lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130506094254.GB9464@gmail.com>
Date:	Mon, 6 May 2013 11:42:54 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Borislav Petkov <bp@...en8.de>, a.p.zijlstra@...llo.nl,
	hpa@...or.com, linux-kernel@...r.kernel.org, stable@...nel.org,
	ak@...ux.intel.com, tglx@...utronix.de,
	linux-tip-commits@...r.kernel.org
Subject: Re: [tip:perf/urgent] perf/x86/intel/lbr: Demand proper privileges
 for PERF_SAMPLE_BRANCH_KERNEL


* Peter Zijlstra <peterz@...radead.org> wrote:

> > > @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
> > >  	if (br_type & PERF_SAMPLE_BRANCH_USER)
> > >  		mask |= X86_BR_USER;
> > >  
> > > -	if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
> > > +	if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
> > > +		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
> > > +			return -EACCES;
> > 
> > It is probably not too late to amend this patch and remove the "-EACCES":
> > 
> > arch/x86/kernel/cpu/perf_event_intel_lbr.c: In function ???intel_pmu_setup_sw_lbr_filter???:
> > arch/x86/kernel/cpu/perf_event_intel_lbr.c:323:4: warning: ???return??? with a value, in function returning void [enabled by default]
> 
> Oh urgh, looks like I forgot a refresh before posting..
> 
> This one actually compiles a defconfig bzImage.
> 
> ---
> Subject: perf, x86, lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL
> From: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> Date: Fri May 03 14:07:49 CEST 2013
> 
> We should always have proper privileges when requesting kernel data.
> 
> Cc: Andi Kleen <ak@...ux.intel.com>
> Cc: eranian@...gle.com
> Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
> Link: http://lkml.kernel.org/n/tip-deb8yrh5fq2bijn5tlmezkmd@git.kernel.org
> ---
>  arch/x86/kernel/cpu/perf_event_intel_lbr.c |   15 +++++++++++----
>  1 file changed, 11 insertions(+), 4 deletions(-)
> 
> --- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> +++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
> @@ -310,7 +310,7 @@ void intel_pmu_lbr_read(void)
>   * - in case there is no HW filter
>   * - in case the HW filter has errata or limitations
>   */
> -static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
> +static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
>  {
>  	u64 br_type = event->attr.branch_sample_type;
>  	int mask = 0;
> @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filte
>  	if (br_type & PERF_SAMPLE_BRANCH_USER)
>  		mask |= X86_BR_USER;
>  
> -	if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
> +	if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
> +		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
> +			return -EACCES;
>  		mask |= X86_BR_KERNEL;
> +	}
>  
>  	/* we ignore BRANCH_HV here */
>  
> @@ -339,6 +342,8 @@ static void intel_pmu_setup_sw_lbr_filte
>  	 * be used by fixup code for some CPU
>  	 */
>  	event->hw.branch_reg.reg = mask;
> +
> +	return 0;
>  }
>  
>  /*
> @@ -375,7 +380,7 @@ static int intel_pmu_setup_hw_lbr_filter
>  
>  int intel_pmu_setup_lbr_filter(struct perf_event *event)
>  {
> -	int ret = 0;
> +	int ret;
>  
>  	/*
>  	 * no LBR on this PMU
> @@ -386,7 +391,9 @@ int intel_pmu_setup_lbr_filter(struct pe
>  	/*
>  	 * setup SW LBR filter
>  	 */
> -	intel_pmu_setup_sw_lbr_filter(event);
> +	ret = intel_pmu_setup_sw_lbr_filter(event);
> +	if (ret)
> +		return ret;
>  
>  	/*
>  	 * setup HW LBR filter, if any

That looks pretty close to what I did as well.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