Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-02-09 Thread Sai Prakash Ranjan
Hi Peter, On 2021-02-02 11:41, Sai Prakash Ranjan wrote: Hi Peter, On 2021-02-01 19:11, Peter Zijlstra wrote: On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote: Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see how this new config has to depend on that? Thi

Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-02-04 Thread Peter Zijlstra
On Sat, Jan 30, 2021 at 12:35:10AM +0530, Sai Prakash Ranjan wrote: > Here the idea is to protect such important information from all users > including root users since root privileges does not have to mean full > control over the kernel [1] and root compromise does not have to be > the end of the

Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-02-01 Thread Sai Prakash Ranjan
Hi Peter, On 2021-02-01 19:11, Peter Zijlstra wrote: On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote: Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see how this new config has to depend on that? This can work independently whether complete lockdown is enfor

Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-02-01 Thread Peter Zijlstra
On Mon, Feb 01, 2021 at 01:11:04PM +0530, Sai Prakash Ranjan wrote: > Ok I suppose you mean CONFIG_SECURITY_LOCKDOWN_LSM? But I don't see > how this new config has to depend on that? This can work independently > whether complete lockdown is enforced or not since it applies to only > hardware inst

Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-01-31 Thread Sai Prakash Ranjan
Hi Peter, On 2021-01-30 01:00, Peter Zijlstra wrote: On Sat, Jan 30, 2021 at 12:35:10AM +0530, Sai Prakash Ranjan wrote: Here the idea is to protect such important information from all users including root users since root privileges does not have to mean full control over the kernel [1] and r

Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-01-29 Thread Peter Zijlstra
On Sat, Jan 30, 2021 at 12:35:10AM +0530, Sai Prakash Ranjan wrote: > Here the idea is to protect such important information from all users > including root users since root privileges does not have to mean full > control over the kernel [1] and root compromise does not have to be > the end of the

[PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

2021-01-29 Thread Sai Prakash Ranjan
Hardware assisted tracing families such as ARM Coresight, Intel PT provides rich tracing capabilities including instruction level tracing and accurate timestamps which are very useful for profiling and also pose a significant security risk. One such example of security risk is when kernel mode trac