perf_counter: sysctl for system wide perf counters

Impact: add sysctl for paranoid/relaxed perfcounters policy Allow the use of system wide perf counters to everybody, but provide a sysctl to disable it for the paranoid security minded. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Paul Mackerras <paulus@samba.org> Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com> LKML-Reference: <20090409085524.514046352@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>

perf_counter: sysctl for system wide perf counters
Impact: add sysctl for paranoid/relaxed perfcounters policy Allow the use of system wide perf counters to everybody, but provide a sysctl to disable it for the paranoid security minded. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Paul Mackerras <paulus@samba.org> Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com> LKML-Reference: <20090409085524.514046352@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Peter Zijlstra · Ingo Molnar
1 parent 9ee318a782
Showing 3 changed files with 16 additions and 1 deletions Side-by-side Diff
include/linux/perf_counter.h
kernel/perf_counter.c
kernel/sysctl.c
@@ -568,6 +568,8 @@
  
 extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs);
  
+extern int sysctl_perf_counter_priv;
+
 #else
 static inline void
 perf_counter_task_sched_in(struct task_struct *task, int cpu)		{ }
@@ -42,6 +42,8 @@
 static atomic_t nr_munmap_tracking __read_mostly;
 static atomic_t nr_comm_tracking __read_mostly;
  
+int sysctl_perf_counter_priv __read_mostly; /* do we need to be privileged */
+
 /*
  * Mutex for (sysadmin-configurable) counter reservations:
  */
@@ -1132,7 +1134,7 @@
 	 */
 	if (cpu != -1) {
 		/* Must be root to operate on a CPU counter: */
-		if (!capable(CAP_SYS_ADMIN))
+		if (sysctl_perf_counter_priv && !capable(CAP_SYS_ADMIN))
 			return ERR_PTR(-EACCES);
  
 		if (cpu < 0 || cpu > num_possible_cpus())
@@ -49,6 +49,7 @@
 #include <linux/reboot.h>
 #include <linux/ftrace.h>
 #include <linux/slow-work.h>
+#include <linux/perf_counter.h>
  
 #include <asm/uaccess.h>
 #include <asm/processor.h>
@@ -918,6 +919,16 @@
 		.procname	= "slow-work",
 		.mode		= 0555,
 		.child		= slow_work_sysctls,
+	},
+#endif
+#ifdef CONFIG_PERF_COUNTERS
+	{
+		.ctl_name	= CTL_UNNUMBERED,
+		.procname	= "perf_counter_privileged",
+		.data		= &sysctl_perf_counter_priv,
+		.maxlen		= sizeof(sysctl_perf_counter_priv),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec,
 	},
 #endif
 /*
...	...	@@ -568,6 +568,8 @@
568	568
569	569	extern struct perf_callchain_entry perf_callchain(struct pt_regs regs);
570	570
	571	+extern int sysctl_perf_counter_priv;
	572	+
571	573	#else
572	574	static inline void
573	575	perf_counter_task_sched_in(struct task_struct *task, int cpu) { }
...	...	@@ -42,6 +42,8 @@
42	42	static atomic_t nr_munmap_tracking __read_mostly;
43	43	static atomic_t nr_comm_tracking __read_mostly;
44	44
	45	+int sysctl_perf_counter_priv __read_mostly; /* do we need to be privileged */
	46	+
45	47	/*
46	48	* Mutex for (sysadmin-configurable) counter reservations:
47	49	*/
...	...	@@ -1132,7 +1134,7 @@
1132	1134	*/
1133	1135	if (cpu != -1) {
1134	1136	/* Must be root to operate on a CPU counter: */
1135		- if (!capable(CAP_SYS_ADMIN))
	1137	+ if (sysctl_perf_counter_priv && !capable(CAP_SYS_ADMIN))
1136	1138	return ERR_PTR(-EACCES);
1137	1139
1138	1140	if (cpu < 0 \|\| cpu > num_possible_cpus())
...	...	@@ -49,6 +49,7 @@
49	49	#include <linux/reboot.h>
50	50	#include <linux/ftrace.h>
51	51	#include <linux/slow-work.h>
	52	+#include <linux/perf_counter.h>
52	53
53	54	#include <asm/uaccess.h>
54	55	#include <asm/processor.h>
...	...	@@ -918,6 +919,16 @@
918	919	.procname = "slow-work",
919	920	.mode = 0555,
920	921	.child = slow_work_sysctls,
	922	+ },
	923	+#endif
	924	+#ifdef CONFIG_PERF_COUNTERS
	925	+ {
	926	+ .ctl_name = CTL_UNNUMBERED,
	927	+ .procname = "perf_counter_privileged",
	928	+ .data = &sysctl_perf_counter_priv,
	929	+ .maxlen = sizeof(sysctl_perf_counter_priv),
	930	+ .mode = 0644,
	931	+ .proc_handler = &proc_dointvec,
921	932	},
922	933	#endif
923	934	/*