[PATCH v2 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability

ses - made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN - applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system performance monitoring and observability related subsystems --- Alexey Budankov (7): capabilities: introduce CAP_SYS_PERFMON to kernel and

[PATCH v2 1/7] capabilities: introduce CAP_SYS_PERFMON to kernel and user space

//man7.org/linux/man-pages/man7/capabilities.7.html Signed-off-by: Alexey Budankov --- include/uapi/linux/capability.h | 8 +++- security/selinux/include/classmap.h | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/include/uapi/linux/capability.h b/include/

[PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- include/linux/perf_event.h | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 34c7c6910026..52313d2cc343 100644 --- a/include/linux/perf_event.h +++ b

[PATCH v2 3/7] perf tool: extend Perf tool with CAP_SYS_PERFMON capability support

/html/latest/admin-guide/perf-security.html Signed-off-by: Alexey Budankov --- tools/perf/design.txt | 3 ++- tools/perf/util/cap.h | 4 tools/perf/util/evsel.c | 10 +- tools/perf/util/util.c | 1 + 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/tools/perf

[PATCH v2 4/7] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index e42b86827d6b..8a9ff40b1b0b 100644 --- a/drivers/gpu/drm

[PATCH v2 5/7] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 44bd08f2443b..0231bb363ef9 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c

[PATCH v2 6/7] powerpc/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- arch/powerpc/perf/imc-pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/perf/imc-pmu.c b/arch/powerpc/perf/imc-pmu.c index cb50a9e1fd2d..d8f936d1d6cc 100644 --- a/arch/powerpc/perf/imc-pmu.c +++ b/arch/powerpc/perf/imc-pmu.c

[PATCH v2 7/7] parisc/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- arch/parisc/kernel/perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/parisc/kernel/perf.c b/arch/parisc/kernel/perf.c index 676683641d00..58e7d1444e4f 100644 --- a/arch/parisc/kernel/perf.c +++ b/arch/parisc/kernel/perf.c @@ -300,7 +300,7

Re: [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process

On 16.12.2019 19:12, Lubashev, Igor wrote: > On Mon, Dec 16, 2019 at 2:15 AM, Alexey Budankov > wrote: >> >> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged >> processes. >> For backward compatibility reasons access to perf_events subsystem rem

Re: [PATCH v2 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process

On 16.12.2019 19:12, Lubashev, Igor wrote: > On Mon, Dec 16, 2019 at 2:15 AM, Alexey Budankov > wrote: >> >> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged >> processes. >> For backward compatibility reasons access to perf_events

[PATCH v3 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability

subsystems --- Alexey Budankov (7): capabilities: introduce CAP_SYS_PERFMON to kernel and user space perf/core: open access for CAP_SYS_PERFMON privileged process perf tool: extend Perf tool with CAP_SYS_PERFMON capability support drm/i915/perf: open access for CAP_SYS_PERFMON privileg

[PATCH v3 1/7] capabilities: introduce CAP_SYS_PERFMON to kernel and user space

amount of CAP_SYS_ADMIN credentials in accordance with the recommendations provided in the man page for CAP_SYS_ADMIN [1]: "Note: this capability is overloaded; see Notes to kernel developers, below." [1] http://man7.org/linux/man-pages/man7/capabilities.7.html Signed-off-by: Alexe

[PATCH v3 2/7] perf/core: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- include/linux/perf_event.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 34c7c6910026..f46acd69425f 100644 --- a/include/linux/perf_event.h +++ b

[PATCH v3 3/7] perf tool: extend Perf tool with CAP_SYS_PERFMON capability support

Extend error messages to mention CAP_SYS_PERFMON capability as an option to substitute CAP_SYS_ADMIN capability for secure system performance monitoring and observability. Make perf_event_paranoid_check() to be aware of CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- tools/perf

[PATCH v3 4/7] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index e42b86827d6b..e2697f8d04de 100644 --- a/drivers/gpu/drm

[PATCH v3 5/7] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 44bd08f2443b..bafe21ac6d92 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c

[PATCH v3 6/7] powerpc/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- arch/powerpc/perf/imc-pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/perf/imc-pmu.c b/arch/powerpc/perf/imc-pmu.c index cb50a9e1fd2d..e837717492e4 100644 --- a/arch/powerpc/perf/imc-pmu.c +++ b/arch/powerpc/perf/imc-pmu.c

[PATCH v3 7/7] parisc/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- arch/parisc/kernel/perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/parisc/kernel/perf.c b/arch/parisc/kernel/perf.c index 676683641d00..c4208d027794 100644 --- a/arch/parisc/kernel/perf.c +++ b/arch/parisc/kernel/perf.c @@ -300,7 +300,7

Re: [Intel-gfx] [PATCH v3 4/7] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process

On 17.12.2019 12:45, Lionel Landwerlin wrote: > On 16/12/2019 22:03, Alexey Budankov wrote: >> Open access to i915_perf monitoring for CAP_SYS_PERFMON privileged processes. >> For backward compatibility reasons access to i915_perf subsystem remains open >> for CAP_SYS_ADMIN

[PATCH v4 0/7] Introduce CAP_SYS_PERFMON to secure system performance monitoring and observability

ervability related subsystems --- Alexey Budankov (9): capabilities: introduce CAP_SYS_PERFMON to kernel and user space perf/core: open access for CAP_SYS_PERFMON privileged process perf tool: extend Perf tool with CAP_SYS_PERFMON capability support drm/i915/perf: open access for CAP_S

[PATCH v4 1/9] capabilities: introduce CAP_SYS_PERFMON to kernel and user space

ml Signed-off-by: Alexey Budankov --- include/linux/capability.h | 4 include/uapi/linux/capability.h | 8 +++- security/selinux/include/classmap.h | 4 ++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capabili

[PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- include/linux/perf_event.h | 6 +++--- kernel/events/core.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 34c7c6910026..f46acd69425f 100644 --- a

[PATCH v4 3/9] perf tool: extend Perf tool with CAP_SYS_PERFMON capability support

: Alexey Budankov --- tools/perf/builtin-ftrace.c | 5 +++-- tools/perf/design.txt | 3 ++- tools/perf/util/cap.h | 4 tools/perf/util/evsel.c | 10 +- tools/perf/util/util.c | 1 + 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/tools/perf/builtin

[PATCH v4 4/9] drm/i915/perf: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index e42b86827d6b..e2697f8d04de 100644 --- a/drivers/gpu/drm

[PATCH v4 5/9] trace/bpf_trace: open access for CAP_SYS_PERFMON privileged process

CAP_SYS_PERFMON capability. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 44bd08f2443b..bafe21ac6d92 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c

[PATCH v4 6/9] powerpc/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- arch/powerpc/perf/imc-pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/perf/imc-pmu.c b/arch/powerpc/perf/imc-pmu.c index cb50a9e1fd2d..e837717492e4 100644 --- a/arch/powerpc/perf/imc-pmu.c +++ b/arch/powerpc/perf/imc-pmu.c

[PATCH v4 7/9] parisc/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- arch/parisc/kernel/perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/parisc/kernel/perf.c b/arch/parisc/kernel/perf.c index 676683641d00..c4208d027794 100644 --- a/arch/parisc/kernel/perf.c +++ b/arch/parisc/kernel/perf.c @@ -300,7 +300,7

[PATCH v4 8/9] drivers/perf: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- drivers/perf/arm_spe_pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c index 4e4984a55cd1..5dff81bc3324 100644 --- a/drivers/perf/arm_spe_pmu.c +++ b/drivers/perf/arm_spe_pmu.c @@ -274,7

[PATCH v4 9/9] drivers/oprofile: open access for CAP_SYS_PERFMON privileged process

-by: Alexey Budankov --- drivers/oprofile/event_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/oprofile/event_buffer.c b/drivers/oprofile/event_buffer.c index 12ea4a4ad607..6c9edc8bbc95 100644 --- a/drivers/oprofile/event_buffer.c +++ b/drivers/oprofile

Re: [PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process

On 08.01.2020 19:07, Peter Zijlstra wrote: > On Wed, Dec 18, 2019 at 12:25:35PM +0300, Alexey Budankov wrote: >> >> Open access to perf_events monitoring for CAP_SYS_PERFMON privileged >> processes. For backward compatibility reasons access to perf_events >>

