[v3,0/3] admin-guide: extend perf-security with resource control, data categories and privileged users

Message ID	784bbe0d-56c1-bd63-1879-b7db988e40c0@linux.intel.com (mailing list archive)
Headers	show Return-Path: <kernel-hardening-return-15149-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com> Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk From: Alexey Budankov <alexey.budankov@linux.intel.com> Subject: [PATCH v3 0/3] admin-guide: extend perf-security with resource control, data categories and privileged users Organization: Intel Corp. To: Jonatan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@kernel.org>, Peter Zijlstra <peterz@infradead.org> Cc: Jann Horn <jannh@google.com>, Arnaldo Carvalho de Melo <acme@kernel.org>, Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>, Alexander Shishkin <alexander.shishkin@linux.intel.com>, Andi Kleen <ak@linux.intel.com>, Mark Rutland <mark.rutland@arm.com>, Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>, "kernel-hardening@lists.openwall.com" <kernel-hardening@lists.openwall.com>, "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>, linux-kernel <linux-kernel@vger.kernel.org> Message-ID: <784bbe0d-56c1-bd63-1879-b7db988e40c0@linux.intel.com> Date: Mon, 11 Feb 2019 16:32:33 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit
Series	admin-guide: extend perf-security with resource control, data categories and privileged users \| expand [v3,0/3] admin-guide: extend perf-security with resource control, data categories and privileged us… [v3,1/4] perf-security: document perf_events/Perf resource control [v3,2/4] perf-security: document collected perf_events/Perf data categories [v3,3/4] perf-security: elaborate on perf_events/Perf privileged users [v3,4/4] perf-security: wrap paragraphs on 72 columns

Message ID

784bbe0d-56c1-bd63-1879-b7db988e40c0@linux.intel.com (mailing list archive)

Headers

Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
From: Alexey Budankov <alexey.budankov@linux.intel.com>
Subject: [PATCH v3 0/3] admin-guide: extend perf-security with resource
 control, data categories and privileged users
Organization: Intel Corp.
To: Jonatan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>
Cc: Jann Horn <jannh@google.com>, Arnaldo Carvalho de Melo <acme@kernel.org>,
 Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
 Alexander Shishkin <alexander.shishkin@linux.intel.com>,
 Andi Kleen <ak@linux.intel.com>, Mark Rutland <mark.rutland@arm.com>,
 Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
 "kernel-hardening@lists.openwall.com" <kernel-hardening@lists.openwall.com>,
 "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
 linux-kernel <linux-kernel@vger.kernel.org>
Message-ID: <784bbe0d-56c1-bd63-1879-b7db988e40c0@linux.intel.com>
Date: Mon, 11 Feb 2019 16:32:33 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Series

admin-guide: extend perf-security with resource control, data categories and privileged users | expand

Message

Alexey Budankov Feb. 11, 2019, 1:32 p.m. UTC

The patch set extends the first version of perf-security.rst documentation
file [1], [2], [3] with the following topics:

1) perf_events/Perf resource limits and control management that describes
   RLIMIT_NOFILE and perf_event_mlock_kb settings for processes conducting
   performance monitoring;

2) categories of system and performance data that can be captured by
   perf_events/Perf with explicit designation of process sensitive data;

3) possible steps to create perf_event/Perf privileged users groups for 
   the current implementations of perf_events syscall API [4] and Perf tool;

---
Alexey Budankov (4):
  perf-security: document perf_events/Perf resource control
  perf-security: document collected perf_events/Perf data categories
  perf-security: elaborate on perf_events/Perf privileged users
  perf-security: wrap paragraphs on 72 columns

 Documentation/admin-guide/perf-security.rst | 253 +++++++++++++++-----
 1 file changed, 193 insertions(+), 60 deletions(-)

---
Changes in v3:
- added two more paragraphs on open fds and memory allocation
- applied comments and corrected typos

Changes in v2:
- addressed comments for v1
- added fourth patch implementing 72 columns paragraph width

---
[1] https://marc.info/?l=linux-kernel&m=153736008310781&w=2
[2] https://lkml.org/lkml/2018/5/21/156
[3] https://lkml.org/lkml/2018/11/27/604
[4] http://man7.org/linux/man-pages/man2/perf_event_open.2.html

Comments

Jonathan Corbet Feb. 17, 2019, 11:14 p.m. UTC | #1

On Mon, 11 Feb 2019 16:32:33 +0300
Alexey Budankov <alexey.budankov@linux.intel.com> wrote:

> The patch set extends the first version of perf-security.rst documentation
> file [1], [2], [3] with the following topics:
> 
> 1) perf_events/Perf resource limits and control management that describes
>    RLIMIT_NOFILE and perf_event_mlock_kb settings for processes conducting
>    performance monitoring;
> 
> 2) categories of system and performance data that can be captured by
>    perf_events/Perf with explicit designation of process sensitive data;
> 
> 3) possible steps to create perf_event/Perf privileged users groups for 
>    the current implementations of perf_events syscall API [4] and Perf tool;

I've applied the set, thanks.

jon

Alexey Budankov Feb. 18, 2019, 8:56 a.m. UTC | #2

On 18.02.2019 2:14, Jonathan Corbet wrote:
> On Mon, 11 Feb 2019 16:32:33 +0300
> Alexey Budankov <alexey.budankov@linux.intel.com> wrote:
> 
>> The patch set extends the first version of perf-security.rst documentation
>> file [1], [2], [3] with the following topics:
>>
>> 1) perf_events/Perf resource limits and control management that describes
>>    RLIMIT_NOFILE and perf_event_mlock_kb settings for processes conducting
>>    performance monitoring;
>>
>> 2) categories of system and performance data that can be captured by
>>    perf_events/Perf with explicit designation of process sensitive data;
>>
>> 3) possible steps to create perf_event/Perf privileged users groups for 
>>    the current implementations of perf_events syscall API [4] and Perf tool;
> 
> I've applied the set, thanks.

Thanks a lot Jon!

~Alexey

> 
> jon
>