From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bircoph@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=unavailable autolearn_force=no version=3.4.1
Date: Thu, 2 Jun 2022 21:42:03 +0300
From: Andrey Savchenko <bircoph@altlinux.org>
To: ALT Linux kernel packages development <devel-kernel@lists.altlinux.org>
Message-Id: <20220602214203.3c68997e3f33b29be6adf2ea@altlinux.org>
In-Reply-To: <YpkA3DLcFOLzGd4A@portlab>
References: <20220602003100.524482-1-vt@altlinux.org>
 <20220602071438.GA5852@altlinux.org>
 <20220602124038.ov7aoh5qcbrvc4ei@altlinux.org>
 <20220602185841.5c4c9d6f8655cdacbdb5decb@altlinux.org>
 <YpkA3DLcFOLzGd4A@portlab>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-alt-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="PGP-SHA512";
 boundary="Signature=_Thu__2_Jun_2022_21_42_03_+0300_wDFZVHQN.ik2I4ZS"
Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security,
 perf: Allow further restriction of perf_event_open
X-BeenThere: devel-kernel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux kernel packages development
 <devel-kernel@lists.altlinux.org>
List-Id: ALT Linux kernel packages development
 <devel-kernel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel-kernel>
List-Post: <mailto:devel-kernel@lists.altlinux.org>
List-Help: <mailto:devel-kernel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2022 18:42:12 -0000
Archived-At: <http://lore.altlinux.org/devel-kernel/20220602214203.3c68997e3f33b29be6adf2ea@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel-kernel/>
List-Post: <mailto:devel-kernel@altlinux.org>

