iWJ0KYfVgUF1zgk945IBfb9HgjNjnQ0L19B1I77krXlLMXA+7N8TfgGUutYVsCobH7F
         f++g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=Qfmw8rq2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 18si360967pgf.457.2019.07.02.17.51.57;
        Tue, 02 Jul 2019 17:52:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=Qfmw8rq2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727326AbfGCAuT (ORCPT <rfc822;kernelgary@gmail.com>
        + 99 others); Tue, 2 Jul 2019 20:50:19 -0400
Received: from mx0a-00190b01.pphosted.com ([67.231.149.131]:34862 "EHLO
        mx0a-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727099AbfGCAuS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Jul 2019 20:50:18 -0400
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1])
        by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6306Sx4010435;
        Wed, 3 Jul 2019 01:11:12 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc :
 subject : date : message-id : mime-version : content-type; s=jan2016.eng;
 bh=NBhp0VNKqsN8dR0Rg+MFGXOHNBagdyx9X/DM8wfLcf4=;
 b=Qfmw8rq2YnE7ynSepSyR5vfsAcWLcD+GfT9TIsaXwBE31fWdxW+1ttuyRZcE99t0CjZX
 OWBNaF10zftvthk5Un1Ho9cMyS5qrWd0OAfevyBap3OB80DHXlrNv5g3sTsJ8+KQnY9X
 a8L+L+4I7uP7uHxet83E+lNx8H5WLdmERlXhKe6qDzwjll/sczS0x7Pbfov0wVkk9zXY
 CgHMNjPqI3SNRjZLdon8S+PXPn9sVOyCi85AKN9N7iuNIGikcYrAPgoJUJKKN55XF4xp
 rS7zsgbyWqso3B76rnqqMqfOjf34y8xZXy/p7LDn8zRAXnBj+XLZVnwDtSVuOt6HXB94 lQ== 
Received: from prod-mail-ppoint3 (prod-mail-ppoint3.akamai.com [96.6.114.86] (may be forged))
        by mx0a-00190b01.pphosted.com with ESMTP id 2tft0ddefx-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 03 Jul 2019 01:11:12 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1])
        by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x6302MSK021891;
        Tue, 2 Jul 2019 20:11:11 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.34])
        by prod-mail-ppoint3.akamai.com with ESMTP id 2te3b09eb1-3
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
        Tue, 02 Jul 2019 20:11:10 -0400
Received: from USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) by
 usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP
 Server (TLS) id 15.0.1473.3; Tue, 2 Jul 2019 20:10:49 -0400
Received: from igorcastle.kendall.corp.akamai.com (172.29.170.135) by
 USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) with Microsoft SMTP Server
 id 15.0.1473.3 via Frontend Transport; Tue, 2 Jul 2019 20:10:49 -0400
Received: by igorcastle.kendall.corp.akamai.com (Postfix, from userid 29659)
        id A151C61D57; Tue,  2 Jul 2019 20:10:47 -0400 (EDT)
From:   Igor Lubashev <ilubashe@akamai.com>
To:     <linux-kernel@vger.kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@redhat.com>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Mathieu Poirier <mathieu.poirier@linaro.org>
CC:     Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Jiri Olsa <jolsa@redhat.com>,
        Namhyung Kim <namhyung@kernel.org>,
        Suzuki K Poulose <suzuki.poulose@arm.com>,
        <linux-arm-kernel@lists.infradead.org>,
        James Morris <jmorris@namei.org>,
        Igor Lubashev <ilubashe@akamai.com>
Subject: [PATCH 0/3] perf: Use capabilities instead of uid and euid
Date:   Tue, 2 Jul 2019 20:10:02 -0400
Message-ID: <1562112605-6235-1-git-send-email-ilubashe@akamai.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-02_12:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1810050000 definitions=main-1907020268
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-02_12:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0
 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015
 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000
 definitions=main-1907020269
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Kernel is using capabilities instead of uid and euid to restrict access to
kernel pointers and tracing facilities.  This patch series updates the perf to
better match the security model used by the kernel.

This series enables instructions in Documentation/admin-guide/perf-security.rst
to actually work, even when kernel.perf_event_paranoid=2 and
kernel.kptr_restrict=1.

The series consists of three patches:

  01: perf: Add capability-related utilities
    Add utility functions to check capabilities and perf_event_paranoid checks.

  02: perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
    Replace the use of euid==0 with a check for CAP_SYS_ADMIN whenever
    perf_event_paranoid level is verified.

  03: perf: Use CAP_SYSLOG with kptr_restrict checks
    Replace the use of uid and euid with a check for CAP_SYSLOG when
    kptr_restrict is verified (similar to kernel/kallsyms.c and lib/vsprintf.c).
    Consult perf_event_paranoid when kptr_restrict==0 (see kernel/kallsyms.c).

I tested this by following Documentation/admin-guide/perf-security.rst
guidelines and setting sysctls:

   kernel.perf_event_paranoid=2
   kernel.kptr_restrict=1

As an unpriviledged user who is in perf_users group (setup via instructions
above), I executed:
   perf record -a -- sleep 1

Without the patch, perf record did not capture any kernel functions.
With the patch, perf included all kernel funcitons.

Igor Lubashev (3):
  perf: Add capability-related utilities
  perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks
  perf: Use CAP_SYSLOG with kptr_restrict checks

 tools/perf/Makefile.config           |  2 +-
 tools/perf/arch/arm/util/cs-etm.c    |  3 ++-
 tools/perf/arch/arm64/util/arm-spe.c |  3 ++-
 tools/perf/arch/x86/util/intel-bts.c |  3 ++-
 tools/perf/arch/x86/util/intel-pt.c  |  2 +-
 tools/perf/util/Build                |  1 +
 tools/perf/util/cap.c                | 24 ++++++++++++++++++++++++
 tools/perf/util/cap.h                | 10 ++++++++++
 tools/perf/util/event.h              |  1 +
 tools/perf/util/evsel.c              |  2 +-
 tools/perf/util/python-ext-sources   |  1 +
 tools/perf/util/symbol.c             | 15 +++++++++++----
 tools/perf/util/util.c               |  9 +++++++++
 13 files changed, 66 insertions(+), 10 deletions(-)
 create mode 100644 tools/perf/util/cap.c
 create mode 100644 tools/perf/util/cap.h

-- 
2.7.4