16 Apr, 2020
1 commit
-
Update perf-security.rst documentation file with the information
related to usage of CAP_PERFMON capability to secure performance
monitoring and observability operations in system.Committer notes:
While testing 'perf top' under cap_perfmon I noticed that it needs
some more capability and Alexey pointed out cap_ipc_lock, as needed by
this kernel chunk:kernel/events/core.c: 6101
if ((locked > lock_limit) && perf_is_paranoid() &&
!capable(CAP_IPC_LOCK)) {
ret = -EPERM;
goto unlock;
}So I added it to the documentation, and also mentioned that if the
libcap version doesn't yet supports 'cap_perfmon', its numeric value can
be used instead, i.e. if:# setcap "cap_perfmon,cap_ipc_lock,cap_sys_ptrace,cap_syslog=ep" perf
Fails, try:
# setcap "38,cap_ipc_lock,cap_sys_ptrace,cap_syslog=ep" perf
I also added a paragraph stating that using an unpatched libcap will
fail the check for CAP_PERFMON, as it checks the cap number against a
maximum to see if it is valid, which makes it use as the default the
'cycles:u' event, even tho a cap_perfmon capable perf binary can get
kernel samples, to workaround that just use, e.g.:# perf top -e cycles
# perf record -e cyclesAnd it will sample kernel and user modes.
Signed-off-by: Alexey Budankov
Tested-by: Arnaldo Carvalho de Melo
Cc: Alexei Starovoitov
Cc: Andi Kleen
Cc: Igor Lubashev
Cc: James Morris
Cc: Jiri Olsa
Cc: Namhyung Kim
Cc: Peter Zijlstra
Cc: Serge Hallyn
Cc: Song Liu
Cc: Stephane Eranian
Cc: Thomas Gleixner
Cc: intel-gfx@lists.freedesktop.org
Cc: linux-doc@vger.kernel.org
Cc: linux-man@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: selinux@vger.kernel.org
Link: http://lore.kernel.org/lkml/17278551-9399-9ebe-d665-8827016a217d@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo
18 Feb, 2019
4 commits
-
Implemented formatting of paragraphs to be not wider than 72 columns.
Signed-off-by: Alexey Budankov
Signed-off-by: Jonathan Corbet -
Elaborate on possible perf_event/Perf privileged users groups
and document steps about creating such groups.Signed-off-by: Alexey Budankov
Signed-off-by: Jonathan Corbet -
Document and categorize system and performance data into groups that
can be captured by perf_events/Perf and explicitly indicate the group
that can contain process sensitive data.Signed-off-by: Alexey Budankov
Signed-off-by: Jonathan Corbet -
Extend perf-security.rst file with perf_events/Perf resource control
section describing RLIMIT_NOFILE and perf_event_mlock_kb settings for
performance monitoring user processes.Signed-off-by: Alexey Budankov
Signed-off-by: Jonathan Corbet
07 Dec, 2018
1 commit
-
Implement initial version of perf-security.rst documentation file
covering security concerns of perf_event_paranoid settings.Suggested-by: Thomas Gleixner
Signed-off-by: Alexey Budankov
Reviewed-by: Kees Cook
Signed-off-by: Jonathan Corbet