From patchwork Wed Nov 21 08:57:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Budankov X-Patchwork-Id: 10692155 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 57E9615A7 for ; Wed, 21 Nov 2018 08:57:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42B072B065 for ; Wed, 21 Nov 2018 08:57:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 362472B2F0; Wed, 21 Nov 2018 08:57:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SUBJ_OBFU_PUNCT_MANY autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 62AEB2B065 for ; Wed, 21 Nov 2018 08:57:36 +0000 (UTC) Received: (qmail 3913 invoked by uid 550); 21 Nov 2018 08:57:35 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 3894 invoked from network); 21 Nov 2018 08:57:34 -0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,260,1539673200"; d="scan'208";a="101986096" To: Thomas Gleixner , Kees Cook , Jann Horn , Ingo Molnar , Peter Zijlstra , Arnaldo Carvalho de Melo , Andi Kleen , Jonatan Corbet Cc: Alexander Shishkin , Jiri Olsa , Namhyung Kim , Mark Rutland , Tvrtko Ursulin , linux-kernel , "kernel-hardening@lists.openwall.com" , "linux-doc@vger.kernel.org" From: Alexey Budankov Subject: [PATCH v2 0/2] Documentation/admin-guide: introduce perf-security.rst file and extend perf_event_paranoid documentation Organization: Intel Corp. Message-ID: <259a9cd2-5c56-4f8d-57c4-cabaeaa774bc@linux.intel.com> Date: Wed, 21 Nov 2018 11:57:12 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Virus-Scanned: ClamAV using ClamSMTP To facilitate informed decision making by system administrators [1] to permit and manage access to Perf Events (perf_events) / Perf tool (Perf) [2],[3] performance monitoring for multiple users perf-security.rst document suggested by Thomas Gleixner is introduced [4] that: a) states perf_events/Perf access security concerns for multi user environment b) refers to base Linux access control and management principles c) extends documentation of possible perf_event_paranoid knob settings The file serves as single knowledge source for perf_events/Perf security and access control related matter according to decisions, discussion and PoC prototype previously made here [5],[6]. The file can later be extended with information describing: a) perf_events/Perf usage models and its security implications b) perf_events/Perf user interface, its changes and related security implications c) security related implications of monitoring by a specific perf_events PMU [2] --- Alexey Budankov (2): Documentation/admin-guide: introduce perf-security.rst file Documentation/admin-guide: update admin-guide index.rst Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/perf-security.rst | 77 +++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 Documentation/admin-guide/perf-security.rst