--Signature=_Thu__2_Jun_2022_21_42_03_+0300_wDFZVHQN.ik2I4ZS
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, 2 Jun 2022 21:26:36 +0300 Vladimir D. Seleznev wrote:
> On Thu, Jun 02, 2022 at 06:58:41PM +0300, Andrey Savchenko wrote:
> > On Thu, 2 Jun 2022 15:40:38 +0300 Vitaly Chikunov wrote:
> > > Dmitry,
> > >=20
> > > On Thu, Jun 02, 2022 at 10:14:38AM +0300, Dmitry V. Levin wrote:
> > > > On Thu, Jun 02, 2022 at 03:31:00AM +0300, Vitaly Chikunov wrote:
> > > > > From: Ben Hutchings <ben@decadent.org.uk>
> > > > >=20
> > > > > https://lkml.org/lkml/2016/1/11/587
> > > > >=20
> > > > > The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity.  Add=
s the
> > > > > option to disable perf_event_open() entirely for unprivileged use=
rs.
> > > > > This standalone version doesn't include making the variable read-=
only
> > > > > (or renaming it).
> > > > >=20
> > > > > When kernel.perf_event_open is set to 3 (or greater), disallow all
> > > > ----------------------------------------^
> > > >=20
> > > > > access to performance events by users without CAP_SYS_ADMIN.
> > > > > Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
> > > > > makes this value the default.
> > > > >=20
> > > > > This is based on a similar feature in grsecurity
> > > > > (CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include mak=
ing
> > > > > the variable read-only.  It also allows enabling further restrict=
ion
> > > > > at run-time regardless of whether the default is changed.
> > > > >=20
> > > > > Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> > > > > Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
> > > > > [ saf: resolve conflicts with v5.8-rc1 ]
> > > > > Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> > > > > [ vt: Make it default y. ]
> > > > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> > > > > ---
> > > > >  include/linux/perf_event.h |  6 ++++++
> > > > >  kernel/events/core.c       |  8 ++++++++
> > > > >  security/Kconfig           | 10 ++++++++++
> > > > >  3 files changed, 24 insertions(+)
> > > > >=20
> > > > > diff --git a/include/linux/perf_event.h b/include/linux/perf_even=
t.h
> > > > > index 733649184b27..b00607abbcdf 100644
> > > > > --- a/include/linux/perf_event.h
> > > > > +++ b/include/linux/perf_event.h
> > > > > @@ -1342,6 +1342,12 @@ int perf_event_max_stack_handler(struct ct=
l_table *table, int write,
> > > > >  #define PERF_SECURITY_CPU		1
> > > > >  #define PERF_SECURITY_KERNEL		2
> > > > >  #define PERF_SECURITY_TRACEPOINT	3
> > > > > +#define PERF_SECURITY_MAX		4
> > > > ----------------------------------------^
> > > >=20
> > > > > +
> > > > > +static inline bool perf_paranoid_any(void)
> > > > > +{
> > > > > +	return sysctl_perf_event_paranoid >=3D PERF_SECURITY_MAX;
> > > > > +}
> > > > > =20
> > > > >  static inline int perf_is_paranoid(void)
> > > > >  {
> > > > > diff --git a/kernel/events/core.c b/kernel/events/core.c
> > > > > index 2d7a23a7507b..15a3b37ae213 100644
> > > > > --- a/kernel/events/core.c
> > > > > +++ b/kernel/events/core.c
> > > > > @@ -414,8 +414,13 @@ static struct kmem_cache *perf_event_cache;
> > > > >   *   0 - disallow raw tracepoint access for unpriv
> > > > >   *   1 - disallow cpu events for unpriv
> > > > >   *   2 - disallow kernel profiling for unpriv
> > > > > + *   4 - disallow all unpriv perf event use
> > > > --------^
> > > >=20
> > > > >   */
> > > > > +#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT
> > > > > +int sysctl_perf_event_paranoid __read_mostly =3D PERF_SECURITY_M=
AX;
> > > > > +#else
> > > > >  int sysctl_perf_event_paranoid __read_mostly =3D 2;
> > > > > +#endif
> > > > > =20
