Re: perf/ftrace lockup on 3.12-rc6 with trigger code

Tue, 05 Nov 2013 09:59:40 -0800 

short summary: the check for root-only ftrace use is wrong


OK, so after wasting a lot of time on this, the underlying bug is just
that with the settings chosen by the fuzzer, the kernel gets stuck.
The function tracer keeps the CPU busy until interrupted by an interrupt, 
which is then traced, but then another interrupt comes, etc, etc, and the 
code never makes progress outside of the kernel.

So I was going to make the argument that this interface should be made 
root only, because it is too easy for a regular user to trigger this and
DoS a machine.

But I did some digging, and the initial commit for 3.4 had this:

commit ced39002f5ea736b716ae233fb68b26d59783912
Author: Jiri Olsa <jo...@redhat.com>
Date:   Wed Feb 15 15:51:52 2012 +0100

....

diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
index d72af0b..fdeeb5c 100644
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -24,6 +24,11 @@ static int   total_ref_count;
 static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
                                 struct perf_event *p_event)
 {
+       /* The ftrace function trace is allowed only for root. */
+       if (ftrace_event_is_function(tp_event) &&
+           perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+               return -EPERM;
+

The intention was to only allow root, but the check is wrong.

The poorly named
        perf_paranoid_kernel()

does

static inline bool perf_paranoid_kernel(void)
{
         return sysctl_perf_event_paranoid > 1;
}

But the "default" setting for paranoid is "1" (user and kernel access 
allowed).

So the ftrace check never triggers EPERM unless someone has configured 
paranoid to be the higher "2" value (user perf use only).

So this check should be fixed and propogated to stable and this bug that 
keeps crashing all the fuzzers will become a much less critical "root 
only" bug.

Vince
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to