Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp63850ybl;
        Mon, 27 Jan 2020 22:15:32 -0800 (PST)
X-Google-Smtp-Source: APXvYqyVpR1KqXB8kpF3QYGcahX4+w+FwxA8WnK8N5iD3HGg+t7339Gc6Wt3tMajtG6UmNhPGaJ5
X-Received: by 2002:a9d:7c8a:: with SMTP id q10mr14296116otn.124.1580192132044;
        Mon, 27 Jan 2020 22:15:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1580192132; cv=none;
        d=google.com; s=arc-20160816;
        b=OQbqPHkC4SRkuVuhk/cgbLnS9Gs/kDkp3dBazhMlSKXElsmfPIH3PO10hnEIpJDkgB
         ftzq1x4B1+p8gWnnSFNF8javG5maAA2Z7cEXLpqArdT/t8SQkfxf+fBHspyOMp/2NDr+
         ndrOaZnlWhkdPN3VdfnR5WUxVEJ7qTlDPMhNYfy1hIh0LSaZyWZ8RpOeuJnuzIh7e/PO
         2L/a3lm94oQUlDDoc/ku9su8BOz7ImtA2zpAPZIdpml9r7TLpg9N/KGkcF6pZsY0zizl
         Y4+DrKpgNXuqajLPc51dPBZorCfLZ59tUi1O9QkY3sENWtyb0Cnx3xVPCronwayikNj9
         C7qA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:organization:references:cc:to:from:subject;
        bh=8wlsmEDMB4pe3fVtP80JM5FlHrZPL2lWGNuLNPaX+mg=;
        b=qbLRYAi78s0fvGJFbYmTewTX47zdlv8Ia+tbnqSSrJu24pHGHFbXbRd4zSyrMKMBoT
         cHvAWPJt6Sk3KZn2xsO4zlYjMIeoqaLEwh6t+uSlSdC+kMMFSYLjRaPeIJ9hHa3p0Euj
         jNnAlQbUqrexIbFdHEeBv4nCPltxzKgNBhKJMinN6UyhId5unPqqeiAHSoCQ03OBmVt3
         ZTQ8el4/I+n7Ra0n1sddjv9GaYK2kPPpxTYBGorWPia2w4E3h9zCLK161QBOR4MdSrXm
         md9QzHxVPRmoRbUPP7NsWdJH9oW8/jQ20sa94Yeq+T7ae+nY9AsZJd1HqwfPPqtjR8gj
         GCxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p28si7772497oth.296.2020.01.27.22.15.14;
        Mon, 27 Jan 2020 22:15:32 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725899AbgA1GM2 (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Tue, 28 Jan 2020 01:12:28 -0500
Received: from mga01.intel.com ([192.55.52.88]:32365 "EHLO mga01.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725774AbgA1GM2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 28 Jan 2020 01:12:28 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jan 2020 22:12:27 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,372,1574150400"; 
   d="scan'208";a="221990078"
Received: from linux.intel.com ([10.54.29.200])
  by orsmga008.jf.intel.com with ESMTP; 27 Jan 2020 22:12:27 -0800
Received: from [10.252.25.124] (abudanko-mobl.ccr.corp.intel.com [10.252.25.124])
        by linux.intel.com (Postfix) with ESMTP id 909725803C1;
        Mon, 27 Jan 2020 22:12:19 -0800 (PST)
Subject: [PATCH v6 07/10] powerpc/perf: open access for CAP_PERFMON privileged
 process
From:   Alexey Budankov <alexey.budankov@linux.intel.com>
To:     Peter Zijlstra <peterz@infradead.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        "benh@kernel.crashing.org" <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Michael Ellerman <mpe@ellerman.id.au>,
        "james.bottomley@hansenpartnership.com" 
        <james.bottomley@hansenpartnership.com>,
        Serge Hallyn <serge@hallyn.com>, Will Deacon <will@kernel.org>,
        Robert Richter <rric@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>
Cc:     "intel-gfx@lists.freedesktop.org" <intel-gfx@lists.freedesktop.org>,
        Jiri Olsa <jolsa@redhat.com>, Andi Kleen <ak@linux.intel.com>,
        Stephane Eranian <eranian@google.com>,
        Igor Lubashev <ilubashe@akamai.com>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Namhyung Kim <namhyung@kernel.org>,
        Song Liu <songliubraving@fb.com>,
        Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>,
        "selinux@vger.kernel.org" <selinux@vger.kernel.org>,
        linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        "linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
        "linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
        "linux-perf-users@vger.kernel.org" <linux-perf-users@vger.kernel.org>,
        oprofile-list@lists.sf.net
References: <74d524ab-ac11-a7b8-1052-eba10f117e09@linux.intel.com>
Organization: Intel Corp.
Message-ID: <3ce8fc61-a61f-5efc-9167-94f5d39b6f1b@linux.intel.com>
Date:   Tue, 28 Jan 2020 09:12:18 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <74d524ab-ac11-a7b8-1052-eba10f117e09@linux.intel.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


Open access to monitoring for CAP_PERFMON privileged process.
Providing the access under CAP_PERFMON capability singly, without the
rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the
credentials and makes operation more secure.

CAP_PERFMON implements the principal of least privilege for performance
monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39 principle
of least privilege: A security design principle that states that a process
or program be granted only those privileges (e.g., capabilities) necessary
to accomplish its legitimate function, and only for the time that such
privileges are actually required)

For backward compatibility reasons access to the monitoring remains open
for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure
monitoring is discouraged with respect to CAP_PERFMON capability.

Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
---
 arch/powerpc/perf/imc-pmu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/perf/imc-pmu.c b/arch/powerpc/perf/imc-pmu.c
index cb50a9e1fd2d..e837717492e4 100644
--- a/arch/powerpc/perf/imc-pmu.c
+++ b/arch/powerpc/perf/imc-pmu.c
@@ -898,7 +898,7 @@ static int thread_imc_event_init(struct perf_event *event)
 	if (event->attr.type != event->pmu->type)
 		return -ENOENT;
 
-	if (!capable(CAP_SYS_ADMIN))
+	if (!perfmon_capable())
 		return -EACCES;
 
 	/* Sampling not supported */
@@ -1307,7 +1307,7 @@ static int trace_imc_event_init(struct perf_event *event)
 	if (event->attr.type != event->pmu->type)
 		return -ENOENT;
 
-	if (!capable(CAP_SYS_ADMIN))
+	if (!perfmon_capable())
 		return -EACCES;
 
 	/* Return if this is a couting event */
-- 
2.20.1