Received: by 2002:a17:90a:37e8:0:0:0:0 with SMTP id v95csp7141309pjb; Wed, 16 Oct 2019 00:44:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqwebIQR2yl6uAHSuyOCaH9pblM5uaRhCN1Tg+vIjZYInqg8oPGTFrM23dkvibNB+dX2kCrs X-Received: by 2002:a17:907:2118:: with SMTP id qn24mr37960512ejb.141.1571211853699; Wed, 16 Oct 2019 00:44:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571211853; cv=none; d=google.com; s=arc-20160816; b=Dd7D9M5cyx8OeyUnOvejSGaWCrQAKQiW8RjML0NtwUohp0vgC2vjidm06vuLes9l93 KjnIp687cZqcZMo+C6qK3cNwOcSiOY6Z1TSIGh73weNPpXbbD0XREn3Y0KMkaE65xbO6 1bltNqnldt5XII2nhQgAloaVTalUHVrE+dlxN+YnYSpaGW9ZNRcyjXVNcHrFl3X70Per y9PjT+Fp1mcjwvcz7GMS/Vfzz+yNIDMkMFFhsVDSe26lIKtCZWQjXdyMmjFb0taMNc70 xHT+OlR6H5pxQVgD4iTHFsYzloLa7KC+ziGXSLkhs3dCMheHYAjWtY9DEew1o7Xg5Zge VIdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=rf4qoYyym4OwL8++6P6U9mCaO/3P2myy/Ny/GVBd60Q=; b=PPZa+Erv2NFKNWoF37i2R5diwm6IhHHPHKvedl9MH+nfMmA0VxBJ5LmcqqcKn2Et8G XOBxxOMoWYP/dQ2ev9v2PSB23suqhJ/4kGOmz3hw9Ky3/3Gzjv+9UPwEyO6eHChzTNbH vkRyIgLv0y6dMtwh2aSFmupKVefZ1XVgrthVnJfKWr7ND2QqYe5YhwmiZ8ydAAtFK7Ii EEuwQCQOCPbC73/tjggFKA+hEXp7RXdm0HLnVuPLG8cd2MIWaMOVWRJasBo5xhpOdOt0 7h8nJaSm3p149WVZnJZnqkXlks6/TR5A83z5hGvLFRE+nGWfSJvoc08ytUxrUs6EF4ys U60g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b="IRP9Gp/c"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p2si13686741edx.106.2019.10.16.00.43.48; Wed, 16 Oct 2019 00:44:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b="IRP9Gp/c"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390241AbfJPAfC (ORCPT + 99 others); Tue, 15 Oct 2019 20:35:02 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:37163 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727579AbfJPAfC (ORCPT ); Tue, 15 Oct 2019 20:35:02 -0400 Received: by mail-pf1-f194.google.com with SMTP id y5so13556614pfo.4 for ; Tue, 15 Oct 2019 17:35:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=rf4qoYyym4OwL8++6P6U9mCaO/3P2myy/Ny/GVBd60Q=; b=IRP9Gp/cJhpFJaURX7/ZJIIpkjlkzVHyKeR3E6m4jvjUm9XRNardXfNdATdaX4UJf9 5vhyJYmrai6Gy+w9n12CYH1PbhelsdACD9X+14BQhtRJ20IxkwAKlsjZrn5hYV2J+DNy zs9JK3H+/n4EgWykXOS1pB1s2AOMDv6Mq7YoY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=rf4qoYyym4OwL8++6P6U9mCaO/3P2myy/Ny/GVBd60Q=; b=XhSUSLggo1nZIVcPv4s/iykounAn2dHW16362BqWxeJ+x91qMqMMFcfNBaI0pBoYDB ZdYPfWMKVNZ7YQmSeeSuWAH5UfU5XUAHq6UK6M0LP7yzniFe9Deyb8G9WfH7zgITmK4+ HzS7xF+ZEn0xT7O86GONb96bGouJWWnFciDHRvU317d9A6fxzfBI6sfIMjWySiFm/eaG M5fUxk7HcOGLhwQV5bf1Tj3RCFu2dROh48nfDu7RB4EJDnd/e8N/bFfsIwDqS3INsES4 nfrHPWjUaFHjl8ci5aYLL7uDOGEYj+xbqaEjZ6vDwMiY1mHb+7XCT2h49/Uw5nwQ/aOt w8Jw== X-Gm-Message-State: APjAAAUrh+I+m+4VGj91QRQe1jvDDsOvSQOCWKMey5cLVli928IVQJUK RjohL6SSaRiAQXK/bnIOA508ew== X-Received: by 2002:a63:1e5f:: with SMTP id p31mr22515386pgm.291.1571186101558; Tue, 15 Oct 2019 17:35:01 -0700 (PDT) Received: from localhost ([2620:15c:6:12:9c46:e0da:efbf:69cc]) by smtp.gmail.com with ESMTPSA id j10sm21326993pfn.128.2019.10.15.17.35.