> > > > >  /* Minimum for 512 kiB + 1 user control page */
> > > > >  int sysctl_perf_event_mlock __read_mostly =3D 512 + (PAGE_SIZE /=
 1024); /* 'free' kiB per user */
> > > > > @@ -12148,6 +12153,9 @@ SYSCALL_DEFINE5(perf_event_open,
> > > > >  	if (err)
> > > > >  		return err;
> > > > > =20
> > > > > +	if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN))
> > > > > +		return -EACCES;
> > > > > +
> > > > >  	err =3D perf_copy_attr(attr_uptr, &attr);
> > > > >  	if (err)
> > > > >  		return err;
> > > > > diff --git a/security/Kconfig b/security/Kconfig
> > > > > index 6c7b35c941c7..4861085a2d49 100644
> > > > > --- a/security/Kconfig
> > > > > +++ b/security/Kconfig
> > > > > @@ -19,6 +19,16 @@ config SECURITY_DMESG_RESTRICT
> > > > > =20
> > > > >  	  If you are unsure how to answer this question, answer N.
> > > > > =20
> > > > > +config SECURITY_PERF_EVENTS_RESTRICT
> > > > > +	bool "Restrict unprivileged use of performance events"
> > > > > +	depends on PERF_EVENTS
> > > > > +	default y
> > > > > +	help
> > > > > +	  If you say Y here, the kernel.perf_event_paranoid sysctl
> > > > > +	  will be set to 3 by default, and no unprivileged use of the
> > > > -------------------------^
> > >=20
> > > =D0=AF =D1=8D=D1=82=D0=BE =D0=B7=D0=B0=D0=BC=D0=B5=D1=82=D0=B8=D0=BB,=
 =D0=BD=D0=BE, =D0=B4=D1=83=D0=BC=D0=B0=D1=8E, =D1=82=D0=B0=D0=BA =D0=BD=D0=
=B0=D0=B4=D0=BE =D0=B8 =D0=BE=D1=81=D1=82=D0=B0=D0=B2=D0=B8=D1=82=D1=8C.
> >=20
> > =D0=9C=D0=BE=D0=B6=D0=BD=D0=BE =D0=BF=D0=BE=D1=8F=D1=81=D0=BD=D0=B8=D1=
=82=D1=8C =D0=B7=D0=B0=D1=87=D0=B5=D0=BC? =D0=9A=D0=B0=D0=BA=D0=B8=D0=B5 =
=D0=B7=D0=B0=D0=B4=D0=B0=D1=87=D0=B8 =D0=BF=D0=BB=D0=B0=D0=BD=D0=B8=D1=80=
=D1=83=D0=B5=D1=82=D1=81=D1=8F =D1=8D=D1=82=D0=B8=D0=BC =D1=80=D0=B5=D1=88=
=D0=B8=D1=82=D1=8C?
> > =D0=A1=D1=87=D0=B8=D1=82=D0=B0=D0=B5=D1=82=D1=81=D1=8F =D0=BB=D0=B8 =D0=
=BD=D0=BE=D1=80=D0=BC=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D0=BC, =D1=87=D1=82=D0=
=BE =D0=BF=D1=80=D0=BE=D1=84=D0=B8=D0=BB=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D1=
=82=D1=8C =D0=BD=D1=83=D0=B6=D0=BD=D0=BE =D0=B1=D1=83=D0=B4=D0=B5=D1=82 =D0=
=BF=D0=BE=D0=B4 =D1=80=D1=83=D1=82=D0=BE=D0=BC?
> > =D0=92=D1=81=D1=91 =D0=B6=D0=B5 =D1=85=D0=BE=D1=82=D0=B5=D0=BB=D0=BE=D1=
=81=D1=8C =D0=B1=D1=8B, =D1=87=D1=82=D0=BE=D0=B1 =D0=BF=D0=BE=D0=BB=D1=8C=
=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C =D0=BC=D0=BE=D0=B3 =D0=BF=
=D0=BE=D0=BB=D0=BD=D0=BE=D1=86=D0=B5=D0=BD=D0=BD=D0=BE =D0=B7=D0=B0=D0=BD=
=D0=B8=D0=BC=D0=B0=D1=82=D1=8C=D1=81=D1=8F
> > =D1=80=D0=B0=D0=B7=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D0=BA=D0=BE=D0=B9 =D0=
=B8 =D0=BE=D1=82=D0=BB=D0=B0=D0=B4=D0=BA=D0=BE=D0=B9 =D0=BF=D1=80=D0=B8=D0=
=BB=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D0=B9.
>=20
> =D0=9D=D0=B5 =D1=81=D0=BA=D0=B0=D0=B7=D0=B0=D1=82=D1=8C, =D1=87=D1=82=D0=
=BE =D0=BF=D1=80=D0=BE=D1=84=D0=B8=D0=BB=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=
=BD=D0=B8=D0=B5 =E2=80=94 =D1=82=D0=B8=D0=BF=D0=B8=D1=87=D0=BD=D0=B0=D1=8F =
=D0=B7=D0=B0=D0=B4=D0=B0=D1=87=D0=B0. =D0=95=D1=81=D0=BB=D0=B8 =D0=B5=D1=81=
=D1=82=D1=8C =D0=BF=D0=BE=D1=82=D1=80=D0=B5=D0=B1=D0=BD=D0=BE=D1=81=D1=82=
=D1=8C
> =D0=BF=D1=80=D0=BE=D1=84=D0=B8=D0=BB=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D1=82=
=D1=8C =D0=BD=D0=B5 =D0=B8=D0=B7-=D0=BF=D0=BE=D0=B4 =D1=80=D1=83=D1=82=D0=
=B0, =D1=82=D0=BE =D0=BD=D0=B8=D1=87=D0=B5=D0=B3=D0=BE =D0=BD=D0=B5 =D0=BC=
=D0=B5=D1=88=D0=B0=D0=B5=D1=82 =D0=BF=D0=B5=D1=80=D0=B5=D0=BA=D0=BB=D1=8E=
=D1=87=D0=B8=D1=82=D1=8C =D1=80=D1=83=D1=87=D0=BA=D1=83 =D0=BD=D0=B0
> =D0=BF=D0=BE=D0=B4=D1=85=D0=BE=D0=B4=D1=8F=D1=89=D0=B5=D0=B5 =D0=B7=D0=BD=
=D0=B0=D1=87=D0=B5=D0=BD=D0=B8=D0=B5.

