diff mbox series

[1/3] perf: Add capability-related utilities

Message ID 1562112605-6235-2-git-send-email-ilubashe@akamai.com (mailing list archive)
State New, archived
Headers show
Series perf: Use capabilities instead of uid and euid | expand

Commit Message

Lubashev, Igor July 3, 2019, 12:10 a.m. UTC 
Add utilities to help checking capabilities of the running process.
Make perf link with libcap.

Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
---
 tools/perf/Makefile.config         |  2 +-
 tools/perf/util/Build              |  1 +
 tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
 tools/perf/util/cap.h              | 10 ++++++++++
 tools/perf/util/event.h            |  1 +
 tools/perf/util/python-ext-sources |  1 +
 tools/perf/util/util.c             |  9 +++++++++
 7 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 tools/perf/util/cap.c
 create mode 100644 tools/perf/util/cap.h

Comments

Jiri Olsa July 16, 2019, 8:46 a.m. UTC | #1 
On Tue, Jul 02, 2019 at 08:10:03PM -0400, Igor Lubashev wrote:
> Add utilities to help checking capabilities of the running process.
> Make perf link with libcap.
> 
> Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
> ---
>  tools/perf/Makefile.config         |  2 +-
>  tools/perf/util/Build              |  1 +
>  tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
>  tools/perf/util/cap.h              | 10 ++++++++++
>  tools/perf/util/event.h            |  1 +
>  tools/perf/util/python-ext-sources |  1 +
>  tools/perf/util/util.c             |  9 +++++++++
>  7 files changed, 47 insertions(+), 1 deletion(-)
>  create mode 100644 tools/perf/util/cap.c
>  create mode 100644 tools/perf/util/cap.h
> 
> diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
> index 85fbcd265351..21470a50ed39 100644
> --- a/tools/perf/Makefile.config
> +++ b/tools/perf/Makefile.config
> @@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
>  # adding assembler files missing the .GNU-stack linker note.
>  LDFLAGS += -Wl,-z,noexecstack
>  
> -EXTLIBS = -lpthread -lrt -lm -ldl
> +EXTLIBS = -lpthread -lrt -lm -ldl -lcap

I wonder we should detect libcap or it's everywhere.. Arnaldo's compile test suite might tell

jirka
Arnaldo Carvalho de Melo July 17, 2019, 9:05 p.m. UTC | #2 
Em Tue, Jul 16, 2019 at 10:46:43AM +0200, Jiri Olsa escreveu:
> On Tue, Jul 02, 2019 at 08:10:03PM -0400, Igor Lubashev wrote:
> > Add utilities to help checking capabilities of the running process.
> > Make perf link with libcap.
> > 
> > Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
> > ---
> >  tools/perf/Makefile.config         |  2 +-
> >  tools/perf/util/Build              |  1 +
> >  tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
> >  tools/perf/util/cap.h              | 10 ++++++++++
> >  tools/perf/util/event.h            |  1 +
> >  tools/perf/util/python-ext-sources |  1 +
> >  tools/perf/util/util.c             |  9 +++++++++
> >  7 files changed, 47 insertions(+), 1 deletion(-)
> >  create mode 100644 tools/perf/util/cap.c
> >  create mode 100644 tools/perf/util/cap.h
> > 
> > diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
> > index 85fbcd265351..21470a50ed39 100644
> > --- a/tools/perf/Makefile.config
> > +++ b/tools/perf/Makefile.config
> > @@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
> >  # adding assembler files missing the .GNU-stack linker note.
> >  LDFLAGS += -Wl,-z,noexecstack
> >  
> > -EXTLIBS = -lpthread -lrt -lm -ldl
> > +EXTLIBS = -lpthread -lrt -lm -ldl -lcap
> 
> I wonder we should detect libcap or it's everywhere.. Arnaldo's compile test suite might tell

I'll add this tentatively and try to build it in my test suite.

