perf_counter: More paranoia settings
authorPeter Zijlstra <a.p.zijlstra@chello.nl>
Thu, 11 Jun 2009 09:18:36 +0000 (11:18 +0200)
committerIngo Molnar <mingo@elte.hu>
Thu, 11 Jun 2009 14:48:38 +0000 (16:48 +0200)
Rename the perf_counter_priv knob to perf_counter_paranoia (because
priv can be read as private, as opposed to privileged) and provide
one more level:

 0 - permissive
 1 - restrict cpu counters to privilidged contexts
 2 - restrict kernel-mode code counting and profiling

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
include/linux/perf_counter.h
kernel/perf_counter.c
kernel/sysctl.c

index 5b966472b45806f3624caa6e6c5cb30c7c76c3f9..386be915baa1b425b93b55a48d3dbfebea5b19bd 100644 (file)
@@ -648,7 +648,7 @@ struct perf_callchain_entry {
 
 extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs);
 
-extern int sysctl_perf_counter_priv;
+extern int sysctl_perf_counter_paranoid;
 extern int sysctl_perf_counter_mlock;
 extern int sysctl_perf_counter_limit;
 
index 8b89b40bd0f04fb3243d115f1b68b7186ffcbe4d..63f1987c1c1cc431efd96898980e285967a8c0ea 100644 (file)
@@ -43,7 +43,23 @@ static atomic_t nr_counters __read_mostly;
 static atomic_t nr_mmap_counters __read_mostly;
 static atomic_t nr_comm_counters __read_mostly;
 
-int sysctl_perf_counter_priv __read_mostly; /* do we need to be privileged */
+/*
+ * 0 - not paranoid
+ * 1 - disallow cpu counters to unpriv
+ * 2 - disallow kernel profiling to unpriv
+ */
+int sysctl_perf_counter_paranoid __read_mostly; /* do we need to be privileged */
+
+static inline bool perf_paranoid_cpu(void)
+{
+       return sysctl_perf_counter_paranoid > 0;
+}
+
+static inline bool perf_paranoid_kernel(void)
+{
+       return sysctl_perf_counter_paranoid > 1;
+}
+
 int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */
 int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */
 
@@ -1385,7 +1401,7 @@ static struct perf_counter_context *find_get_context(pid_t pid, int cpu)
         */
        if (cpu != -1) {
                /* Must be root to operate on a CPU counter: */
-               if (sysctl_perf_counter_priv && !capable(CAP_SYS_ADMIN))
+               if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN))
                        return ERR_PTR(-EACCES);
 
                if (cpu < 0 || cpu > num_possible_cpus())
@@ -3618,6 +3634,11 @@ SYSCALL_DEFINE5(perf_counter_open,
        if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0)
                return -EFAULT;
 
+       if (!attr.exclude_kernel) {
+               if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+                       return -EACCES;
+       }
+
        /*
         * Get the target context (task or percpu):
         */
index 0c4bf863afa32ffa9223e3cacafe89bd2f64c80c..344a65981dee4eb52aca78317707e8eaa09b85cb 100644 (file)
@@ -916,9 +916,9 @@ static struct ctl_table kern_table[] = {
 #ifdef CONFIG_PERF_COUNTERS
        {
                .ctl_name       = CTL_UNNUMBERED,
-               .procname       = "perf_counter_privileged",
-               .data           = &sysctl_perf_counter_priv,
-               .maxlen         = sizeof(sysctl_perf_counter_priv),
+               .procname       = "perf_counter_paranoid",
+               .data           = &sysctl_perf_counter_paranoid,
+               .maxlen         = sizeof(sysctl_perf_counter_paranoid),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec,
        },