Re: [PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process

On 10.01.2020 17:02, Peter Zijlstra wrote: > On Thu, Jan 09, 2020 at 02:36:50PM +0300, Alexey Budankov wrote: >> On 08.01.2020 19:07, Peter Zijlstra wrote: >>> On Wed, Dec 18, 2019 at 12:25:35PM +0300, Alexey Budankov wrote: > >>>> diff --git a/kernel/eve

Re: [PATCH v4 2/9] perf/core: open access for CAP_SYS_PERFMON privileged process

On 10.01.2020 17:02, Peter Zijlstra wrote: > On Thu, Jan 09, 2020 at 02:36:50PM +0300, Alexey Budankov wrote: >> On 08.01.2020 19:07, Peter Zijlstra wrote: >>> On Wed, Dec 18, 2019 at 12:25:35PM +0300, Alexey Budankov wrote: > >>>> diff --git a/kernel/eve

Re: [PATCH v4 8/9] drivers/perf: open access for CAP_SYS_PERFMON privileged process

On 17.01.2020 13:51, Will Deacon wrote: > On Wed, Dec 18, 2019 at 12:30:29PM +0300, Alexey Budankov wrote: >> >> Open access to monitoring for CAP_SYS_PERFMON privileged processes. >> For backward compatibility reasons access to the monitoring remains open >> f

[PATCH v5 0/10] Introduce CAP_PERFMON to secure system performance monitoring and observability

ON equally to CAP_SYS_ADMIN - applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system performance monitoring and observability related subsystems --- Alexey Budankov (10): capabilities: introduce CAP_PERFMON to kernel and user space perf/core: open access to the core for C

[PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

tions. [1] http://man7.org/linux/man-pages/man7/capabilities.7.html [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html Signed-off-by: Alexey Budankov --- include/linux/capability.h

[PATCH v5 02/10] perf/core: open access to the core for CAP_PERFMON privileged process

is discouraged with respect to CAP_PERFMON capability. Providing the access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes operation more secure. Signed-off-by: Alexey Budankov --- include/linux

[PATCH v5 03/10] perf/core: open access to anon probes for CAP_PERFMON privileged process

treated as tracepoint events. eBPF defines new probes via perf_event_open syscall and then the probes are used in eBPF tracing. Signed-off-by: Alexey Budankov --- kernel/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events

[PATCH v5 04/10] perf tool: extend Perf tool with CAP_PERFMON capability support

Extend error messages to mention CAP_PERFMON capability as an option to substitute CAP_SYS_ADMIN capability for secure system performance monitoring and observability operations. Make perf_event_paranoid_check() and __cmd_ftrace() to be aware of CAP_PERFMON capability. Signed-off-by: Alexey

[PATCH v5 05/10] drm/i915/perf: open access for CAP_PERFMON privileged process

capability. Providing the access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes operations more secure. Signed-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 ++--- 1 file changed, 6

[PATCH v5 06/10] trace/bpf_trace: open access for CAP_PERFMON privileged process

capability. Providing the access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes operations more secure. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1

[PATCH v5 07/10] powerpc/perf: open access for CAP_PERFMON privileged process

access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes the operations more secure. Signed-off-by: Alexey Budankov --- arch/powerpc/perf/imc-pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff

[PATCH v5 08/10] parisc/perf: open access for CAP_PERFMON privileged process

access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes the operations more secure. Signed-off-by: Alexey Budankov --- arch/parisc/kernel/perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a

[PATCH v5 09/10] drivers/perf: open access for CAP_PERFMON privileged process

access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes the operations more secure. Signed-off-by: Alexey Budankov --- drivers/perf/arm_spe_pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff

[PATCH v5 10/10] drivers/oprofile: open access for CAP_PERFMON privileged process

access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes the operations more secure. Signed-off-by: Alexey Budankov --- drivers/oprofile/event_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 21.01.2020 17:43, Stephen Smalley wrote: > On 1/20/20 6:23 AM, Alexey Budankov wrote: >> >> Introduce CAP_PERFMON capability designed to secure system performance >> monitoring and observability operations so that CAP_PERFMON would assist >> CAP_SYS_ADMIN capabilit