- Arnaldo
Arnaldo Carvalho de Melo July 17, 2019, 11:46 p.m. UTC | #3 
Em Wed, Jul 17, 2019 at 06:05:51PM -0300, Arnaldo Carvalho de Melo escreveu:
> Em Tue, Jul 16, 2019 at 10:46:43AM +0200, Jiri Olsa escreveu:
> > On Tue, Jul 02, 2019 at 08:10:03PM -0400, Igor Lubashev wrote:
> > > Add utilities to help checking capabilities of the running process.
> > > Make perf link with libcap.
> > > 
> > > Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
> > > ---
> > >  tools/perf/Makefile.config         |  2 +-
> > >  tools/perf/util/Build              |  1 +
> > >  tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
> > >  tools/perf/util/cap.h              | 10 ++++++++++
> > >  tools/perf/util/event.h            |  1 +
> > >  tools/perf/util/python-ext-sources |  1 +
> > >  tools/perf/util/util.c             |  9 +++++++++
> > >  7 files changed, 47 insertions(+), 1 deletion(-)
> > >  create mode 100644 tools/perf/util/cap.c
> > >  create mode 100644 tools/perf/util/cap.h
> > > 
> > > diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
> > > index 85fbcd265351..21470a50ed39 100644
> > > --- a/tools/perf/Makefile.config
> > > +++ b/tools/perf/Makefile.config
> > > @@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
> > >  # adding assembler files missing the .GNU-stack linker note.
> > >  LDFLAGS += -Wl,-z,noexecstack
> > >  
> > > -EXTLIBS = -lpthread -lrt -lm -ldl
> > > +EXTLIBS = -lpthread -lrt -lm -ldl -lcap
> > 
> > I wonder we should detect libcap or it's everywhere.. Arnaldo's compile test suite might tell
> 
> I'll add this tentatively and try to build it in my test suite.

So, not even in my notebook this worked straight away:

  CC       /tmp/build/perf/util/cap.o
  CC       /tmp/build/perf/util/config.o
In file included from util/cap.c:5:
util/cap.h:6:10: fatal error: sys/capability.h: No such file or directory
    6 | #include <sys/capability.h>
      |          ^~~~~~~~~~~~~~~~~~
compilation terminated.
mv: cannot stat '/tmp/build/perf/util/.cap.o.tmp': No such file or directory


I had to first do:

dnf install libcap-devel

So we need to have a feature test and fail if that is not installed,
i.e. libcap becomes a hard req for building perf, which I think is
reasonable, one more shouldn't hurt, right?

With all the features enabled:

[acme@quaco perf]$ ldd ~/bin/perf
	linux-vdso.so.1 (0x00007ffe7278a000)
	libunwind-x86_64.so.8 => /lib64/libunwind-x86_64.so.8 (0x00007f7be52f1000)
	libunwind.so.8 => /lib64/libunwind.so.8 (0x00007f7be52d7000)
	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f7be52ae000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7be528d000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f7be5283000)
	libm.so.6 => /lib64/libm.so.6 (0x00007f7be513d000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f7be5135000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f7be512e000)
	libelf.so.1 => /lib64/libelf.so.1 (0x00007f7be5113000)
	libdw.so.1 => /lib64/libdw.so.1 (0x00007f7be50c0000)
	libslang.so.2 => /lib64/libslang.so.2 (0x00007f7be4de8000)
	libperl.so.5.28 => /lib64/libperl.so.5.28 (0x00007f7be4ac2000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f7be48fa000)
	libpython2.7.so.1.0 => /lib64/libpython2.7.so.1.0 (0x00007f7be4690000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f7be4676000)
	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007f7be45d1000)
	libnuma.so.1 => /lib64/libnuma.so.1 (0x00007f7be45c3000)
	libbabeltrace-ctf.so.1 => /lib64/libbabeltrace-ctf.so.1 (0x00007f7be456d000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f7be4551000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f7be5331000)
	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f7be453d000)
	libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007f7be4502000)
	libutil.so.1 => /lib64/libutil.so.1 (0x00007f7be44fd000)
	libbabeltrace.so.1 => /lib64/libbabeltrace.so.1 (0x00007f7be44ed000)
	libpopt.so.0 => /lib64/libpopt.so.0 (0x00007f7be44dd000)
	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f7be44d3000)
	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00007f7be44cd000)
	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007f7be43a9000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f7be4335000)
[acme@quaco perf]$

;-)

So, please check tools/build/feature/ and check how this is done and add
a test and the warning in tools/perf/Makefile.config so that we get an
error message stating that libcap-dev or libcap-devel should be
installed.

