From patchwork Tue Jan 28 06:12:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Budankov X-Patchwork-Id: 11353639 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0624713A4 for ; Tue, 28 Jan 2020 06:13:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E346B2467E for ; Tue, 28 Jan 2020 06:13:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725951AbgA1GNK (ORCPT ); Tue, 28 Jan 2020 01:13:10 -0500 Received: from mga02.intel.com ([134.134.136.20]:17708 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725795AbgA1GNK (ORCPT ); Tue, 28 Jan 2020 01:13:10 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jan 2020 22:13:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,372,1574150400"; d="scan'208";a="231802051" Received: from linux.intel.com ([10.54.29.200]) by orsmga006.jf.intel.com with ESMTP; 27 Jan 2020 22:13:09 -0800 Received: from [10.252.25.124] (abudanko-mobl.ccr.corp.intel.com [10.252.25.124]) by linux.intel.com (Postfix) with ESMTP id C4312580277; Mon, 27 Jan 2020 22:13:01 -0800 (PST) Subject: [PATCH v6 08/10] parisc/perf: open access for CAP_PERFMON privileged process From: Alexey Budankov To: Peter Zijlstra , Arnaldo Carvalho de Melo , Ingo Molnar , "benh@kernel.crashing.org" , Paul Mackerras , Michael Ellerman , "james.bottomley@hansenpartnership.com" , Serge Hallyn , Will Deacon , Robert Richter , Alexei Starovoitov Cc: "intel-gfx@lists.freedesktop.org" , Jiri Olsa , Andi Kleen , Stephane Eranian , Igor Lubashev , Alexander Shishkin , Namhyung Kim , Song Liu , Lionel Landwerlin , linux-kernel , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" , linux-arm-kernel , "linuxppc-dev@lists.ozlabs.org" , "linux-parisc@vger.kernel.org" , "linux-perf-users@vger.kernel.org" , oprofile-list@lists.sf.net References: <74d524ab-ac11-a7b8-1052-eba10f117e09@linux.intel.com> Organization: Intel Corp. Message-ID: <17be72ff-dc52-72ef-fbcc-0e9ec8b61604@linux.intel.com> Date: Tue, 28 Jan 2020 09:12:59 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <74d524ab-ac11-a7b8-1052-eba10f117e09@linux.intel.com> Content-Language: en-US Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org Open access to monitoring for CAP_PERFMON privileged process. Providing the access under CAP_PERFMON capability singly, without the rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials and makes operation more secure. CAP_PERFMON implements the principal of least privilege for performance monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39 principle of least privilege: A security design principle that states that a process or program be granted only those privileges (e.g., capabilities) necessary to accomplish its legitimate function, and only for the time that such privileges are actually required) For backward compatibility reasons access to the monitoring remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for secure monitoring is discouraged with respect to CAP_PERFMON capability. Signed-off-by: Alexey Budankov Acked-by: James Morris --- arch/parisc/kernel/perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/parisc/kernel/perf.c b/arch/parisc/kernel/perf.c index 676683641d00..c4208d027794 100644 --- a/arch/parisc/kernel/perf.c +++ b/arch/parisc/kernel/perf.c @@ -300,7 +300,7 @@ static ssize_t perf_write(struct file *file, const char __user *buf, else return -EFAULT; - if (!capable(CAP_SYS_ADMIN)) + if (!perfmon_capable()) return -EACCES; if (count != sizeof(uint32_t))