Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
From:   Tvrtko Ursulin <tursulin@ursulin.net>
To:     Intel-gfx@lists.freedesktop.org
Cc:     linux-kernel@vger.kernel.org,
        Tvrtko Ursulin <tvrtko.ursulin@intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@redhat.com>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Jiri Olsa <jolsa@redhat.com>,
        Namhyung Kim <namhyung@kernel.org>,
        Dmitry Rogozhkin <dmitry.v.rogozhkin@intel.com>,
        Chris Wilson <chris@chris-wilson.co.uk>
Subject: [RFC 1/2] perf/pmu: Allow PMU providers to override system-wide security settings
Date:   Fri, 17 Nov 2017 13:57:22 +0000
Message-Id: <20171117135723.22235-1-tvrtko.ursulin@linux.intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

From: Tvrtko Ursulin <tvrtko.ursulin@intel.com>

To allow system administrators finer-grained control over security
settings, we add an optional pmu->is_privileged(pmu, event) callback
which is consulted when unprivileged system-wide uncore event collection
is disabled.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: linux-kernel@vger.kernel.org
Cc: Dmitry Rogozhkin <dmitry.v.rogozhkin@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
---
 include/linux/perf_event.h |  6 ++++++
 kernel/events/core.c       | 12 +++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index 8e22f24ded6a..a93630cad6b9 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -446,6 +446,12 @@ struct pmu {
 	 * Filter events for PMU-specific reasons.
 	 */
 	int (*filter_match)		(struct perf_event *event); /* optional */
+
+	/*
+	 * Returns true if the event needs CAP_SYS_ADMIN privilege in system-
+	 * wide mode.
+	 */
+	bool (*is_privileged)		(struct perf_event *event); /* optional */
 };
 
 /**
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 1811dd5aa2e2..adec28c879e8 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -3847,6 +3847,16 @@ find_lively_task_by_vpid(pid_t vpid)
 	return task;
 }
 
+static bool cpu_is_privileged(struct pmu *pmu, struct perf_event *event)
+{
+	bool privileged = perf_paranoid_cpu();
+
+	if (privileged && pmu->is_privileged)
+		privileged = pmu->is_privileged(event);
+
+	return privileged;
+}
+
 /*
  * Returns a matching context with refcount and pincount.
  */
@@ -3863,7 +3873,7 @@ find_get_context(struct pmu *pmu, struct task_struct *task,
 
 	if (!task) {
 		/* Must be root to operate on a CPU event: */
-		if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN))
+		if (cpu_is_privileged(pmu, event) && !capable(CAP_SYS_ADMIN))
 			return ERR_PTR(-EACCES);
 
 		cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu);
-- 
2.14.1


From 1584391640708314532@xxx Sat Nov 18 08:26:54 +0000 2017
X-GM-THRID: 1584391640708314532
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread