lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d03e334a-ec7e-cd87-7f0b-ac7564266d3a@arm.com>
Date:   Mon, 11 Jul 2022 14:55:12 +0530
From:   Anshuman Khandual <anshuman.khandual@....com>
To:     Peter Zijlstra <peterz@...radead.org>,
        James Clark <james.clark@....com>
Cc:     linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        linux-perf-users@...r.kernel.org
Subject: Re: [PATCH] perf/core: Add macros for possible
 sysctl_perf_event_paranoid values



On 7/8/22 19:01, Peter Zijlstra wrote:
> On Fri, Jul 08, 2022 at 10:10:15AM +0100, James Clark wrote:
>>
>>
>> On 01/07/2022 07:39, Anshuman Khandual wrote:
>>> sysctl_perf_event_paranoid can have values from [-1, 0, 1, 2] which decides
>>> on perf event restrictions for unprivileged users. But using them directly
>>> makes it difficult to correlate exact restriction level they might impose.
>>> This just adds macros for those numerical restriction values, making them
>>> clear and improving readability.
>>>
>>> Cc: Peter Zijlstra <peterz@...radead.org>
>>> Cc: Ingo Molnar <mingo@...hat.com>
>>> Cc: Arnaldo Carvalho de Melo <acme@...nel.org>
>>> Cc: Mark Rutland <mark.rutland@....com>
>>> Cc: linux-perf-users@...r.kernel.org
>>> Cc: linux-kernel@...r.kernel.org
>>> Signed-off-by: Anshuman Khandual <anshuman.khandual@....com>
>>> ---
>>>  include/linux/perf_event.h | 22 ++++++++++++++++++----
>>>  kernel/events/core.c       |  9 +--------
>>>  kernel/kallsyms.c          |  3 ++-
>>>  3 files changed, 21 insertions(+), 13 deletions(-)
>>>
>>> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
>>> index da759560eec5..78156b9154df 100644
>>> --- a/include/linux/perf_event.h
>>> +++ b/include/linux/perf_event.h
>>> @@ -1359,14 +1359,28 @@ int perf_event_max_stack_handler(struct ctl_table *table, int write,
>>>  #define PERF_SECURITY_KERNEL		2
>>>  #define PERF_SECURITY_TRACEPOINT	3
>>>  
>>> +/*
>>> + * perf event paranoia level:
>>> + *  -1 - not paranoid at all
>>> + *   0 - disallow raw tracepoint access for unpriv
>>> + *   1 - disallow cpu events for unpriv
>>> + *   2 - disallow kernel profiling for unpriv
>>> + */
>>> +enum {
>>> +	PERF_EVENT_DISALLOW_NONE	= -1,
>>> +	PERF_EVENT_DISALLOW_TRACE,
>>> +	PERF_EVENT_DISALLOW_CPU,
>>> +	PERF_EVENT_DISALLOW_KERNEL
>>> +};
>>> +
>>>  static inline int perf_is_paranoid(void)
>>>  {
>>> -	return sysctl_perf_event_paranoid > -1;
>>> +	return sysctl_perf_event_paranoid > PERF_EVENT_DISALLOW_NONE;
>>>  }
>>>  
>>
>> Hi Anshuman,
>>
>> There are quite a few other instances of integers left in the tools code.
>> If you search for perf_event_paranoid_check() and perf_event_paranoid()
>> you will find them.
>>
>> I'm also wondering if it makes sense to return your new enum from all of
>> the helper functions instead of an int and make it explicit that it's
>> an instance of this new type? Although the compiler doesn't seem to warn
>> about using integers so maybe it's not worth doing this.
> 
> so I don't see the point of all this; it's already wrapped in these
> helper functions that have a descriptive name, why do we need more muck
> on top?

Enumerating [-1, 0, 1, 2] paranoid range values in kernel too, does not add
much value as well ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