Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp4911611ybl; Mon, 26 Aug 2019 18:42:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqyQtt0XUf4GowYF6frXQPSyS2CEHNNnl1gmecOkPYmpf20FdWFq8Kz2eanJD1XDyfvxmncy X-Received: by 2002:a17:90a:d793:: with SMTP id z19mr22488404pju.36.1566870139147; Mon, 26 Aug 2019 18:42:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566870139; cv=none; d=google.com; s=arc-20160816; b=ZuKnKRu6Pe4o+Pggri+5Dj3kaqGK69SQ4pshap9hoM6W+jRvPs/1ejwJH+D/FJCzxT HHV8DrvEenDUmYsPrpck8PD9j3Htl5Cx9inEq4WuqpFFTbmYT/nwvXiKjOrQFaqfLN1L pC5WLLrft5rphm5Avzuh1YjCkeXt8/5w1oFgS86JeiWkpM8f7rz8slnsr+LK1rlEy4S9 na5BKLvVA2qYYP4zBaj1hinndILWY9M2vdhMjI6N1so7kZtaocGc+/B6RDa2oekodnaJ 477sEbtzGGbA0j+LXm/shC+DjdEfcwZ5G0cV1sJkBwxLXVCtRpAhiFiURzcMragEoq7V SJUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=E4ylNvpjQ0jZ/RNWmzecbioNYnJuGcm8chdT4IjusrQ=; b=nkWi0C59q9WaBd/czihv9lbJRHqiMlqpeVPMg553KF9yTQuPHAK+2NIGrsbJF5yaFR mJvVUqBzg2Zm6Eh5jFZERfamqemTT2YUg5Bf1glW4AMxb8EgEv2f0Eq5y7FkbQ34TVkf sWaz2p6ddwZBpSxSwcdOQNx/Dm+5n9GPqAp0xTfLVEUb1BQnK5ataqYlWpJZ3d8ppJIo D7LcQQNHOUBKZJqh+OoDvpn6bly5FoxUDl0BMqfjkyUbphtcfa6yfsmHARvkmeEod+4A LVTKeWcJ+WyLtN57032x7O5+IiA+oVQ+P+8nZGvMG2QGutKaqEgI3a3HUncavZIVotrA QvNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=EzIhoSQP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x130si10646324pgx.526.2019.08.26.18.42.03; Mon, 26 Aug 2019 18:42:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@akamai.com header.s=jan2016.eng header.b=EzIhoSQP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=akamai.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728820AbfH0BlM (ORCPT + 99 others); Mon, 26 Aug 2019 21:41:12 -0400 Received: from mx0a-00190b01.pphosted.com ([67.231.149.131]:30880 "EHLO mx0a-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726487AbfH0BlM (ORCPT ); Mon, 26 Aug 2019 21:41:12 -0400 Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x7R1c695025938; Tue, 27 Aug 2019 02:39:47 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=jan2016.eng; bh=E4ylNvpjQ0jZ/RNWmzecbioNYnJuGcm8chdT4IjusrQ=; b=EzIhoSQPedH/tUbCZDG2YkYrsJzao4aALZYg/UwEcOSeeoxxKrpi/XHwLWPNDxFM5G60 +agyo6rK9Y1pmwXMCMcVoqiFY91umt6nkchPJkgNkgAlz6y00VTMLM+Q5MhrRntukvFy rIN8RmRjFkTWiJR/kqCY8QZ3C0MhW7luUuz78FYdyWsJw/MsYma/Y+1kxtTmhBIbHciR FCk7sLooQVUl75HNWHgtHD2DaJY1nJcRBvFE7vs7GYuTWVwsVtuQVLD/pJd6KXv9SB1+ pkVYfABnoBVKV0L1bFVbzHr9zMWX8t4wo19sNkZe2i3GDiiuJw9liXS0YPiEt0fSt/8C MQ== Received: from prod-mail-ppoint4 (prod-mail-ppoint4.akamai.com [96.6.114.87] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2ujwcd29r3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Aug 2019 02:39:47 +0100 Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x7R1Vn49014943; Mon, 26 Aug 2019 21:39:46 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint4.akamai.com with ESMTP id 2uk0k0bb13-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 26 Aug 2019 21:39:45 -0400 Received: from usma1ex-cas5.msg.corp.akamai.com (172.27.123.53) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 26 Aug 2019 21:39:43 -0400 Received: from igorcastle.kendall.corp.akamai.com (172.29.170.135) by usma1ex-cas5.msg.corp.akamai.com (172.27.123.53) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Mon, 26 Aug 2019 18:39:44 -0700 Received: by igorcastle.kendall.corp.akamai.com (Postfix, from userid 29659) id 4797861E72; Mon, 26 Aug 2019 21:39:41 -0400 (EDT) From: Igor Lubashev To: Jiri Olsa , Arnaldo Carvalho de Melo , Mathieu Poirier CC: Igor Lubashev , Alexander Shishkin , Alexey Budankov , James Morris , Namhyung Kim , Peter Zijlstra , Suzuki Poulouse , , Linux Kernel Mailing List Subject: [PATCH 0/5] perf: Treat perf_event_paranoid and kptr_restrict like the kernel does it Date: Mon, 26 Aug 2019 21:39:11 -0400 Message-ID: <1566869956-7154-1-git-send-email-ilubashe@akamai.