I'll do it if there is any difficulty, just not right now as I'm busy
and want to get a pull req out of the door.

- Arnaldo
Arnaldo Carvalho de Melo July 17, 2019, 11:48 p.m. UTC | #4 
Em Wed, Jul 17, 2019 at 08:46:52PM -0300, Arnaldo Carvalho de Melo escreveu:
> I'll do it if there is any difficulty, just not right now as I'm busy
> and want to get a pull req out of the door.

Also please find the first patch fixed up wrt a conflict with the
pythong binding, please use it instead as that is what applies to my
current perf/core branch.

It has the ack from Alexey and one I think Jiri would provide, judging
from his positive tone to the patches :)

- Arnaldo

commit 8048a0884a3f98bae2434d141711d72382b784b0
Author: Igor Lubashev <ilubashe@akamai.com>
Date:   Wed Jul 17 20:39:03 2019 -0300

    perf tools: Add capability-related utilities
    
    Add utilities to help checking capabilities of the running process.
    Make perf link with libcap.
    
    Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
    Acked-by: Alexey Budankov <alexey.budankov@linux.intel.com>
    Acked-by: Jiri Olsa <jolsa@kernel.org>
    CC: Alexander Shishkin <alexander.shishkin@linux.intel.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
    Cc: Namhyung Kim <namhyung@kernel.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
    Link: https://lkml.kernel.org/r/1562112605-6235-2-git-send-email-ilubashe@akamai.com
    Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index 89ac5a1f1550..b9cf084f32d7 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
 # adding assembler files missing the .GNU-stack linker note.
 LDFLAGS += -Wl,-z,noexecstack
 
-EXTLIBS = -lpthread -lrt -lm -ldl
+EXTLIBS = -lpthread -lrt -lm -ldl -lcap
 
 ifeq ($(FEATURES_DUMP),)
 include $(srctree)/tools/build/Makefile.feature
diff --git a/tools/perf/util/Build b/tools/perf/util/Build
index 14f812bb07a7..61ed1a3005d4 100644
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
@@ -1,6 +1,7 @@
 perf-y += annotate.o
 perf-y += block-range.o
 perf-y += build-id.o
+perf-y += cap.o
 perf-y += config.o
 perf-y += ctype.o
 perf-y += db-export.o
diff --git a/tools/perf/util/cap.c b/tools/perf/util/cap.c
new file mode 100644
index 000000000000..c42ea32663cf
--- /dev/null
+++ b/tools/perf/util/cap.c
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Capability utilities
+ */
+#include "cap.h"
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap)
+{
+	cap_flag_value_t val;
+	cap_t caps = cap_get_proc();
+
+	if (!caps)
+		return false;
+
+	if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val) != 0)
+		val = CAP_CLEAR;
+
+	if (cap_free(caps) != 0)
+		return false;
+
+	return val == CAP_SET;
+}
diff --git a/tools/perf/util/cap.h b/tools/perf/util/cap.h
new file mode 100644
index 000000000000..5521de78b228
--- /dev/null
+++ b/tools/perf/util/cap.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __PERF_CAP_H
+#define __PERF_CAP_H
+
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap);
+
+#endif /* __PERF_CAP_H */
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 1f1da6082806..b4128f72f2e8 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -851,6 +851,7 @@ void  cpu_map_data__synthesize(struct cpu_map_data *data, struct cpu_map *map,
 void event_attr_init(struct perf_event_attr *attr);
 
 int perf_event_paranoid(void);
+bool perf_event_paranoid_check(int max_level);
 
 extern int sysctl_perf_event_max_stack;
 extern int sysctl_perf_event_max_contexts_per_stack;
diff --git a/tools/perf/util/python-ext-sources b/tools/perf/util/python-ext-sources
index ceb8afdf9a89..afba10684b65 100644
--- a/tools/perf/util/python-ext-sources
+++ b/tools/perf/util/python-ext-sources
@@ -9,6 +9,7 @@ util/python.c
 ../lib/ctype.c
 util/evlist.c
 util/evsel.c
+util/cap.c
 util/cpumap.c
 util/memswap.c
 util/mmap.c
diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c
index a61535cf1bca..4f0da8a03697 100644
--- a/tools/perf/util/util.c
+++ b/tools/perf/util/util.c
@@ -16,10 +16,12 @@
 #include <string.h>
 #include <errno.h>
 #include <limits.h>
+#include <linux/capability.h>
 #include <linux/kernel.h>
 #include <linux/log2.h>
 #include <linux/time64.h>
 #include <unistd.h>
+#include "cap.h"
 #include "strlist.h"
 #include "string2.h"
 