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 21.01.2020 20:55, Alexei Starovoitov wrote: > On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov > wrote: >> >> >> On 21.01.2020 17:43, Stephen Smalley wrote: >>> On 1/20/20 6:23 AM, Alexey Budankov wrote: >>>> >>>> Introduce CAP

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 21.01.2020 21:27, Alexey Budankov wrote: > > On 21.01.2020 20:55, Alexei Starovoitov wrote: >> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov >> wrote: >>> >>> >>> On 21.01.2020 17:43, Stephen Smalley wrote: >>>> On 1/20/20 6:23 AM,

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 22.01.2020 17:07, Stephen Smalley wrote: > On 1/22/20 5:45 AM, Alexey Budankov wrote: >> >> On 21.01.2020 21:27, Alexey Budankov wrote: >>> >>> On 21.01.2020 20:55, Alexei Starovoitov wrote: >>>> On Tue, Jan 21, 2020 at 9:31 AM Alexey Budankov &g

[PATCH v6 00/10] Introduce CAP_PERFMON to secure system performance monitoring and observability

toring and observability related subsystems --- Alexey Budankov (10): capabilities: introduce CAP_PERFMON to kernel and user space perf/core: open access to the core for CAP_PERFMON privileged process perf/core: open access to probes for CAP_PERFMON privileged process perf tool: extend Perf

[PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

tions. [1] http://man7.org/linux/man-pages/man7/capabilities.7.html [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html Signed-off-by: Alexey Budankov --- include/linux/capability.h

[PATCH v6 02/10] perf/core: open access to the core for CAP_PERFMON privileged process

discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- include/linux/perf_event.h | 6 +++--- kernel/events/core.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 6d4c22aee384

[PATCH v6 03/10] perf/core: open access to probes for CAP_PERFMON privileged process

: Alexey Budankov --- kernel/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index d956c81bd310..c6453320ffea 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9088,7 +9088,7 @@ static int

[PATCH v6 04/10] perf tool: extend Perf tool with CAP_PERFMON capability support

CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- tools/perf/builtin-ftrace.c | 5 +++-- tools/perf/design.txt | 3 ++- tools/perf/util/cap.h | 4 tools/perf/util/evsel.c | 10 +- tools/perf/util/util.c | 1 + 5 files changed, 15 insertions(+), 8 deletions

[PATCH v6 05/10] drm/i915/perf: open access for CAP_PERFMON privileged process

. Signed-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index 2ae14bc14931..d89347861b7d 100644 --- a/drivers/gpu/drm/i915/i915_perf.c

[PATCH v6 06/10] trace/bpf_trace: open access for CAP_PERFMON privileged process

. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index e5ef4ae9edb5..334f1d71ebb1 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -1395,7 +1395,7

[PATCH v6 07/10] powerpc/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 08/10] parisc/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 09/10] drivers/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 10/10] drivers/oprofile: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 00/10] Introduce CAP_PERFMON to secure system performance monitoring and observability

subsystems --- Alexey Budankov (10): capabilities: introduce CAP_PERFMON to kernel and user space perf/core: open access to the core for CAP_PERFMON privileged process perf/core: open access to probes for CAP_PERFMON privileged process perf tool: extend Perf tool with CAP_PERFMON capability sup

[PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

pages/man7/capabilities.7.html [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html Signed-off-by: Alexey Budankov --- include/linux/capability.h | 4 include/uapi/linux/capability

[PATCH v6 02/10] perf/core: open access to the core for CAP_PERFMON privileged process

discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- include/linux/perf_event.h | 6 +++--- kernel/events/core.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 6d4c22aee384

[PATCH v6 03/10] perf/core: open access to probes for CAP_PERFMON privileged process

: Alexey Budankov --- kernel/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index d956c81bd310..c6453320ffea 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9088,7 +9088,7 @@ static int