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-08-26_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908270014 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-26_08:2019-08-26,2019-08-26 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 adultscore=0 clxscore=1015 mlxlogscore=999 priorityscore=1501 bulkscore=0 suspectscore=0 malwarescore=0 spamscore=0 impostorscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1908270015 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a follow up series to the ensure perf treats perf_event_paranoid and kptr_restrict in a way that is similar to the kernel's. That includes use of capabilities instead of euid==0, when possible, as well as adjusting the logic and fixing bugs. Prior discussion: https://lkml.kernel.org/lkml/cover.1565188228.git.ilubashe@akamai.com === Testing notes === I have tested on x86 with perf binary installed according to Documentation/admin-guide/perf-security.rst (cap_sys_admin, cap_sys_ptrace, cap_syslog assigned to the perf executable). I tested each permutation of: * 7 commits: 1. HEAD of perf/core 2. patch 01 on top of perf/core 3. patches 01-02 on top of perf/core 4. patches 01-03 on top of perf/core 5. patches 01-04 on top of perf/core 6. patches 01-05 on top of perf/core 7. HEAD of perf/cap (with known bug fixed by patch 01 of this series) * 2 build environments: with and without libcap-dev * 3 kernel.kptr_restrict values: 0, 1, 2 * 4 kernel.perf_event_paranoid values: -1, 0, 1, 2 * 2 users: root and non-root Total: 336 permutations Each permutation consisted of: perf test perf record -e instructions -- sleep 1 All test runs were expected. Also, as expected, the following permutation (just that permutation) resulted in segmentation failure: commit: perf/cap build: no libcap-dev kernel.kptr_restrict: 0 kernel.perf_event_paranoid: 2 user: non-root The perf/cap commit was included in the test to ensure that we can reproduce the crash and hence test that the patch series fixes the crash, while retaining the desired behavior of perf/cap. === Series Contents === 01: perf event: Check ref_reloc_sym before using it Fix the pre-existing cause of the crash above: use of ref_reloc_sym without a check for NULL 02: perf tools: Use CAP_SYS_ADMIN with perf_event_paranoid checks Replace the use of euid==0 with a check for CAP_SYS_ADMIN whenever perf_event_paranoid level is verified. * This patch has been reviewed previously and is unchanged. * I kept Acks and Sign-offs. 03: perf util: kernel profiling is disallowed only when perf_event_paranoid>1 Align perf logic regarding perf_event_paranoid to match kernel's. This has been reported by Arnaldo. 04: perf symbols: Use CAP_SYSLOG with kptr_restrict checks Replace the use of uid and euid with a check for CAP_SYSLOG when kptr_restrict is verified (similar to kernel/kallsyms.c and lib/vsprintf.c). Consult perf_event_paranoid when kptr_restrict==0 (see kernel/kallsyms.c). * A previous version of this patch has been reviewed previously, but I * modified it in a non-trivial way, so I removed Acks. 05: perf: warn perf_event_paranoid restrict kernel symbols Warn that /proc/sys/kernel/perf_event_paranoid can also restrict kernel symbols. Igor Lubashev (5): perf event: Check ref_reloc_sym before using it perf tools: Use CAP_SYS_ADMIN with perf_event_paranoid checks perf util: kernel profiling is disallowed only when perf_event_paranoid > 1 perf symbols: Use CAP_SYSLOG with kptr_restrict checks perf: warn that perf_event_paranoid can restrict kernel symbols tools/perf/arch/arm/util/cs-etm.c | 3 ++- tools/perf/arch/arm64/util/arm-spe.c | 3 ++- tools/perf/arch/x86/util/intel-bts.c | 3 ++- tools/perf/arch/x86/util/intel-pt.c | 2 +- tools/perf/builtin-record.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 2 +- tools/perf/util/event.c | 7 ++++--- tools/perf/util/evsel.c | 2 +- tools/perf/util/symbol.c | 15 ++++++++++++--- 10 files changed, 27 insertions(+), 14 deletions(-) -- 2.7.4