Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp524110ybv; Wed, 5 Feb 2020 09:37:51 -0800 (PST) X-Google-Smtp-Source: APXvYqxeRTYPB0+rzh/ML4OTcNYiy4q03CWtOHtzApkfyZxgorGi7R/TQpZcqBflkWTybZjYVT4a X-Received: by 2002:a05:6808:658:: with SMTP id z24mr3897399oih.91.1580924271259; Wed, 05 Feb 2020 09:37:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580924271; cv=none; d=google.com; s=arc-20160816; b=I36DdNzC+LP8uxiTzjd035Y07wQqx+6mNa4A4esH0r+vHibrTQmnJF/X1a6ZUhsFi8 fI5vOp0e4SdaVO+aTi4hXFAx/2fjPMX2XdTIsygnRj0UNudhPPRWB383ZBjssfuz97Zd icnKYPQGCXZcOdRf0B9xA62hIqBsmUfdFuIe/rkTY5YJxIOPyOpfWZssOLFnfYRO3nbR 5V4FVKQT9qWmw5vc5N5sUSfwY18iY4aTcirZ9Q0+BFIuYK8N0P0lZ7KxGspeakyfqMR3 T3/rI6CG3gfjurOv2rdmFr7coYisabIrJ3ocs0x67IZtHWeHHAsbCHIuACm9wDvVbobl oLBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:references:cc:to:from:subject; bh=WgJh8ohSwjlZG5aBuEJMbO93IbhrosW9rUE7X7Na2kY=; b=fGXLhv6Ie3uDCJcOzNu3DuN1O6pO7FnOl954D6jPSxr9TCLOuZpo21Hl5eIHrsBfrd 0UIxRX+bVkwWH8rwNiace3+IvWQZZLPUScD+rqp2ePvwJ9P6oJWAzJpZ4IBP7+GhCRJr GtU7Cu2+Rj8zci6JENDccwA2EvlbMhDLf3juBrfKya3qA/sUDGHFMLkKe8sox0OwzxEI ze6RsgOraG3w3DlM4DivBH/Bza+hRLI9ES1VVXdYGhGGq2KT/ShiEmKdKtg6zLzjMwqY aY3Vb/LW5oRJ2om+Dbvg4YjGMb6gLlhVxwEOOAjHJmLjaH6+Sjs90mlRbR52vZOX736O BNsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t77si484795oie.146.2020.02.05.09.37.39; Wed, 05 Feb 2020 09:37:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727440AbgBERfz (ORCPT + 99 others); Wed, 5 Feb 2020 12:35:55 -0500 Received: from mga14.intel.com ([192.55.52.115]:16885 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726957AbgBERfz (ORCPT ); Wed, 5 Feb 2020 12:35:55 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2020 09:35:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,406,1574150400"; d="scan'208";a="404218446" Received: from linux.intel.com ([10.54.29.200]) by orsmga005.jf.intel.com with ESMTP; 05 Feb 2020 09:35:54 -0800 Received: from [10.252.5.149] (abudanko-mobl.ccr.corp.intel.com [10.252.5.149]) by linux.intel.com (Postfix) with ESMTP id 919B05802BC; Wed, 5 Feb 2020 09:35:46 -0800 (PST) Subject: [PATCH v6 08/10] parisc/perf: open access for CAP_PERFMON privileged process From: Alexey Budankov To: James Morris , Serge Hallyn , Stephen Smalley , Peter Zijlstra , Arnaldo Carvalho de Melo , Ingo Molnar , "joonas.lahtinen@linux.intel.com" , Alexei Starovoitov , Will Deacon , Paul Mackerras , Michael Ellerman Cc: Andi Kleen , Thomas Gleixner , Stephane Eranian , Igor Lubashev , Jiri Olsa , linux-kernel , "intel-gfx@lists.freedesktop.org" , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" , linux-arm-kernel , "linuxppc-dev@lists.ozlabs.org" , "linux-parisc@vger.kernel.org" , oprofile-list@lists.sf.net References: <576a6141-36d4-14c0-b395-8d195892b916@linux.intel.com> Organization: Intel Corp. Message-ID: <15e3133b-3090-f7e4-f12d-f47c60f8c93d@linux.intel.com> Date: Wed, 5 Feb 2020 20:35:45 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 MIME-Version: 1.0 In-Reply-To: <576a6141-36d4-14c0-b395-8d195892b916@linux.intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Open access to monitoring for CAP_PERFMON privileged process. Providing the access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes operation more secure. CAP_PERFMON implements the principal of least privilege for performance monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39 principle of least privilege: A security design principle that states that a process or program be granted only those privileges (e.g., capabilities) necessary to accomplish its legitimate function, and only for the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- arch/parisc/kernel/perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/parisc/kernel/perf.c b/arch/parisc/kernel/perf.c index 676683641d00..c4208d027794 100644 --- a/arch/parisc/kernel/perf.c +++ b/arch/parisc/kernel/perf.c @@ -300,7 +300,7 @@ static ssize_t perf_write(struct file *file, const char __user *buf, else return -EFAULT; - if (!capable(CAP_SYS_ADMIN)) + if (!perfmon_capable()) return -EACCES; if (count != sizeof(uint32_t)) -- 2.20.1