| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 May 2013 11:42:54 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Borislav Petkov <bp@...en8.de>, a.p.zijlstra@...llo.nl,
hpa@...or.com, linux-kernel@...r.kernel.org, stable@...nel.org,
ak@...ux.intel.com, tglx@...utronix.de,
linux-tip-commits@...r.kernel.org
Subject: Re: [tip:perf/urgent] perf/x86/intel/lbr: Demand proper privileges
for PERF_SAMPLE_BRANCH_KERNEL
* Peter Zijlstra <peterz@...radead.org> wrote:
> > > @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
> > > if (br_type & PERF_SAMPLE_BRANCH_USER)
> > > mask |= X86_BR_USER;
> > >
> > > - if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
> > > + if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
> > > + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
> > > + return -EACCES;
> >
> > It is probably not too late to amend this patch and remove the "-EACCES":
> >
> > arch/x86/kernel/cpu/perf_event_intel_lbr.c: In function ???intel_pmu_setup_sw_lbr_filter???:
> > arch/x86/kernel/cpu/perf_event_intel_lbr.c:323:4: warning: ???return??? with a value, in function returning void [enabled by default]
>
> Oh urgh, looks like I forgot a refresh before posting..
>
> This one actually compiles a defconfig bzImage.
>
> ---
> Subject: perf, x86, lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL
> From: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> Date: Fri May 03 14:07:49 CEST 2013
>
> We should always have proper privileges when requesting kernel data.
>
> Cc: Andi Kleen <ak@...ux.intel.com>
> Cc: eranian@...gle.com
> Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> Link: http://lkml.kernel.org/n/tip-deb8yrh5fq2bijn5tlmezkmd@git.kernel.org
> ---
> arch/x86/kernel/cpu/perf_event_intel_lbr.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> --- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> +++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> @@ -310,7 +310,7 @@ void intel_pmu_lbr_read(void)
> * - in case there is no HW filter
> * - in case the HW filter has errata or limitations
> */
> -static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
> +static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
> {
> u64 br_type = event->attr.branch_sample_type;
> int mask = 0;
> @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filte
> if (br_type & PERF_SAMPLE_BRANCH_USER)
> mask |= X86_BR_USER;
>
> - if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
> + if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
> + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
> + return -EACCES;
> mask |= X86_BR_KERNEL;
> + }
>
> /* we ignore BRANCH_HV here */
>
> @@ -339,6 +342,8 @@ static void intel_pmu_setup_sw_lbr_filte
> * be used by fixup code for some CPU
> */
> event->hw.branch_reg.reg = mask;
> +
> + return 0;
> }
>
> /*
> @@ -375,7 +380,7 @@ static int intel_pmu_setup_hw_lbr_filter
>
> int intel_pmu_setup_lbr_filter(struct perf_event *event)
> {
> - int ret = 0;
> + int ret;
>
> /*
> * no LBR on this PMU
> @@ -386,7 +391,9 @@ int intel_pmu_setup_lbr_filter(struct pe
> /*
> * setup SW LBR filter
> */
> - intel_pmu_setup_sw_lbr_filter(event);
> + ret = intel_pmu_setup_sw_lbr_filter(event);
> + if (ret)
> + return ret;
>
> /*
> * setup HW LBR filter, if any
That looks pretty close to what I did as well.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists