perf_counter: More paranoia settings
Rename the perf_counter_priv knob to perf_counter_paranoia (because priv can be read as private, as opposed to privileged) and provide one more level: 0 - permissive 1 - restrict cpu counters to privilidged contexts 2 - restrict kernel-mode code counting and profiling Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Mike Galbraith <efault@gmx.de> Cc: Paul Mackerras <paulus@samba.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
This commit is contained in:
parent
106b506c3a
commit
0764771dab
3 changed files with 27 additions and 6 deletions
|
@ -648,7 +648,7 @@ struct perf_callchain_entry {
|
||||||
|
|
||||||
extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs);
|
extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs);
|
||||||
|
|
||||||
extern int sysctl_perf_counter_priv;
|
extern int sysctl_perf_counter_paranoid;
|
||||||
extern int sysctl_perf_counter_mlock;
|
extern int sysctl_perf_counter_mlock;
|
||||||
extern int sysctl_perf_counter_limit;
|
extern int sysctl_perf_counter_limit;
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,23 @@ static atomic_t nr_counters __read_mostly;
|
||||||
static atomic_t nr_mmap_counters __read_mostly;
|
static atomic_t nr_mmap_counters __read_mostly;
|
||||||
static atomic_t nr_comm_counters __read_mostly;
|
static atomic_t nr_comm_counters __read_mostly;
|
||||||
|
|
||||||
int sysctl_perf_counter_priv __read_mostly; /* do we need to be privileged */
|
/*
|
||||||
|
* 0 - not paranoid
|
||||||
|
* 1 - disallow cpu counters to unpriv
|
||||||
|
* 2 - disallow kernel profiling to unpriv
|
||||||
|
*/
|
||||||
|
int sysctl_perf_counter_paranoid __read_mostly; /* do we need to be privileged */
|
||||||
|
|
||||||
|
static inline bool perf_paranoid_cpu(void)
|
||||||
|
{
|
||||||
|
return sysctl_perf_counter_paranoid > 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline bool perf_paranoid_kernel(void)
|
||||||
|
{
|
||||||
|
return sysctl_perf_counter_paranoid > 1;
|
||||||
|
}
|
||||||
|
|
||||||
int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */
|
int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */
|
||||||
int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */
|
int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */
|
||||||
|
|
||||||
|
@ -1385,7 +1401,7 @@ static struct perf_counter_context *find_get_context(pid_t pid, int cpu)
|
||||||
*/
|
*/
|
||||||
if (cpu != -1) {
|
if (cpu != -1) {
|
||||||
/* Must be root to operate on a CPU counter: */
|
/* Must be root to operate on a CPU counter: */
|
||||||
if (sysctl_perf_counter_priv && !capable(CAP_SYS_ADMIN))
|
if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN))
|
||||||
return ERR_PTR(-EACCES);
|
return ERR_PTR(-EACCES);
|
||||||
|
|
||||||
if (cpu < 0 || cpu > num_possible_cpus())
|
if (cpu < 0 || cpu > num_possible_cpus())
|
||||||
|
@ -3618,6 +3634,11 @@ SYSCALL_DEFINE5(perf_counter_open,
|
||||||
if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0)
|
if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0)
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
|
if (!attr.exclude_kernel) {
|
||||||
|
if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
|
||||||
|
return -EACCES;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get the target context (task or percpu):
|
* Get the target context (task or percpu):
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -916,9 +916,9 @@ static struct ctl_table kern_table[] = {
|
||||||
#ifdef CONFIG_PERF_COUNTERS
|
#ifdef CONFIG_PERF_COUNTERS
|
||||||
{
|
{
|
||||||
.ctl_name = CTL_UNNUMBERED,
|
.ctl_name = CTL_UNNUMBERED,
|
||||||
.procname = "perf_counter_privileged",
|
.procname = "perf_counter_paranoid",
|
||||||
.data = &sysctl_perf_counter_priv,
|
.data = &sysctl_perf_counter_paranoid,
|
||||||
.maxlen = sizeof(sysctl_perf_counter_priv),
|
.maxlen = sizeof(sysctl_perf_counter_paranoid),
|
||||||
.mode = 0644,
|
.mode = 0644,
|
||||||
.proc_handler = &proc_dointvec,
|
.proc_handler = &proc_dointvec,
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue