Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1165671ybl; Wed, 14 Aug 2019 11:50:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqzsp1MDBeoomzE1anErPyIqVc66ygNQvGH+SDXpPMtaz1E6GUMyNXNjfCO6W4v+Rd6G8Na7 X-Received: by 2002:a63:6fcf:: with SMTP id k198mr509998pgc.276.1565808628042; Wed, 14 Aug 2019 11:50:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565808628; cv=none; d=google.com; s=arc-20160816; b=Z5X7aVxsA8u9s1K0NhwBv5/wxJSNxjex2ZXv3InjTbVNZtoMosvIP1ILCS3YvDIT14 0KnY1pIALFBpOUtuZ32FVXTgdq99pfctDbYIXfz0y+6Tc6gPeZT8QQcciZeB5b/rq0i1 lWV5XLZU2yefwbTOgR/2GpdA+56AzpMKPhuzlhhP24yFrZNgr6fgLpootxPsVj85Ooao 9y6lErlRJqURxF+wXWCFpE/o/zgUso0kGqOg3cumFRWCd6bgkudY6t9dMRJQudkgNqZ9 +PyCCFYEDX/9KRMeRN7wFAP+rQeWYPb0YD4Q4Qe3IzYBGjYPcV+ahoBJ1T3yoqenqw3o hR1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=+sR6B4cibYHHnwu3bpvdAPRMk/urhyGa01jZXxbES1Q=; b=HbSEFGUbMY9Pz2q6ZfFm5I4zHeMGm6L72X2zbl4mRlM7sh8plEEnrd/7Mrj2gVvFFm JVGDsQPQDaTUliJXGd8l+rL/Je+Zo1DFkq0OxskD8BzPdhVrWys8WGI+ssfhNLCPsQqR WA8JG5ACK62caJ/dpNVY2El8btTDVmE1o6n+wfqsj7G5AUBcNf4z/ahKY9UNVtx2LRxF uPSBpogwT4NiGk/7TG7QZOIIsEtPCfNNroC14OPFctemvI00+o8SOuQkPLXQgYmOGkXF ALdXme+zK4RGDZ9X6uPWr2OZ/e2K2TOS8cAWL6L2ajZ0RAetQmCcSod6XxRSx0yDFSOx A/iA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oA7C+rGe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f15si263359pfn.41.2019.08.14.11.50.12; Wed, 14 Aug 2019 11:50:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oA7C+rGe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729729AbfHNSsx (ORCPT + 99 others); Wed, 14 Aug 2019 14:48:53 -0400 Received: from mail-qk1-f193.google.com ([209.85.222.193]:37494 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729103AbfHNSsv (ORCPT ); Wed, 14 Aug 2019 14:48:51 -0400 Received: by mail-qk1-f193.google.com with SMTP id s14so12984774qkm.4 for ; Wed, 14 Aug 2019 11:48:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=+sR6B4cibYHHnwu3bpvdAPRMk/urhyGa01jZXxbES1Q=; b=oA7C+rGeWO+kai4F3ga/FeOri9pLYQdfPJV5xq2YcO2RXXCUonn/3Hc76IpdWEqePw CttxZrCTuMhAmfsTM8k38lY0DZICnt7imjxuWevt/GKhIFiplYs1xERZaVCHbu75WHmQ f3wPKrGSiDUceJBtU7Ggeb6kX8laV44lmleMkmKrIdA+wKFBhwjyCyhadmQTX9xPpFNR LJxXPtFJbTVLY7qcbW2hBqd9r/+3ZMz4csGfW7n9kJTwaC4V/EF9Dnxhn/NmGLWBU+a4 CrsBDaENLHwHiFH5V3ieghKsjDGC9B3dBrD9RbHFZ85vMTPIIclViLdzpGVf4g24mbtE xb3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=+sR6B4cibYHHnwu3bpvdAPRMk/urhyGa01jZXxbES1Q=; b=curU6MAZCmHhzL6HutKSZ7AQ/ccGAflbQLTVOd7kPdLfO6DbO8TW5rosz4vqb1mujA rPW2Cmm2GfC70a0H76OzP3+L0iD982Lx/EKde0dkxhajd6Sn81ycka+JxcgH8cOr0ffW 7enxGVA3bcRqkphNdncdarElhMOd5tmO5gNQUokI68Gl0OycFwEEH0yhQCzfM3DKpUGP 9auyrAzvSOm6+7PizL8KcVoGjVPQalTCM4iEKwCNXQ+H/J04rDJcxuupk2BCoN1dNfgu sNbK2QAKanowOCjqjaEM2h9tPjqeXXDREs1b1Cutu6iAkMJfSEdVGGP0mB93fwSkMlBp k3fg== X-Gm-Message-State: APjAAAXQoWqad/+1yoKQCbtT90Bz+oqfcElz5xh1HogxMrilA27KXSVJ Gmq4TM6QcJAFowKritNtwG4= X-Received: by 2002:a05:620a:693:: with SMTP id f19mr855962qkh.189.1565808530358; Wed, 14 Aug 2019 11:48:50 -0700 (PDT) Received: from quaco.ghostprotocols.net ([177.195.212.110]) by smtp.gmail.com with ESMTPSA id d12sm304687qkk.39.2019.08.14.11.48.49 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 14 Aug 2019 11:48:50 -0700 (PDT) From: Arnaldo Carvalho de Melo X-Google-Original-From: Arnaldo Carvalho de Melo Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 