Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / b0c8fdc7fdb77586c3d1937050925b960743306e^! / . / kernel / events / core.c
commitb0c8fdc7fdb77586c3d1937050925b960743306e[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Mon Aug 19 17:18:00 2019 -0700
committerJames Morris <jmorris@namei.org>Mon Aug 19 21:54:16 2019 -0700
treebdd70cb78f6630c2e98a06aaae45600fcbb03f89
parent9d1f8be5cf42b497a3bddf1d523f2bb142e9318c [diff] [blame]
lockdown: Lock down perf when in confidentiality mode

Disallow the use of certain perf facilities that might allow userspace to
access kernel data.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/kernel/events/core.c b/kernel/events/core.c
index f85929c..8732f98 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c

@@ -10798,6 +10798,13 @@ SYSCALL_DEFINE5(perf_event_open,
 	    perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
 		return -EACCES;
 
+	err = security_locked_down(LOCKDOWN_PERF);
+	if (err && (attr.sample_type & PERF_SAMPLE_REGS_INTR))
+		/* REGS_INTR can leak data, lockdown must prevent this */
+		return err;
+
+	err = 0;
+
 	/*
 	 * In cgroup mode, the pid argument is used to pass the fd
 	 * opened to the cgroup directory in cgroupfs. The cpu argument