@@ -443,6 +445,13 @@ int perf_event_paranoid(void)
 
 	return value;
 }
+
+bool perf_event_paranoid_check(int max_level)
+{
+	return perf_cap__capable(CAP_SYS_ADMIN) ||
+			perf_event_paranoid() <= max_level;
+}
+
 static int
 fetch_ubuntu_kernel_version(unsigned int *puint)
 {
Lubashev, Igor July 18, 2019, 9 p.m. UTC | #5 
Thanks for the suggestion!  I'll try to add a test for libcap to the patch series as v2 of the series.  Probably not next week, though (IETF week).

- Igor

> On Wed, July 17, 2019 7:47 PM Arnaldo Carvalho de Melo wrote:
> 
> Em Wed, Jul 17, 2019 at 06:05:51PM -0300, Arnaldo Carvalho de Melo escreveu:
> > Em Tue, Jul 16, 2019 at 10:46:43AM +0200, Jiri Olsa escreveu:
> > > On Tue, Jul 02, 2019 at 08:10:03PM -0400, Igor Lubashev wrote:
> > > > Add utilities to help checking capabilities of the running process.
> > > > Make perf link with libcap.
> > > >
> > > > Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
> > > > ---
> > > >  tools/perf/Makefile.config         |  2 +-
> > > >  tools/perf/util/Build              |  1 +
> > > >  tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
> > > >  tools/perf/util/cap.h              | 10 ++++++++++
> > > >  tools/perf/util/event.h            |  1 +
> > > >  tools/perf/util/python-ext-sources |  1 +
> > > >  tools/perf/util/util.c             |  9 +++++++++
> > > >  7 files changed, 47 insertions(+), 1 deletion(-)
> > > >  create mode 100644 tools/perf/util/cap.c
> > > >  create mode 100644 tools/perf/util/cap.h
> > > >
> > > > diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
> > > > index 85fbcd265351..21470a50ed39 100644
> > > > --- a/tools/perf/Makefile.config
> > > > +++ b/tools/perf/Makefile.config
> > > > @@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing
> > > >  # adding assembler files missing the .GNU-stack linker note.
> > > >  LDFLAGS += -Wl,-z,noexecstack
> > > >
> > > > -EXTLIBS = -lpthread -lrt -lm -ldl
> > > > +EXTLIBS = -lpthread -lrt -lm -ldl -lcap
> > >
> > > I wonder we should detect libcap or it's everywhere.. Arnaldo's compile test
> suite might tell
> >
> > I'll add this tentatively and try to build it in my test suite.
> 
> So, not even in my notebook this worked straight away:
> 
>   CC       /tmp/build/perf/util/cap.o
>   CC       /tmp/build/perf/util/config.o
> In file included from util/cap.c:5:
> util/cap.h:6:10: fatal error: sys/capability.h: No such file or directory
>     6 | #include <sys/capability.h>
>       |          ^~~~~~~~~~~~~~~~~~
> compilation terminated.
> mv: cannot stat '/tmp/build/perf/util/.cap.o.tmp': No such file or directory
> 
> 
> I had to first do:
> 
> dnf install libcap-devel
> 
> So we need to have a feature test and fail if that is not installed,
> i.e. libcap becomes a hard req for building perf, which I think is
> reasonable, one more shouldn't hurt, right?
> 
> With all the features enabled:
> 
> [acme@quaco perf]$ ldd ~/bin/perf
> 	linux-vdso.so.1 (0x00007ffe7278a000)
> 	libunwind-x86_64.so.8 => /lib64/libunwind-x86_64.so.8
> (0x00007f7be52f1000)
> 	libunwind.so.8 => /lib64/libunwind.so.8 (0x00007f7be52d7000)
> 	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f7be52ae000)
> 	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7be528d000)
> 	librt.so.1 => /lib64/librt.so.1 (0x00007f7be5283000)
> 	libm.so.6 => /lib64/libm.so.6 (0x00007f7be513d000)
> 	libdl.so.2 => /lib64/libdl.so.2 (0x00007f7be5135000)
> 	libcap.so.2 => /lib64/libcap.so.2 (0x00007f7be512e000)
> 	libelf.so.1 => /lib64/libelf.so.1 (0x00007f7be5113000)
> 	libdw.so.1 => /lib64/libdw.so.1 (0x00007f7be50c0000)
> 	libslang.so.2 => /lib64/libslang.so.2 (0x00007f7be4de8000)
> 	libperl.so.5.28 => /lib64/libperl.so.5.28 (0x00007f7be4ac2000)
> 	libc.so.6 => /lib64/libc.so.6 (0x00007f7be48fa000)
> 	libpython2.7.so.1.0 => /lib64/libpython2.7.so.1.0 (0x00007f7be4690000)
> 	libz.so.1 => /lib64/libz.so.1 (0x00007f7be4676000)
> 	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007f7be45d1000)
> 	libnuma.so.1 => /lib64/libnuma.so.1 (0x00007f7be45c3000)
> 	libbabeltrace-ctf.so.1 => /lib64/libbabeltrace-ctf.so.1
> (0x00007f7be456d000)
> 	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f7be4551000)
> 	/lib64/ld-linux-x86-64.so.2 (0x00007f7be5331000)
> 	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f7be453d000)
> 	libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007f7be4502000)
> 	libutil.so.1 => /lib64/libutil.so.1 (0x00007f7be44fd000)
> 	libbabeltrace.so.1 => /lib64/libbabeltrace.so.1 (0x00007f7be44ed000)
> 	libpopt.so.0 => /lib64/libpopt.so.0 (0x00007f7be44dd000)
> 	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f7be44d3000)
> 	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00007f7be44cd000)
> 	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007f7be43a9000)
> 	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f7be4335000)
> [acme@quaco perf]$
> 
> ;-)
> 
> So, please check tools/build/feature/ and check how this is done and add
> a test and the warning in tools/perf/Makefile.config so that we get an
> error message stating that libcap-dev or libcap-devel should be
> installed.
> 
> I'll do it if there is any difficulty, just not right now as I'm busy
> and want to get a pull req out of the door.
> 
> - Arnaldo
Lubashev, Igor Aug. 7, 2019, 3:58 a.m. UTC | #6 
On Wed, July 17 at 2019 7:47 PM  Arnaldo Carvalho de Melo wrote:
> Em Wed, Jul 17, 2019 at 06:05:51PM -0300, Arnaldo Carvalho de Melo
> escreveu:
> > Em Tue, Jul 16, 2019 at 10:46:43AM +0200, Jiri Olsa escreveu:
> > > On Tue, Jul 02, 2019 at 08:10:03PM -0400, Igor Lubashev wrote:
> > > > Add utilities to help checking capabilities of the running process.
> > > > Make perf link with libcap.
> > > >
> > > > Signed-off-by: Igor Lubashev <ilubashe@akamai.com>
> > > > ---
> > > >  tools/perf/Makefile.config         |  2 +-
> > > >  tools/perf/util/Build              |  1 +
> > > >  tools/perf/util/cap.c              | 24 ++++++++++++++++++++++++
> > > >  tools/perf/util/cap.h              | 10 ++++++++++
> > > >  tools/perf/util/event.h            |  1 +
> > > >  tools/perf/util/python-ext-sources |  1 +
> > > >  tools/perf/util/util.c             |  9 +++++++++
> > > >  7 files changed, 47 insertions(+), 1 deletion(-)  create mode
> > > > 100644 tools/perf/util/cap.c  create mode 100644
> > > > tools/perf/util/cap.h
> > > >
> > > > diff --git a/tools/perf/Makefile.config
> > > > b/tools/perf/Makefile.config index 85fbcd265351..21470a50ed39
> > > > 100644
> > > > --- a/tools/perf/Makefile.config
> > > > +++ b/tools/perf/Makefile.config
> > > > @@ -259,7 +259,7 @@ CXXFLAGS += -Wno-strict-aliasing  # adding
> > > > assembler files missing the .GNU-stack linker note.
> > > >  LDFLAGS += -Wl,-z,noexecstack
> > > >
> > > > -EXTLIBS = -lpthread -lrt -lm -ldl
> > > > +EXTLIBS = -lpthread -lrt -lm -ldl -lcap
> > >
> > > I wonder we should detect libcap or it's everywhere.. Arnaldo's
> > > compile test suite might tell
> >
> > I'll add this tentatively and try to build it in my test suite.
> 
> So, not even in my notebook this worked straight away:
> 
>   CC       /tmp/build/perf/util/cap.o
>   CC       /tmp/build/perf/util/config.o
> In file included from util/cap.c:5:
> util/cap.h:6:10: fatal error: sys/capability.h: No such file or directory
>     6 | #include <sys/capability.h>
>       |          ^~~~~~~~~~~~~~~~~~
> compilation terminated.
> mv: cannot stat '/tmp/build/perf/util/.cap.o.tmp': No such file or directory
> 
> 
> I had to first do:
> 
> dnf install libcap-devel
> 
> So we need to have a feature test and fail if that is not installed, i.e. libcap
> becomes a hard req for building perf, which I think is reasonable, one more
> shouldn't hurt, right?
> 
> With all the features enabled:
> 
> [acme@quaco perf]$ ldd ~/bin/perf
> 	linux-vdso.so.1 (0x00007ffe7278a000)
> 	libunwind-x86_64.so.8 => /lib64/libunwind-x86_64.so.8
> (0x00007f7be52f1000)
> 	libunwind.so.8 => /lib64/libunwind.so.8 (0x00007f7be52d7000)
> 	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f7be52ae000)
> 	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7be528d000)
> 	librt.so.1 => /lib64/librt.so.1 (0x00007f7be5283000)
> 	libm.so.6 => /lib64/libm.so.6 (0x00007f7be513d000)
> 	libdl.so.2 => /lib64/libdl.so.2 (0x00007f7be5135000)
> 	libcap.so.2 => /lib64/libcap.so.2 (0x00007f7be512e000)
> 	libelf.so.1 => /lib64/libelf.so.1 (0x00007f7be5113000)
> 	libdw.so.1 => /lib64/libdw.so.1 (0x00007f7be50c0000)
> 	libslang.so.2 => /lib64/libslang.so.2 (0x00007f7be4de8000)
> 	libperl.so.5.28 => /lib64/libperl.so.5.28 (0x00007f7be4ac2000)
> 	libc.so.6 => /lib64/libc.so.6 (0x00007f7be48fa000)
> 	libpython2.7.so.1.0 => /lib64/libpython2.7.so.1.0
> (0x00007f7be4690000)
> 	libz.so.1 => /lib64/libz.so.1 (0x00007f7be4676000)
> 	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007f7be45d1000)
> 	libnuma.so.1 => /lib64/libnuma.so.1 (0x00007f7be45c3000)
> 	libbabeltrace-ctf.so.1 => /lib64/libbabeltrace-ctf.so.1
> (0x00007f7be456d000)
> 	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f7be4551000)
> 	/lib64/ld-linux-x86-64.so.2 (0x00007f7be5331000)
> 	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f7be453d000)
> 	libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007f7be4502000)
> 	libutil.so.1 => /lib64/libutil.so.1 (0x00007f7be44fd000)
> 	libbabeltrace.so.1 => /lib64/libbabeltrace.so.1
> (0x00007f7be44ed000)
> 	libpopt.so.0 => /lib64/libpopt.so.0 (0x00007f7be44dd000)
> 	libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f7be44d3000)
> 	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0
> (0x00007f7be44cd000)
> 	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007f7be43a9000)
> 	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f7be4335000)
> [acme@quaco perf]$
> 
> ;-)
> 
> So, please check tools/build/feature/ and check how this is done and add a
> test and the warning in tools/perf/Makefile.config so that we get an error
> message stating that libcap-dev or libcap-devel should be installed.