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Oct 2019 17:35:01 -0700 (PDT) Date: Tue, 15 Oct 2019 20:35:00 -0400 From: Joel Fernandes To: Stephen Smalley Cc: linux-kernel@vger.kernel.org, Peter Zijlstra , rostedt@goodmis.org, primiano@google.com, rsavitski@google.com, jeffv@google.com, kernel-team@android.com, James Morris , Alexei Starovoitov , Arnaldo Carvalho de Melo , bpf@vger.kernel.org, Daniel Borkmann , Ingo Molnar , Jiri Olsa , Kees Cook , linux-security-module@vger.kernel.org, Matthew Garrett , Namhyung Kim , selinux@vger.kernel.org, Song Liu , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , Yonghong Song Subject: Re: [PATCH v2] perf_event: Add support for LSM and SELinux checks Message-ID: <20191016003500.GC89937@google.com> References: <20191014170308.70668-1-joel@joelfernandes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > diff --git a/include/uapi/linux/perf_event.h b/include/uapi/linux/perf_event.h > > index bb7b271397a6..2af95f937a5b 100644 > > --- a/include/uapi/linux/perf_event.h > > +++ b/include/uapi/linux/perf_event.h > > @@ -427,6 +427,15 @@ struct perf_event_attr { > > __u16 __reserved_2; /* align to __u64 */ > > }; > > + > > +/* Access to perf_event_open(2) syscall. */ > > +#define PERF_SECURITY_OPEN 0 > > + > > +/* Finer grained perf_event_open(2) access control. */ > > +#define PERF_SECURITY_CPU 1 > > +#define PERF_SECURITY_KERNEL 2 > > +#define PERF_SECURITY_TRACEPOINT 3 > > + > > Why are these definitions part of the uapi header and not private to the > kernel? No reason but I agree it is better to put them in the private header. Peter, if you are Ok with it, could you squash the below diff into my original patch? But let me know if you want me to resend the whole patch again. Thanks. ---8<----------------------- diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 664bb7f99c46..587ae4d002f5 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -1245,6 +1245,14 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, int perf_event_max_stack_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); +/* Access to perf_event_open(2) syscall. */ +#define PERF_SECURITY_OPEN 0 + +/* Finer grained perf_event_open(2) access control. */ +#define PERF_SECURITY_CPU 1 +#define PERF_SECURITY_KERNEL 2 +#define PERF_SECURITY_TRACEPOINT 3 + static inline int perf_is_paranoid(void) { return sysctl_perf_event_paranoid > -1; diff --git a/include/uapi/linux/perf_event.h b/include/uapi/linux/perf_event.h index 2af95f937a5b..bb7b271397a6 100644 --- a/include/uapi/linux/perf_event.h +++ b/include/uapi/linux/perf_event.h @@ -427,15 +427,6 @@ struct perf_event_attr { __u16 __reserved_2; /* align to __u64 */ }; - -/* Access to perf_event_open(2) syscall. */ -#define PERF_SECURITY_OPEN 0 - -/* Finer grained perf_event_open(2) access control. */ -#define PERF_SECURITY_CPU 1 -#define PERF_SECURITY_KERNEL 2 -#define PERF_SECURITY_TRACEPOINT 3 - /* * Structure used by below PERF_EVENT_IOC_QUERY_BPF command * to query bpf programs attached to the same perf tracepoint -- 2.23.0.700.g56cf767bdb-goog