Commit 0764771d authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Ingo Molnar

perf_counter: More paranoia settings

Rename the perf_counter_priv knob to perf_counter_paranoia (because
priv can be read as private, as opposed to privileged) and provide
one more level:

 0 - permissive
 1 - restrict cpu counters to privilidged contexts
 2 - restrict kernel-mode code counting and profiling
Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
parent 106b506c
...@@ -648,7 +648,7 @@ struct perf_callchain_entry { ...@@ -648,7 +648,7 @@ struct perf_callchain_entry {
extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs); extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs);
extern int sysctl_perf_counter_priv; extern int sysctl_perf_counter_paranoid;
extern int sysctl_perf_counter_mlock; extern int sysctl_perf_counter_mlock;
extern int sysctl_perf_counter_limit; extern int sysctl_perf_counter_limit;
......
...@@ -43,7 +43,23 @@ static atomic_t nr_counters __read_mostly; ...@@ -43,7 +43,23 @@ static atomic_t nr_counters __read_mostly;
static atomic_t nr_mmap_counters __read_mostly; static atomic_t nr_mmap_counters __read_mostly;
static atomic_t nr_comm_counters __read_mostly; static atomic_t nr_comm_counters __read_mostly;
int sysctl_perf_counter_priv __read_mostly; /* do we need to be privileged */ /*
* 0 - not paranoid
* 1 - disallow cpu counters to unpriv
* 2 - disallow kernel profiling to unpriv
*/
int sysctl_perf_counter_paranoid __read_mostly; /* do we need to be privileged */
static inline bool perf_paranoid_cpu(void)
{
return sysctl_perf_counter_paranoid > 0;
}
static inline bool perf_paranoid_kernel(void)
{
return sysctl_perf_counter_paranoid > 1;
}
int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */ int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */
int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */ int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */
...@@ -1385,7 +1401,7 @@ static struct perf_counter_context *find_get_context(pid_t pid, int cpu) ...@@ -1385,7 +1401,7 @@ static struct perf_counter_context *find_get_context(pid_t pid, int cpu)
*/ */
if (cpu != -1) { if (cpu != -1) {
/* Must be root to operate on a CPU counter: */ /* Must be root to operate on a CPU counter: */
if (sysctl_perf_counter_priv && !capable(CAP_SYS_ADMIN)) if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN))
return ERR_PTR(-EACCES); return ERR_PTR(-EACCES);
if (cpu < 0 || cpu > num_possible_cpus()) if (cpu < 0 || cpu > num_possible_cpus())
...@@ -3618,6 +3634,11 @@ SYSCALL_DEFINE5(perf_counter_open, ...@@ -3618,6 +3634,11 @@ SYSCALL_DEFINE5(perf_counter_open,
if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0) if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0)
return -EFAULT; return -EFAULT;
if (!attr.exclude_kernel) {
if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
return -EACCES;
}
/* /*
* Get the target context (task or percpu): * Get the target context (task or percpu):
*/ */
......
...@@ -916,9 +916,9 @@ static struct ctl_table kern_table[] = { ...@@ -916,9 +916,9 @@ static struct ctl_table kern_table[] = {
#ifdef CONFIG_PERF_COUNTERS #ifdef CONFIG_PERF_COUNTERS
{ {
.ctl_name = CTL_UNNUMBERED, .ctl_name = CTL_UNNUMBERED,
.procname = "perf_counter_privileged", .procname = "perf_counter_paranoid",
.data = &sysctl_perf_counter_priv, .data = &sysctl_perf_counter_paranoid,
.maxlen = sizeof(sysctl_perf_counter_priv), .maxlen = sizeof(sysctl_perf_counter_paranoid),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec, .proc_handler = &proc_dointvec,
}, },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment