lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130506080737.GA13410@dyad.programming.kicks-ass.net>
Date:	Mon, 6 May 2013 10:07:37 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Borislav Petkov <bp@...en8.de>
Cc:	mingo@...nel.org, a.p.zijlstra@...llo.nl, hpa@...or.com,
	linux-kernel@...r.kernel.org, stable@...nel.org,
	ak@...ux.intel.com, tglx@...utronix.de,
	linux-tip-commits@...r.kernel.org
Subject: Re: [tip:perf/urgent] perf/x86/intel/lbr: Demand proper privileges
 for PERF_SAMPLE_BRANCH_KERNEL

> > @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
> >  	if (br_type & PERF_SAMPLE_BRANCH_USER)
> >  		mask |= X86_BR_USER;
> >  
> > -	if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
> > +	if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
> > +		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
> > +			return -EACCES;
> 
> It is probably not too late to amend this patch and remove the "-EACCES":
> 
> arch/x86/kernel/cpu/perf_event_intel_lbr.c: In function ‘intel_pmu_setup_sw_lbr_filter’:
> arch/x86/kernel/cpu/perf_event_intel_lbr.c:323:4: warning: ‘return’ with a value, in function returning void [enabled by default]

Oh urgh, looks like I forgot a refresh before posting..

This one actually compiles a defconfig bzImage.

---
Subject: perf, x86, lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL
From: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Date: Fri May 03 14:07:49 CEST 2013

We should always have proper privileges when requesting kernel data.

Cc: Andi Kleen <ak@...ux.intel.com>
Cc: eranian@...gle.com
Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Link: http://lkml.kernel.org/n/tip-deb8yrh5fq2bijn5tlmezkmd@git.kernel.org
---
 arch/x86/kernel/cpu/perf_event_intel_lbr.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
@@ -310,7 +310,7 @@ void intel_pmu_lbr_read(void)
  * - in case there is no HW filter
  * - in case the HW filter has errata or limitations
  */
-static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
+static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
 {
 	u64 br_type = event->attr.branch_sample_type;
 	int mask = 0;
@@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filte
 	if (br_type & PERF_SAMPLE_BRANCH_USER)
 		mask |= X86_BR_USER;
 
-	if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
+	if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
+		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+			return -EACCES;
 		mask |= X86_BR_KERNEL;
+	}
 
 	/* we ignore BRANCH_HV here */
 
@@ -339,6 +342,8 @@ static void intel_pmu_setup_sw_lbr_filte
 	 * be used by fixup code for some CPU
 	 */
 	event->hw.branch_reg.reg = mask;
+
+	return 0;
 }
 
 /*
@@ -375,7 +380,7 @@ static int intel_pmu_setup_hw_lbr_filter
 
 int intel_pmu_setup_lbr_filter(struct perf_event *event)
 {
-	int ret = 0;
+	int ret;
 
 	/*
 	 * no LBR on this PMU
@@ -386,7 +391,9 @@ int intel_pmu_setup_lbr_filter(struct pe
 	/*
 	 * setup SW LBR filter
 	 */
-	intel_pmu_setup_sw_lbr_filter(event);
+	ret = intel_pmu_setup_sw_lbr_filter(event);
+	if (ret)
+		return ret;
 
 	/*
 	 * setup HW LBR filter, if any


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