6029B40857; Wed, 14 Aug 2019 15:48:14 -0300 (-03) Date: Wed, 14 Aug 2019 15:48:14 -0300 To: Mathieu Poirier Cc: Igor Lubashev , Linux Kernel Mailing List , Jiri Olsa , Alexey Budankov , Peter Zijlstra , Ingo Molnar , Alexander Shishkin , Namhyung Kim , Suzuki K Poulose , linux-arm-kernel , James Morris Subject: Re: [PATCH v3 3/4] perf: Use CAP_SYSLOG with kptr_restrict checks Message-ID: <20190814184814.GM9280@kernel.org> References: <291d2cda6ee75b4cd4c9ce717c177db18bf03a31.1565188228.git.ilubashe@akamai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.12.0 (2019-05-25) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Wed, Aug 14, 2019 at 12:04:33PM -0600, Mathieu Poirier escreveu: > On Wed, 7 Aug 2019 at 08:44, Igor Lubashev wrote: > > > > Kernel is using CAP_SYSLOG capability instead of uid==0 and euid==0 when > > checking kptr_restrict. Make perf do the same. > > > > Also, the kernel is a more restrictive than "no restrictions" in case of > > kptr_restrict==0, so add the same logic to perf. > > > > Signed-off-by: Igor Lubashev > > --- > > tools/perf/util/symbol.c | 15 +++++++++++---- > > 1 file changed, 11 insertions(+), 4 deletions(-) > > > > diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c > > index 173f3378aaa0..046271103499 100644 > > --- a/tools/perf/util/symbol.c > > +++ b/tools/perf/util/symbol.c > > @@ -4,6 +4,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -15,8 +16,10 @@ > > #include > > #include "annotate.h" > > #include "build-id.h" > > +#include "cap.h" > > #include "util.h" > > #include "debug.h" > > +#include "event.h" > > #include "machine.h" > > #include "map.h" > > #include "symbol.h" > > @@ -890,7 +893,11 @@ bool symbol__restricted_filename(const char *filename, > > { > > bool restricted = false; > > > > - if (symbol_conf.kptr_restrict) { > > + /* Per kernel/kallsyms.c: > > + * we also restrict when perf_event_paranoid > 1 w/o CAP_SYSLOG > > + */ > > + if (symbol_conf.kptr_restrict || > > + (perf_event_paranoid() > 1 && !perf_cap__capable(CAP_SYSLOG))) { > > char *r = realpath(filename, NULL); > > > > # echo 0 > /proc/sys/kernel/kptr_restrict > # ./tools/perf/perf record -e instructions:k uname > perf: Segmentation fault > Obtained 10 stack frames. > ./tools/perf/perf(sighandler_dump_stack+0x44) [0x55af9e5da5d4] > /lib/x86_64-linux-gnu/libc.so.6(+0x3ef20) [0x7fd31efb6f20] > ./tools/perf/perf(perf_event__synthesize_kernel_mmap+0xa7) [0x55af9e590337] > ./tools/perf/perf(+0x1cf5be) [0x55af9e50c5be] > ./tools/perf/perf(cmd_record+0x1022) [0x55af9e50dff2] > ./tools/perf/perf(+0x23f98d) [0x55af9e57c98d] > ./tools/perf/perf(+0x23fc9e) [0x55af9e57cc9e] > ./tools/perf/perf(main+0x369) [0x55af9e4f6bc9] > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7fd31ef99b97] > ./tools/perf/perf(_start+0x2a) [0x55af9e4f704a] > Segmentation fault > > I can reproduce this on both x86 and ARM64. I don't see this with these two csets removed: 7ff5b5911144 perf symbols: Use CAP_SYSLOG with kptr_restrict checks d7604b66102e perf tools: Use CAP_SYS_ADMIN with perf_event_paranoid checks Which were the ones I guessed were related to the problem you reported, so they are out of my ongoing perf/core pull request to Ingo/Thomas, now trying with these applied and your instructions... - Arnaldo