I have just posted v2 of the series (https://lkml.kernel.org/lkml/cover.1565146171.git.ilubashe@akamai.com).

Instead of making libcap is "hard req", I made it as "soft" one. We can still build a useful tool w/o libcap. It will just have to assume that perf is running with no capabilities, since we cannot query them.

Many thanks for the pointers on how to go about build feature checking.

- Igor
diff mbox series

Patch

diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index 85fbcd265351..21470a50ed39 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -259,7 +259,7 @@  CXXFLAGS += -Wno-strict-aliasing
 # adding assembler files missing the .GNU-stack linker note.
 LDFLAGS += -Wl,-z,noexecstack
 
-EXTLIBS = -lpthread -lrt -lm -ldl
+EXTLIBS = -lpthread -lrt -lm -ldl -lcap
 
 ifeq ($(FEATURES_DUMP),)
 include $(srctree)/tools/build/Makefile.feature
diff --git a/tools/perf/util/Build b/tools/perf/util/Build
index 6d5bbc8b589b..9cc6e9b34ebd 100644
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
@@ -1,6 +1,7 @@ 
 perf-y += annotate.o
 perf-y += block-range.o
 perf-y += build-id.o
+perf-y += cap.o
 perf-y += config.o
 perf-y += ctype.o
 perf-y += db-export.o
diff --git a/tools/perf/util/cap.c b/tools/perf/util/cap.c
new file mode 100644
index 000000000000..c42ea32663cf
--- /dev/null
+++ b/tools/perf/util/cap.c
@@ -0,0 +1,24 @@ 
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Capability utilities
+ */
+#include "cap.h"
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap)
+{
+	cap_flag_value_t val;
+	cap_t caps = cap_get_proc();
+
+	if (!caps)
+		return false;
+
+	if (cap_get_flag(caps, cap, CAP_EFFECTIVE, &val) != 0)
+		val = CAP_CLEAR;
+
+	if (cap_free(caps) != 0)
+		return false;
+
+	return val == CAP_SET;
+}
diff --git a/tools/perf/util/cap.h b/tools/perf/util/cap.h
new file mode 100644
index 000000000000..5521de78b228
--- /dev/null
+++ b/tools/perf/util/cap.h
@@ -0,0 +1,10 @@ 
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __PERF_CAP_H
+#define __PERF_CAP_H
+
+#include <stdbool.h>
+#include <sys/capability.h>
+
+bool perf_cap__capable(cap_value_t cap);
+
+#endif /* __PERF_CAP_H */
diff --git a/tools/perf/util/event.h b/tools/perf/util/event.h
index 9e999550f247..013d9e28fcac 100644
--- a/tools/perf/util/event.h
+++ b/tools/perf/util/event.h
@@ -849,6 +849,7 @@  void  cpu_map_data__synthesize(struct cpu_map_data *data, struct cpu_map *map,
 void event_attr_init(struct perf_event_attr *attr);
 
 int perf_event_paranoid(void);
+bool perf_event_paranoid_check(int max_level);
 
 extern int sysctl_perf_event_max_stack;
 extern int sysctl_perf_event_max_contexts_per_stack;
diff --git a/tools/perf/util/python-ext-sources b/tools/perf/util/python-ext-sources
index 7aa0ea64544e..4545eaf018b5 100644
--- a/tools/perf/util/python-ext-sources
+++ b/tools/perf/util/python-ext-sources
@@ -6,6 +6,7 @@ 
 #
 
 util/python.c
+util/cap.c
 util/ctype.c
 util/evlist.c
 util/evsel.c
diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c
index d388f80d8703..cde538ec727d 100644
--- a/tools/perf/util/util.c
+++ b/tools/perf/util/util.c
@@ -16,10 +16,12 @@ 
 #include <string.h>
 #include <errno.h>
 #include <limits.h>
+#include <linux/capability.h>
 #include <linux/kernel.h>
 #include <linux/log2.h>
 #include <linux/time64.h>
 #include <unistd.h>
+#include "cap.h"
 #include "strlist.h"
 #include "string2.h"
 
@@ -456,6 +458,13 @@  int perf_event_paranoid(void)
 
 	return value;
 }
+
+bool perf_event_paranoid_check(int max_level)
+{
+	return perf_cap__capable(CAP_SYS_ADMIN) ||
+			perf_event_paranoid() <= max_level;
+}
+
 static int
 fetch_ubuntu_kernel_version(unsigned int *puint)
 {