Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp141156ybi; Tue, 2 Jul 2019 17:52:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqzs8to9fMTfdCqR1x69E00JnFAMmm5w/o+XOpG0jpkftlUnNvBdTyudeaLyg/DkPuhH2TKx X-Received: by 2002:a65:534b:: with SMTP id w11mr34132163pgr.210.1562115133349; Tue, 02 Jul 2019 17:52:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562115133; cv=none; d=google.com; s=arc-20160816; b=BNkGmXczFh03FKrLtjS+7FOhfJHgL0ptwR+LvyYpSU8K0upCvqNQiLVhjvpemZP1y3 fx9JjXAHvlylozQc2wdcnOGYRzwZupmGxMnozZ2Dcb7aODC0p/enlleO2VDffhsPh1vI CFo4ChnkHb9xSW2hSJ0Q05UjXR+a5OOhObxSvGOEmcrecJXUX18RadHsPbjCC2BSFy9O cVs38NkByvwuqOe364TBu6maGy5yFErVOXOml+FWex9rM5pJ+8Wv2uUqLoxCXdWHqNSW U7JBNTu7wVf+ZQaM5DDg+BUPSGxBWCzFotaz4xuJxmzq87eFwjfK2X8qSu/gDemeBbbk ZVPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=NBhp0VNKqsN8dR0Rg+MFGXOHNBagdyx9X/DM8wfLcf4=; b=S9PS8sg7pSi+hCnmXq85c+cp5T785iaUZ4aktU7fYMZarsZeIcI/xowLuxSU8sx7DO /T8ZpxbXNb/IwMomKvK4NiQmokP0QaWagm6mICnxnAIJCgAlrImkHuFXQRnA4rtTr5B/ gt6m7pjSJF0K8FFlsynVbmeJUvgU/STWNAhBlsXT3QBezNsC6mdgFj+Oo/Im+RqJnXUW buMFaQn62ZL2K5pBDyUGtuQWPgabM7qQrF5PEQczzuRSn/popwEPeYN0d+50eFXUkH3O 8iWJ0KYfVgUF1zgk945IBfb9HgjNjnQ0L19B1I77krXlLMXA+7N8TfgGUutYVsCobH7F f++g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=Qfmw8rq2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 18si360967pgf.457.2019.07.02.17.51.57; Tue, 02 Jul 2019 17:52:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=Qfmw8rq2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727326AbfGCAuT (ORCPT + 99 others); Tue, 2 Jul 2019 20:50:19 -0400 Received: from mx0a-00190b01.pphosted.com ([67.231.149.131]:34862 "EHLO mx0a-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727099AbfGCAuS (ORCPT ); Tue, 2 Jul 2019 20:50:18 -0400 Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6306Sx4010435; Wed, 3 Jul 2019 01:11:12 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=jan2016.eng; bh=NBhp0VNKqsN8dR0Rg+MFGXOHNBagdyx9X/DM8wfLcf4=; b=Qfmw8rq2YnE7ynSepSyR5vfsAcWLcD+GfT9TIsaXwBE31fWdxW+1ttuyRZcE99t0CjZX OWBNaF10zftvthk5Un1Ho9cMyS5qrWd0OAfevyBap3OB80DHXlrNv5g3sTsJ8+KQnY9X a8L+L+4I7uP7uHxet83E+lNx8H5WLdmERlXhKe6qDzwjll/sczS0x7Pbfov0wVkk9zXY CgHMNjPqI3SNRjZLdon8S+PXPn9sVOyCi85AKN9N7iuNIGikcYrAPgoJUJKKN55XF4xp rS7zsgbyWqso3B76rnqqMqfOjf34y8xZXy/p7LDn8zRAXnBj+XLZVnwDtSVuOt6HXB94 lQ== Received: from prod-mail-ppoint3 (prod-mail-ppoint3.akamai.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2tft0ddefx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Jul 2019 01:11:12 +0100 Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x6302MSK021891; Tue, 2 Jul 2019 20:11:11 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint3.akamai.com with ESMTP id 2te3b09eb1-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Jul 2019 20:11:10 -0400 Received: from USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 2 Jul 2019 20:10:49 -0400 Received: from igorcastle.kendall.corp.akamai.com (172.29.170.135) by USMA1EX-CAS1.msg.corp.akamai.com (172.27.123.30) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Tue, 2 Jul 2019 20:10:49 -0400 Received: by igorcastle.kendall.corp.akamai.com (Postfix, from userid 29659) id A151C61D57; Tue, 2 Jul 2019 20:10:47 -0400 (EDT) From: Igor Lubashev To: , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mathieu Poirier CC: Alexander Shishkin , Jiri Olsa , Namhyung Kim , Suzuki K Poulose , , James Morris , Igor Lubashev Subject: [PATCH 0/3] perf: Use capabilities instead of uid and euid Date: Tue, 2 Jul 2019 20:10:02 -0400 Message-ID: <1562112605-6235-1-git-send-email-ilubashe@akamai.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-02_12:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907020268 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-02_12:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907020269 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kernel is using capabilities instead of uid and euid to restrict access to kernel pointers and tracing facilities. This patch series updates the perf to better match the security model used by the kernel. This series enables instructions in Documentation/admin-guide/perf-security.rst to actually work, even when kernel.perf_event_paranoid=2 and kernel.kptr_restrict=1. The series consists of three patches: 01: perf: Add capability-related utilities Add utility functions to check capabilities and perf_event_paranoid checks. 02: perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks Replace the use of euid==0 with a check for CAP_SYS_ADMIN whenever perf_event_paranoid level is verified. 03: perf: Use CAP_SYSLOG with kptr_restrict checks Replace the use of uid and euid with a check for CAP_SYSLOG when kptr_restrict is verified (similar to kernel/kallsyms.c and lib/vsprintf.c). Consult perf_event_paranoid when kptr_restrict==0 (see kernel/kallsyms.c). I tested this by following Documentation/admin-guide/perf-security.rst guidelines and setting sysctls: kernel.perf_event_paranoid=2 kernel.kptr_restrict=1 As an unpriviledged user who is in perf_users group (setup via instructions above), I executed: perf record -a -- sleep 1 Without the patch, perf record did not capture any kernel functions. With the patch, perf included all kernel funcitons. Igor Lubashev (3): perf: Add capability-related utilities perf: Use CAP_SYS_ADMIN with perf_event_paranoid checks perf: Use CAP_SYSLOG with kptr_restrict checks tools/perf/Makefile.config | 2 +- tools/perf/arch/arm/util/cs-etm.c | 3 ++- tools/perf/arch/arm64/util/arm-spe.c | 3 ++- tools/perf/arch/x86/util/intel-bts.c | 3 ++- tools/perf/arch/x86/util/intel-pt.c | 2 +- tools/perf/util/Build | 1 + tools/perf/util/cap.c | 24 ++++++++++++++++++++++++ tools/perf/util/cap.h | 10 ++++++++++ tools/perf/util/event.h | 1 + tools/perf/util/evsel.c | 2 +- tools/perf/util/python-ext-sources | 1 + tools/perf/util/symbol.c | 15 +++++++++++---- tools/perf/util/util.c | 9 +++++++++ 13 files changed, 66 insertions(+), 10 deletions(-) create mode 100644 tools/perf/util/cap.c create mode 100644 tools/perf/util/cap.h -- 2.7.4