Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp5572118ybh; Wed, 7 Aug 2019 08:07:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqyEnBG+SjERLIBxuwjhRgBEM2KhTg5EBY3EpnREbYhpCUf5JmER8Okb5JgfMNKXbxgsbvRx X-Received: by 2002:aa7:9f8b:: with SMTP id z11mr9979958pfr.121.1565190463018; Wed, 07 Aug 2019 08:07:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565190463; cv=none; d=google.com; s=arc-20160816; b=Ggt4y4FAz4yJLrkhioSzcfd415OYp1LWvK+i4MM3LMNbyNEce7RYnpnKEM3f6CXzMM k7MnjF62M6oWkQ+zM/yUzz/Bx0jWDo1s/L2oFQcpV75gwWwlZApqlcd+O6dAkk9WEqB6 MTJMnFpnshvb5X/coJR4QQx0CoJRzASln2axDxCDHEk2UZ7v/h2OAapCsyfAtJrRqx6G aPKdfynttgkHS909B+ObFv6NaIgScYA0/OVsA8g0YZTLH2ykLLyAjjEBA6g5o8weA3b7 uv4porK1SYKg1Racp8CcPKyj42R61//BCxKQvi6JVicTdSDkfp03jIo8YfRvsoxIGILw FWIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=vffPYkazUX63OOelAC2TpHBENEYOaE8kM+STi98FHrY=; b=iATV5O/V5LJH1R4lELcLIraNav1wP8M05ZPC8TbkKCC5yU5Ds7+XaE8MUR+Oq46s78 1qTXDkZ3ogaqw3b+Bc3N2l9YNScQcFrnlSuJx6FumblW1G8DirUCaQGVm57wDr32V6xb e7VKKxtEs/qBCFSy7pmD7CUosnU6Hq52ExJOThDPuzXfNiqepvo94+xfBvOAZ/jVDx9s 7kVHqa+AL8r9ImylaysT9DsOa776qjhide5H9h5RebLsyvHHl2APt3Tr+vWvQphyzhh0 HNyNY3G9y0FRz3wZWNQXd32IlgBitF7E/YV1ZXoBLOxQMSAOA2pbjKQ59riJDXhp2KXk TROw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=avxKBrR2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s6si35879995plq.213.2019.08.07.08.07.25; Wed, 07 Aug 2019 08:07:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=avxKBrR2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387985AbfHGOpM (ORCPT + 99 others); Wed, 7 Aug 2019 10:45:12 -0400 Received: from mx0b-00190b01.pphosted.com ([67.231.157.127]:38014 "EHLO mx0b-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730003AbfHGOpJ (ORCPT ); Wed, 7 Aug 2019 10:45:09 -0400 Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x77EfxRh005174; Wed, 7 Aug 2019 15:44:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=jan2016.eng; bh=vffPYkazUX63OOelAC2TpHBENEYOaE8kM+STi98FHrY=; b=avxKBrR2jylXtB6FI4Bo84mpY+wYpfKwO5ZtoqlfCVa8Ur5BgAY/BNtIbrNmJV3R7zlW hGTFXgCRMOFUI5Xr8FhVC1cO8t6FjXh1x7EGvYRG1tnnQK0ykd+ib+F2onZWEwJQoH10 HTPjyz1PHgioYb5d2bFSfeDndx/Az20ynS48p/sdoyh5RNpaAh4CA8VeN0j7OqBoULVc 2/ZVCxIQs+ud4HrIcR91U9dWOyo2KaFnjxjhBRIcJVCbj5bQJOcVdetP1N2VphPd+bbP DlZBSw7fcSM3sJ68IQ+rFN80XrCmFP3OiUyqYEL1mc3FrjaJGaLNFFpoCa9kRZ+GsB3H hg== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2u51wv1766-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 07 Aug 2019 15:44:50 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x77EWhlH024447; Wed, 7 Aug 2019 10:44:49 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint1.akamai.com with ESMTP id 2u55kwbsgw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Aug 2019 10:44:49 -0400 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb3.msg.corp.akamai.com (172.27.123.58) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 7 Aug 2019 10:44:47 -0400 Received: from usma1ex-cas5.msg.corp.akamai.com (172.27.123.53) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 7 Aug 2019 10:44:47 -0400 Received: from igorcastle.kendall.corp.akamai.com (172.29.170.135) by usma1ex-cas5.msg.corp.akamai.com (172.27.123.53) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Wed, 7 Aug 2019 07:44:41 -0700 Received: by igorcastle.kendall.corp.akamai.com (Postfix, from userid 29659) id 8D19E61DB7; Wed, 7 Aug 2019 10:44:39 -0400 (EDT) From: Igor Lubashev To: , Arnaldo Carvalho de Melo , Jiri Olsa , Alexey Budankov CC: Peter Zijlstra , Ingo Molnar , Mathieu Poirier , Alexander Shishkin , Namhyung Kim , Suzuki K Poulose , , James Morris , Igor Lubashev Subject: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Date: Wed, 7 Aug 2019 10:44:16 -0400 Message-ID: <291d2cda6ee75b4cd4c9ce717c177db18bf03a31.1565188228.git.ilubashe@akamai.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-08-07_03:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908070155 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-07_03:2019-08-07,2019-08-07 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 lowpriorityscore=0 mlxscore=0 spamscore=0 phishscore=0 clxscore=1015 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1908070157 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kernel is using CAP_SYSLOG capability instead of uid==0 and euid==0 when checking kptr_restrict. Make perf do the same. Also, the kernel is a more restrictive than "no restrictions" in case of kptr_restrict==0, so add the same logic to perf. Signed-off-by: Igor Lubashev --- tools/perf/util/symbol.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c index 173f3378aaa0..046271103499 100644 --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -15,8 +16,10 @@ #include #include "annotate.h" #include "build-id.h" +#include "cap.h" #include "util.h" #include "debug.h" +#include "event.h" #include "machine.h" #include "map.h" #include "symbol.h" @@ -890,7 +893,11 @@ bool symbol__restricted_filename(const char *filename, { bool restricted = false; - if (symbol_conf.kptr_restrict) { + /* Per kernel/kallsyms.c: + * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG + */ + if (symbol_conf.kptr_restrict || + (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))) { char *r = realpath(filename, NULL); if (r != NULL) { @@ -2190,9 +2197,9 @@ static bool symbol__read_kptr_restrict(void) char line[8]; if (fgets(line, sizeof(line), fp) != NULL) - value = ((geteuid() != 0) || (getuid() != 0)) ? - (atoi(line) != 0) : - (atoi(line) == 2); + value = perf_cap__capable(CAP_SYSLOG) ? + (atoi(line) >= 2) : + (atoi(line) != 0); fclose(fp); } -- 2.7.4