[PATCH v6 04/10] perf tool: extend Perf tool with CAP_PERFMON capability support

CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- tools/perf/builtin-ftrace.c | 5 +++-- tools/perf/design.txt | 3 ++- tools/perf/util/cap.h | 4 tools/perf/util/evsel.c | 10 +- tools/perf/util/util.c | 1 + 5 files changed, 15 insertions(+), 8 deletions

[PATCH v6 05/10] drm/i915/perf: open access for CAP_PERFMON privileged process

-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index 2ae14bc14931..d89347861b7d 100644 --- a/drivers/gpu/drm/i915/i915_perf.c +++ b

[PATCH v6 06/10] trace/bpf_trace: open access for CAP_PERFMON privileged process

. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index e5ef4ae9edb5..334f1d71ebb1 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -1395,7 +1395,7

[PATCH v6 07/10] powerpc/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 08/10] parisc/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 09/10] drivers/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v6 10/10] drivers/oprofile: open access for CAP_PERFMON privileged process

for the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 22.01.2020 17:25, Alexey Budankov wrote: > > On 22.01.2020 17:07, Stephen Smalley wrote: >> On 1/22/20 5:45 AM, Alexey Budankov wrote: >>> >>> On 21.01.2020 21:27, Alexey Budankov wrote: >>>> >>>> On 21.01.2020 20:55, Alexei Starovoit

Re: [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 06.02.2020 21:23, Stephen Smalley wrote: > On 2/5/20 12:30 PM, Alexey Budankov wrote: >> >> Introduce CAP_PERFMON capability designed to secure system performance >> monitoring and observability operations so that CAP_PERFMON would assist >> CAP_SYS_ADMIN capabilit

Re: [PATCH v6 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 06.02.2020 21:30, Stephen Smalley wrote: > On 2/6/20 1:26 PM, Alexey Budankov wrote: >> >> On 06.02.2020 21:23, Stephen Smalley wrote: >>> On 2/5/20 12:30 PM, Alexey Budankov wrote: >>>> >>>> Introduce CAP_PERFMON capability designed

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 07.02.2020 14:38, Thomas Gleixner wrote: > Alexey Budankov writes: >> On 22.01.2020 17:25, Alexey Budankov wrote: >>> On 22.01.2020 17:07, Stephen Smalley wrote: >>>>> It keeps the implementation simple and readable. The implementation is >>>>&g

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

Hi Stephen, On 22.01.2020 17:07, Stephen Smalley wrote: > On 1/22/20 5:45 AM, Alexey Budankov wrote: >> >> On 21.01.2020 21:27, Alexey Budankov wrote: >>> >>> On 21.01.2020 20:55, Alexei Starovoitov wrote: >>>> On Tue, Jan 21, 2020 at 9:31 AM Alex

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 12.02.2020 16:32, Stephen Smalley wrote: > On 2/12/20 3:53 AM, Alexey Budankov wrote: >> Hi Stephen, >> >> On 22.01.2020 17:07, Stephen Smalley wrote: >>> On 1/22/20 5:45 AM, Alexey Budankov wrote: >>>> >>>> On 21.01.2020 21:27, Alexey B

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 12.02.2020 18:21, Stephen Smalley wrote: > On 2/12/20 8:53 AM, Alexey Budankov wrote: >> On 12.02.2020 16:32, Stephen Smalley wrote: >>> On 2/12/20 3:53 AM, Alexey Budankov wrote: >>>> Hi Stephen, >>>> >>>> On 22.01.2020 17:07, Stephen Sm

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 12.02.2020 18:45, Stephen Smalley wrote: > On 2/12/20 10:21 AM, Stephen Smalley wrote: >> On 2/12/20 8:53 AM, Alexey Budankov wrote: >>> On 12.02.2020 16:32, Stephen Smalley wrote: >>>> On 2/12/20 3:53 AM, Alexey Budankov wrote: >>>>> Hi Step

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 12.02.2020 20:09, Stephen Smalley wrote: > On 2/12/20 11:56 AM, Alexey Budankov wrote: >> >> >> On 12.02.2020 18:45, Stephen Smalley wrote: >>> On 2/12/20 10:21 AM, Stephen Smalley wrote: >>>> On 2/12/20 8:53 AM, Alexey Budankov wrote: >&g

[PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability

ailable to CAP_SYS_PERFMON privileged processes - made perf_event_paranoid_check() treat CAP_SYS_PERFMON equally to CAP_SYS_ADMIN - applied CAP_SYS_PERFMON to i915_perf, bpf_trace, powerpc and parisc system performance monitoring and observability related subsystems --- Alexey Bu

[PATCH v7 01/12] capabilities: introduce CAP_PERFMON to kernel and user space

pages/man7/capabilities.7.html [2] https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html [3] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html Signed-off-by: Alexey Budankov --- include/linux/capability.h | 4 include/uapi/linux/capability

[PATCH v7 02/12] perf/core: open access to the core for CAP_PERFMON privileged process

discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov --- include/linux/perf_event.h | 6 +++--- kernel/events/core.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 68e21e828893

[PATCH v7 03/12] perf/core: open access to probes for CAP_PERFMON privileged process

: Alexey Budankov --- kernel/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 46464367c47a..4564caa2c527 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9107,7 +9107,7 @@ static int

[PATCH v7 04/12] perf tool: extend Perf tool with CAP_PERFMON capability support

capability. Signed-off-by: Alexey Budankov --- tools/perf/builtin-ftrace.c | 5 +++-- tools/perf/design.txt | 3 ++- tools/perf/util/cap.h | 4 tools/perf/util/evsel.c | 10 +- tools/perf/util/util.c | 1 + 5 files changed, 15 insertions(+), 8 deletions(-) diff --git

[PATCH v7 05/12] drm/i915/perf: open access for CAP_PERFMON privileged process

. Signed-off-by: Alexey Budankov --- drivers/gpu/drm/i915/i915_perf.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index 0f556d80ba36..a3f32bd0aa47 100644 --- a/drivers/gpu/drm/i915/i915_perf.c

[PATCH v7 06/12] trace/bpf_trace: open access for CAP_PERFMON privileged process

. Signed-off-by: Alexey Budankov --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 19e793aa441a..70e8249eebe5 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -1416,7 +1416,7

[PATCH v7 07/12] powerpc/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v7 08/12] parisc/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v7 09/12] drivers/perf: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v7 10/12] drivers/oprofile: open access for CAP_PERFMON privileged process

the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov

[PATCH v7 11/12] doc/admin-guide: update perf-security.rst with CAP_PERFMON information

Update perf-security.rst documentation file with the information related to usage of CAP_PERFMON capability to secure performance monitoring and observability operations in system. Signed-off-by: Alexey Budankov --- Documentation/admin-guide/perf-security.rst | 65 + 1

[PATCH v7 12/12] doc/admin-guide: update kernel.rst with CAP_PERFMON information

Update kernel.rst documentation file with the information related to usage of CAP_PERFMON capability to secure performance monitoring and observability operations in system. Signed-off-by: Alexey Budankov --- Documentation/admin-guide/sysctl/kernel.rst | 16 +++- 1 file changed

Re: [PATCH v7 01/12] capabilities: introduce CAP_PERFMON to kernel and user space

On 18.02.2020 22:21, James Morris wrote: > On Mon, 17 Feb 2020, Alexey Budankov wrote: > >> >> Introduce CAP_PERFMON capability designed to secure system performance >> monitoring and observability operations so that CAP_PERFMON would assist >> CAP_SYS_ADMIN capabi

Re: [PATCH v5 01/10] capabilities: introduce CAP_PERFMON to kernel and user space

On 07.02.2020 16:39, Alexey Budankov wrote: > > On 07.02.2020 14:38, Thomas Gleixner wrote: >> Alexey Budankov writes: >>> On 22.01.2020 17:25, Alexey Budankov wrote: >>>> On 22.01.2020 17:07, Stephen Smalley wrote: >>>>>> It keeps the implem

Re: [PATCH v7 00/12] Introduce CAP_PERFMON to secure system performance monitoring and observability

Hi, Is there anything else I could do in order to move the changes forward or is something still missing from this patch set? Could you please share you mind? Thanks, Alexey On 17.02.2020 11:02, Alexey Budankov wrote: > > Currently access to perf_events, i915_perf and other perfo