On Thu, Jun 06, 2013 at 11:02:04AM +0200, Stephane Eranian wrote: > > Commit 2b923c8 perf/x86: Check branch sampling priv level in generic code > was missing the check for the hypervisor (HV) priv level, so add it back. > > With this patch, we get the following correct behavior: > > # echo 2 >/proc/sys/kernel/perf_event_paranoid > > $ perf record -j any,k noploop 1 > Error: > You may not have permission to collect stats. > Consider tweaking /proc/sys/kernel/perf_event_paranoid: > -1 - Not paranoid at all > 0 - Disallow raw tracepoint access for unpriv > 1 - Disallow cpu events for unpriv > 2 - Disallow kernel profiling for unpriv > > $ perf record -j any,hv noploop 1 > Error: > You may not have permission to collect stats. > Consider tweaking /proc/sys/kernel/perf_event_paranoid: > -1 - Not paranoid at all > 0 - Disallow raw tracepoint access for unpriv > 1 - Disallow cpu events for unpriv > 2 - Disallow kernel profiling for unpriv > > Signed-off-by: Stephane Eranian <eran...@google.com> > --- > diff --git a/kernel/events/core.c b/kernel/events/core.c > index 95edd5a..f0880fb 100644 > --- a/kernel/events/core.c > +++ b/kernel/events/core.c > @@ -6501,8 +6501,8 @@ static int perf_copy_attr(struct perf_event_attr __user > *uattr, > */ > attr->branch_sample_type = mask; > } > - /* kernel level capture: check permissions */ > - if ((mask & PERF_SAMPLE_BRANCH_KERNEL) > + /* privileged levels capture (kernel, hv): check permissions */ > + if ((mask & PERF_SAMPLE_BRANCH_PERM_PLM) > && perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) > return -EACCES; > }
Acked-by: Petr Matousek <pmato...@redhat.com> -- Petr Matousek / Red Hat Security Response Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/