aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Zijlstra <a.p.zijlstra@chello.nl>2009-06-11 05:18:36 -0400
committerIngo Molnar <mingo@elte.hu>2009-06-11 10:48:38 -0400
commit0764771dab80d7b84b9a271bee7f1b21a04a3f0c (patch)
tree36cb6400e257393208779a95b4868df2f9af6cf6
parent106b506c3a8b74daa5751e83ed3e46438fcf9a52 (diff)
perf_counter: More paranoia settings
Rename the perf_counter_priv knob to perf_counter_paranoia (because priv can be read as private, as opposed to privileged) and provide one more level: 0 - permissive 1 - restrict cpu counters to privilidged contexts 2 - restrict kernel-mode code counting and profiling Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Mike Galbraith <efault@gmx.de> Cc: Paul Mackerras <paulus@samba.org> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r--include/linux/perf_counter.h2
-rw-r--r--kernel/perf_counter.c25
-rw-r--r--kernel/sysctl.c6
3 files changed, 27 insertions, 6 deletions
diff --git a/include/linux/perf_counter.h b/include/linux/perf_counter.h
index 5b966472b458..386be915baa1 100644
--- a/include/linux/perf_counter.h
+++ b/include/linux/perf_counter.h
@@ -648,7 +648,7 @@ struct perf_callchain_entry {
648 648
649extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs); 649extern struct perf_callchain_entry *perf_callchain(struct pt_regs *regs);
650 650
651extern int sysctl_perf_counter_priv; 651extern int sysctl_perf_counter_paranoid;
652extern int sysctl_perf_counter_mlock; 652extern int sysctl_perf_counter_mlock;
653extern int sysctl_perf_counter_limit; 653extern int sysctl_perf_counter_limit;
654 654
diff --git a/kernel/perf_counter.c b/kernel/perf_counter.c
index 8b89b40bd0f0..63f1987c1c1c 100644
--- a/kernel/perf_counter.c
+++ b/kernel/perf_counter.c
@@ -43,7 +43,23 @@ static atomic_t nr_counters __read_mostly;
43static atomic_t nr_mmap_counters __read_mostly; 43static atomic_t nr_mmap_counters __read_mostly;
44static atomic_t nr_comm_counters __read_mostly; 44static atomic_t nr_comm_counters __read_mostly;
45 45
46int sysctl_perf_counter_priv __read_mostly; /* do we need to be privileged */ 46/*
47 * 0 - not paranoid
48 * 1 - disallow cpu counters to unpriv
49 * 2 - disallow kernel profiling to unpriv
50 */
51int sysctl_perf_counter_paranoid __read_mostly; /* do we need to be privileged */
52
53static inline bool perf_paranoid_cpu(void)
54{
55 return sysctl_perf_counter_paranoid > 0;
56}
57
58static inline bool perf_paranoid_kernel(void)
59{
60 return sysctl_perf_counter_paranoid > 1;
61}
62
47int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */ 63int sysctl_perf_counter_mlock __read_mostly = 512; /* 'free' kb per user */
48int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */ 64int sysctl_perf_counter_limit __read_mostly = 100000; /* max NMIs per second */
49 65
@@ -1385,7 +1401,7 @@ static struct perf_counter_context *find_get_context(pid_t pid, int cpu)
1385 */ 1401 */
1386 if (cpu != -1) { 1402 if (cpu != -1) {
1387 /* Must be root to operate on a CPU counter: */ 1403 /* Must be root to operate on a CPU counter: */
1388 if (sysctl_perf_counter_priv && !capable(CAP_SYS_ADMIN)) 1404 if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN))
1389 return ERR_PTR(-EACCES); 1405 return ERR_PTR(-EACCES);
1390 1406
1391 if (cpu < 0 || cpu > num_possible_cpus()) 1407 if (cpu < 0 || cpu > num_possible_cpus())
@@ -3618,6 +3634,11 @@ SYSCALL_DEFINE5(perf_counter_open,
3618 if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0) 3634 if (copy_from_user(&attr, attr_uptr, sizeof(attr)) != 0)
3619 return -EFAULT; 3635 return -EFAULT;
3620 3636
3637 if (!attr.exclude_kernel) {
3638 if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
3639 return -EACCES;
3640 }
3641
3621 /* 3642 /*
3622 * Get the target context (task or percpu): 3643 * Get the target context (task or percpu):
3623 */ 3644 */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 0c4bf863afa3..344a65981dee 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -916,9 +916,9 @@ static struct ctl_table kern_table[] = {
916#ifdef CONFIG_PERF_COUNTERS 916#ifdef CONFIG_PERF_COUNTERS
917 { 917 {
918 .ctl_name = CTL_UNNUMBERED, 918 .ctl_name = CTL_UNNUMBERED,
919 .procname = "perf_counter_privileged", 919 .procname = "perf_counter_paranoid",
920 .data = &sysctl_perf_counter_priv, 920 .data = &sysctl_perf_counter_paranoid,
921 .maxlen = sizeof(sysctl_perf_counter_priv), 921 .maxlen = sizeof(sysctl_perf_counter_paranoid),
922 .mode = 0644, 922 .mode = 0644,
923 .proc_handler = &proc_dointvec, 923 .proc_handler = &proc_dointvec,
924 }, 924 },