Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6179023ybv;
        Tue, 18 Feb 2020 11:27:17 -0800 (PST)
X-Google-Smtp-Source: APXvYqxa/imceLJa10c4ugQwX0A/Z4NakA6ryFynEY1Z9gSHkyof6AYi+/ofBideAaj2DBAMNNDN
X-Received: by 2002:a9d:7f98:: with SMTP id t24mr17776994otp.338.1582054037530;
        Tue, 18 Feb 2020 11:27:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582054037; cv=none;
        d=google.com; s=arc-20160816;
        b=BgK5Ktd58LcSq5nbYKvfm7QEi1oWEgTaIanphGAV8+CwCnB/exzgYsVUk7JZLg/4Ph
         FBT+EnleDqQztnNfNFZ2fAiIHZXdizGsbho7ixdkGfg0b75O2PsyVAtZ+XT6KsTN5O0d
         dpa6VxfcA5RadhI4UV2iHOQ4O5S2xGtdZTk0/01WrfTl7zUgjBEImNkd5Ty6u3L/Rc0v
         /sx0poR/dQYI52I15L9V7XmNED1faZWV0NJ33b1N5HPx8WLpdRWdCyQfB14k9ITWKhHk
         RCbsZ4SmuWG80TMQsY1ULj+TendihrOvWv5mvAFxCv9hfSaRtelL8lf5Y8vyTHBCxtYJ
         RD7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=UGzPQrCxIK+/rAhGfwYqB9VbWYGmhMrXVFrctFeDGT8=;
        b=Gyh4MRzOaEdWRQmsSKbNZEm6u7Hqt5oInDxGhFVR4v7N2Wz6IJfnWWWNWBImN+IBAa
         2Drm/Ncd64sYi5vkSUib2RHiNN0RQ3ZzXm6E3f/pR5LTDqWKY6wRpFGOX4pBo8Ccqgal
         xPSRUj/f//KvgRH0qsc/wZjKscQVTIj30VCe8OQ1eEH5AzpFlSTCSKUtenpCWeGwHaSr
         z9EnNvaQs/GKV4KYDEjNbuW0WD/0GVH6G51K9k298fLu0vf6imk1GnRiq8lhJemBchT2
         2AtJ2sM+fn14ABvovqKc3Dm2gi5t1bqF2y3vpZK+g542HaYnGInBgSi8M0fEQSQMUKOo
         1gyA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n1si8512600oic.225.2020.02.18.11.27.05;
        Tue, 18 Feb 2020 11:27:17 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726605AbgBRT05 (ORCPT <rfc822;sbrunau@gmail.com> + 99 others);
        Tue, 18 Feb 2020 14:26:57 -0500
Received: from namei.org ([65.99.196.166]:46724 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726539AbgBRT05 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Feb 2020 14:26:57 -0500
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id 01IJP3Ub013606;
        Tue, 18 Feb 2020 19:25:03 GMT
Date:   Wed, 19 Feb 2020 06:25:03 +1100 (AEDT)
From:   James Morris <jmorris@namei.org>
To:     Alexey Budankov <alexey.budankov@linux.intel.com>
cc:     Serge Hallyn <serge@hallyn.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Peter Zijlstra <peterz@infradead.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        "joonas.lahtinen@linux.intel.com" <joonas.lahtinen@linux.intel.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Will Deacon <will@kernel.org>,
        Paul Mackerras <paulus@samba.org>,
        Helge Deller <deller@gmx.de>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andi Kleen <ak@linux.intel.com>,
        Stephane Eranian <eranian@google.com>,
        Igor Lubashev <ilubashe@akamai.com>,
        Jiri Olsa <jolsa@redhat.com>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        "intel-gfx@lists.freedesktop.org" <intel-gfx@lists.freedesktop.org>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>,
        "selinux@vger.kernel.org" <selinux@vger.kernel.org>,
        linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        "linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
        "linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
        oprofile-list@lists.sf.net,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        linux-man@vger.kernel.org
Subject: Re: [PATCH v7 05/12] drm/i915/perf: open access for CAP_PERFMON
 privileged process
In-Reply-To: <8b408c10-9bb0-4b08-8681-93c0f4a1132e@linux.intel.com>
Message-ID: <alpine.LRH.2.21.2002190624510.10165@namei.org>
References: <c8de937a-0b3a-7147-f5ef-69f467e87a13@linux.intel.com> <8b408c10-9bb0-4b08-8681-93c0f4a1132e@linux.intel.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 17 Feb 2020, Alexey Budankov wrote:

> 
> Open access to i915_perf monitoring for CAP_PERFMON privileged process.
> Providing the access under CAP_PERFMON capability singly, without the
> rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the
> credentials and makes operation more secure.
> 
> CAP_PERFMON implements the principal of least privilege for performance
> monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39
> principle of least privilege: A security design principle that states
> that a process or program be granted only those privileges (e.g.,
> capabilities) necessary to accomplish its legitimate function, and only
> for the time that such privileges are actually required)
> 
> For backward compatibility reasons access to i915_events subsystem
> remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN
> usage for secure i915_events monitoring is discouraged with respect to
> CAP_PERFMON capability.
> 
> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>


Reviewed-by: James Morris <jamorris@linux.microsoft.com>


-- 
James Morris
<jmorris@namei.org>