[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.10.1311051259370.22719@vincent-weaver-1.um.maine.edu>
Date: Tue, 5 Nov 2013 13:06:23 -0500 (EST)
From: Vince Weaver <vincent.weaver@...ne.edu>
To: Ingo Molnar <mingo@...nel.org>
cc: Vince Weaver <vincent.weaver@...ne.edu>,
linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...stprotocols.net>,
Dave Jones <davej@...hat.com>,
Frederic Weisbecker <fweisbec@...il.com>,
Jiri Olsa <jolsa@...hat.com>
Subject: Re: perf/ftrace lockup on 3.12-rc6 with trigger code
short summary: the check for root-only ftrace use is wrong
OK, so after wasting a lot of time on this, the underlying bug is just
that with the settings chosen by the fuzzer, the kernel gets stuck.
The function tracer keeps the CPU busy until interrupted by an interrupt,
which is then traced, but then another interrupt comes, etc, etc, and the
code never makes progress outside of the kernel.
So I was going to make the argument that this interface should be made
root only, because it is too easy for a regular user to trigger this and
DoS a machine.
But I did some digging, and the initial commit for 3.4 had this:
commit ced39002f5ea736b716ae233fb68b26d59783912
Author: Jiri Olsa <jolsa@...hat.com>
Date: Wed Feb 15 15:51:52 2012 +0100
....
diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
index d72af0b..fdeeb5c 100644
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -24,6 +24,11 @@ static int total_ref_count;
static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
struct perf_event *p_event)
{
+ /* The ftrace function trace is allowed only for root. */
+ if (ftrace_event_is_function(tp_event) &&
+ perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
The intention was to only allow root, but the check is wrong.
The poorly named
perf_paranoid_kernel()
does
static inline bool perf_paranoid_kernel(void)
{
return sysctl_perf_event_paranoid > 1;
}
But the "default" setting for paranoid is "1" (user and kernel access
allowed).
So the ftrace check never triggers EPERM unless someone has configured
paranoid to be the higher "2" value (user perf use only).
So this check should be fixed and propogated to stable and this bug that
keeps crashing all the fuzzers will become a much less critical "root
only" bug.
Vince
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists