tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

drm/i915/perf: Open access for CAP_PERFMON privileged process

Open access to i915_perf monitoring for CAP_PERFMON privileged process.
Providing the access under CAP_PERFMON capability singly, without the
rest of CAP_SYS_ADMIN credentials, excludes chances to misuse the
credentials and makes operation more secure.

CAP_PERFMON implements the principle of least privilege for performance
monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39
principle of least privilege: A security design principle that states
that a process or program be granted only those privileges (e.g.,
capabilities) necessary to accomplish its legitimate function, and only
for the time that such privileges are actually required)

For backward compatibility reasons access to i915_events subsystem remains
open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for
secure i915_events monitoring is discouraged with respect to CAP_PERFMON
capability.

Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Acked-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Igor Lubashev <ilubashe@akamai.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: intel-gfx@lists.freedesktop.org
Cc: linux-doc@vger.kernel.org
Cc: linux-man@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: selinux@vger.kernel.org
Link: http://lore.kernel.org/lkml/e3e3292f-f765-ea98-e59c-fbe2db93fd34@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

authored by

Alexey Budankov and committed by
Arnaldo Carvalho de Melo 4e3d3456 6b3e0e2e

+6 -7
+6 -7
drivers/gpu/drm/i915/i915_perf.c
··· 3433 3433 /* Similar to perf's kernel.perf_paranoid_cpu sysctl option 3434 3434 * we check a dev.i915.perf_stream_paranoid sysctl option 3435 3435 * to determine if it's ok to access system wide OA counters 3436 - * without CAP_SYS_ADMIN privileges. 3436 + * without CAP_PERFMON or CAP_SYS_ADMIN privileges. 3437 3437 */ 3438 3438 if (privileged_op && 3439 - i915_perf_stream_paranoid && !capable(CAP_SYS_ADMIN)) { 3439 + i915_perf_stream_paranoid && !perfmon_capable()) { 3440 3440 DRM_DEBUG("Insufficient privileges to open i915 perf stream\n"); 3441 3441 ret = -EACCES; 3442 3442 goto err_ctx; ··· 3629 3629 } else 3630 3630 oa_freq_hz = 0; 3631 3631 3632 - if (oa_freq_hz > i915_oa_max_sample_rate && 3633 - !capable(CAP_SYS_ADMIN)) { 3634 - DRM_DEBUG("OA exponent would exceed the max sampling frequency (sysctl dev.i915.oa_max_sample_rate) %uHz without root privileges\n", 3632 + if (oa_freq_hz > i915_oa_max_sample_rate && !perfmon_capable()) { 3633 + DRM_DEBUG("OA exponent would exceed the max sampling frequency (sysctl dev.i915.oa_max_sample_rate) %uHz without CAP_PERFMON or CAP_SYS_ADMIN privileges\n", 3635 3634 i915_oa_max_sample_rate); 3636 3635 return -EACCES; 3637 3636 } ··· 4051 4052 return -EINVAL; 4052 4053 } 4053 4054 4054 - if (i915_perf_stream_paranoid && !capable(CAP_SYS_ADMIN)) { 4055 + if (i915_perf_stream_paranoid && !perfmon_capable()) { 4055 4056 DRM_DEBUG("Insufficient privileges to add i915 OA config\n"); 4056 4057 return -EACCES; 4057 4058 } ··· 4198 4199 return -ENOTSUPP; 4199 4200 } 4200 4201 4201 - if (i915_perf_stream_paranoid && !capable(CAP_SYS_ADMIN)) { 4202 + if (i915_perf_stream_paranoid && !perfmon_capable()) { 4202 4203 DRM_DEBUG("Insufficient privileges to remove i915 OA config\n"); 4203 4204 return -EACCES; 4204 4205 }