Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp162636ybi; Tue, 2 Jul 2019 18:17:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqwLo0fHAFWlnrrhTx+Q3z9UXhK+VjR3F8uHgh4DvUfbEspvFYkDE9N21d3xrcx4iooBgMvk X-Received: by 2002:a63:3f84:: with SMTP id m126mr32493780pga.213.1562116645273; Tue, 02 Jul 2019 18:17:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562116645; cv=none; d=google.com; s=arc-20160816; b=XxHtxPKASjgMaYz7Njcz2QnILrXynfsyUDeitknt+aeBEZ1GYUkryaJ3VtYitntqta bQPjaXRd7107L7D2eJlwi8CDS8RT98YjERsgZTg3yTSjYL6M32oVWzdYYLWWZKA4ILC9 8YVIRzuf9D7TynHyVYJXqAWqMGYLCoNtE5N98GlweqS9qG/I72Hft6j8ZNY2N6pkn5s9 6l3tS6Bn5SDSux+ZsT59avzCHJtLlUO9HmketITv5BAJJThpOG9F0/bgZgmZd874z2Pv HkJ8zuecenDqsYpK+rBMFWJCN/VKR26F4MstClbChwCo4xxdA49RjCapfdJJJgU7hcXK y+ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=vhdroY72bGDWw4TJQf6mIBF5mLDW5ZnW83laxKxW0O8=; b=K1jtly/pXvHFE/f4jLcJAsfuXXWz0b/0NNtWUqh3bzw3s8YZJ2rq1ryFarKle1yW09 KJVB/Z0fvy2aqjcEAkWf4BHhzIIOsoSbM3NyuHoeRURYqtpKC809yc51GQexBimNcAd+ Id2t4BLa0sHT0iZLPmFlaUUiy8p+QSonhwIyRJ6+ipy1XneBxZaQmR1JNhyH0n2Kgx0O 2IJJgGH97eU/RLw0uSQS+JbCd6eGTupy9C3mFwaQ6LsIsNc5jGN6aI5yQY0HWDPAe2gC hedU/zyGLiLESfsO8Xua6pJRbXvPFa2pjUtQmQSwfrbJrg5LYPjRyvhlehO1XGHgA6VG DZEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b="GI9/HJ/s"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7si462501plb.29.2019.07.02.18.17.09; Tue, 02 Jul 2019 18:17:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b="GI9/HJ/s"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727152AbfGCBQt (ORCPT + 99 others); Tue, 2 Jul 2019 21:16:49 -0400 Received: from mx0b-00190b01.pphosted.com ([67.231.157.127]:40998 "EHLO mx0b-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726150AbfGCBQt (ORCPT ); Tue, 2 Jul 2019 21:16:49 -0400 Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x6306Stb031558; Wed, 3 Jul 2019 01:10:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=jan2016.eng; bh=vhdroY72bGDWw4TJQf6mIBF5mLDW5ZnW83laxKxW0O8=; b=GI9/HJ/sX4q65adr3ojIlYnaH7gx7z+Ol2AoDu5eGNYHByt9LnkLbniiMaDeL+9m9Nhw lmxlKqixFxa00vLIEOQ42tZpkckrTuKUU1zF2hPvoDd24c0DAhivRPrqE72kGeYl9VoL 1IrXJja+WDpCIhT7xTWIBcM1/vzXqIZzjtS/WJxNlFI7vigBFmM1VLB0q/moIVHhRFMR 0IimNoPKlBO8WztjzZp2mvLLPY+/zONnUwtQ7NBoJQP30wNcKOo8vlDA4HvDlHZN4MX7 MqNnmQsxzh5+/sW7Djx8iIFyKDxGg45C6lxmx94s291Ebkp5JvUjxmwAAViVbR8pwt2P 8A== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2tg8vp231q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Jul 2019 01:10:51 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x6302JOx014179; Tue, 2 Jul 2019 20:10:50 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint2.akamai.com with ESMTP id 2te3awrp2k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Jul 2019 20:10:50 -0400 Received: from USMA1EX-CAS2.msg.corp.akamai.com (172.27.123.31) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 2 Jul 2019 20:10:49 -0400 Received: from igorcastle.kendall.corp.akamai.com (172.29.170.135) by USMA1EX-CAS2.msg.corp.akamai.com (172.27.123.31) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Tue, 2 Jul 2019 20:10:49 -0400 Received: by igorcastle.kendall.corp.akamai.com (Postfix, from userid 29659) id A68C461E45; Tue, 2 Jul 2019 20:10:47 -0400 (EDT) From: Igor Lubashev To: , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mathieu Poirier CC: Alexander Shishkin , Jiri Olsa , Namhyung Kim , Suzuki K Poulose , , James Morris , Igor Lubashev Subject: [PATCH 3/3] perf: Use CAP_SYSLOG with kptr_restrict checks Date: Tue, 2 Jul 2019 20:10:05 -0400 Message-ID: <1562112605-6235-4-git-send-email-ilubashe@akamai.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1562112605-6235-1-git-send-email-ilubashe@akamai.com> References: <1562112605-6235-1-git-send-email-ilubashe@akamai.com> MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-02_12:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907020268 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-02_12:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907020269 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kernel is using CAP_SYSLOG capcbility instead of uid==0 and euid==0 when checking kptr_restrict. Make perf do the same. Also, the kernel is a more restrictive than "no restrictions" in case of kptr_restrict==0, so add the same logic to perf. Signed-off-by: Igor Lubashev --- tools/perf/util/symbol.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c index 5cbad55cd99d..fd68dae3f58e 100644 --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -15,8 +16,10 @@ #include #include "annotate.h" #include "build-id.h" +#include "cap.h" #include "util.h" #include "debug.h" +#include "event.h" #include "machine.h" #include "map.h" #include "symbol.h" @@ -889,7 +892,11 @@ bool symbol__restricted_filename(const char *filename, { bool restricted = false; - if (symbol_conf.kptr_restrict) { + /* Per kernel/kallsyms.c: + * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG + */ + if (symbol_conf.kptr_restrict || + (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))) { char *r = realpath(filename, NULL); if (r != NULL) { @@ -2100,9 +2107,9 @@ static bool symbol__read_kptr_restrict(void) char line[8]; if (fgets(line, sizeof(line), fp) != NULL) - value = ((geteuid() != 0) || (getuid() != 0)) ? - (atoi(line) != 0) : - (atoi(line) == 2); + value = perf_cap__capable(CAP_SYSLOG) ? + (atoi(line) >= 2) : + (atoi(line) != 0); fclose(fp); } -- 2.7.4