=D0=98 =D1=81=D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C =D1=80=D0=B5=D0=B1=D1=83=
=D1=82, =D0=B4=D0=B0?

=D0=90 =D0=BF=D1=80=D0=BE=D1=84=D0=B8=D0=BB=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=
=D0=BD=D0=B8=D0=B5 =D0=B2=D0=B5=D0=B4=D1=8C =D0=BD=D0=B5 =D1=82=D0=BE=D0=BB=
=D1=8C=D0=BA=D0=BE =D1=80=D0=B0=D0=B7=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D1=87=
=D0=B8=D0=BA=D1=83 =D0=BD=D1=83=D0=B6=D0=BD=D0=BE, =D0=BD=D0=BE =D0=B8 =D0=
=B0=D0=B4=D0=BC=D0=B8=D0=BD=D1=83,
=D0=BE=D1=81=D0=BE=D0=B1=D0=B5=D0=BD=D0=BD=D0=BE =D0=BD=D0=B0 =D0=B2=D1=8B=
=D1=81=D0=BE=D0=BA=D0=BE=D0=BD=D0=B0=D0=B3=D1=80=D1=83=D0=B6=D0=B5=D0=BD=D0=
=BD=D1=8B=D1=85 =D1=81=D0=B8=D1=81=D1=82=D0=B5=D0=BC=D0=B0=D1=85 =D0=B4=D0=
=BB=D1=8F =D0=BF=D0=BE=D0=B8=D1=81=D0=BA=D0=B0 =D1=83=D0=B7=D0=BA=D0=B8=D1=
=85 =D0=BC=D0=B5=D1=81=D1=82.

=D0=A2.=D0=B5. =D0=B2 =D1=80=D0=B5=D0=B0=D0=BB=D1=8C=D0=BD=D0=BE=D1=81=D1=
=82=D0=B8 =D0=B2=D1=81=D1=91 =D0=B1=D1=83=D0=B4=D0=B5=D1=82 =D0=BE=D1=82 =
=D1=80=D1=83=D1=82=D0=B0 =D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C=D1=81=D1=8F =
=D0=B8 =D0=B1=D0=B5=D0=B7=D0=BE=D0=BF=D0=B0=D1=81=D0=BD=D0=BE=D1=81=D1=82=
=D1=8C
=D0=BF=D1=80=D0=BE=D0=BC=D1=8B=D1=88=D0=BB=D0=B5=D0=BD=D0=BD=D1=8B=D1=85 =
=D1=81=D0=B8=D1=81=D1=82=D0=B5=D0=BC =D0=B8 =D1=81=D0=B8=D1=81=D1=82=D0=B5=
=D0=BC =D1=80=D0=B0=D0=B7=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D0=BA=D0=B8 =D0=B1=
=D1=83=D0=B4=D0=B5=D1=82 =D0=B4=D0=B5=D0=B3=D1=80=D0=B0=D0=B4=D0=B8=D1=80=
=D0=BE=D0=B2=D0=B0=D0=BD=D0=B0.

Best regards,
Andrew Savchenko

--Signature=_Thu__2_Jun_2022_21_42_03_+0300_wDFZVHQN.ik2I4ZS
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAmKZBHwACgkQ9lNaM7oe
5I3okA//Rz/G9k22BPtGGAL8Ygn0rNhcQuCzyoriqUXQMupQfY52AvnoiW+rs5Se
QH9VPIV15QdHf1T3UjdkmwuiE8+TpDYPcdbWZKiBUEQp41XT2Hlc9GWpPuZdYN4f
jLTH5FPbacz6ltLVRy0oNzhOyyF7Cn0bUmEYIvqPnRLTV5FyHn4lkHvX83eNLDAH
3nQbpllQfxWHCXJx0ooxUHVtwwfPudxekN1/+RvXmcS4eaZis14+8+p0KLzOzcPN
fLNljtA1zp82NlHWH9ID4ZqjSn4NX4oZaMixhYIU4UQsk8NE3uN4h0QhELvqASU3
UTXM/Z5vmBzaluFKjs4IyLndOtgi8/F2oviCwM6Kg7jYgETKxXcWO/PZNsecm1iy
tvBwVbv23ygMBwXsFAouZbyLXukCKR+RmOopYbU6lVDiE+9Lg4NKCjTuw3ROjqY8
P+d1zp6JHNRNQDnRonUvyqRJ5ojBlknjg3hVjH8aXREpPc/R2GDnV8a3b3nWRpnk
Hs3I8pnKHAi61Maqo02Y/kDF2yCU5NFp7d7DcgI5dJCKmPj0lR4nA406kVBH0yWH
vTO3M0qOSRZpkPt9gQxBkfc3Ht4sl5LegN77wvpMOT+gZ8teNbA+8XTb3X1ytgm+
nG2IYDh9rNq07U0RdoUvhvjy1a1OwuaKf8iTpse9Vqr0WL2TdB8=
=UCHR
-----END PGP SIGNATURE-----

--Signature=_Thu__2_Jun_2022_21_42_03_+0300_wDFZVHQN.ik2I4ZS--