| From 12ae030d54ef250706da5642fc7697cc60ad0df7 Mon Sep 17 00:00:00 2001 |
| From: Steven Rostedt <rostedt@goodmis.org> |
| Date: Tue, 5 Nov 2013 12:51:11 -0500 |
| Subject: perf/ftrace: Fix paranoid level for enabling function tracer |
| |
| From: Steven Rostedt <rostedt@goodmis.org> |
| |
| commit 12ae030d54ef250706da5642fc7697cc60ad0df7 upstream. |
| |
| The current default perf paranoid level is "1" which has |
| "perf_paranoid_kernel()" return false, and giving any operations that |
| use it, access to normal users. Unfortunately, this includes function |
| tracing and normal users should not be allowed to enable function |
| tracing by default. |
| |
| The proper level is defined at "-1" (full perf access), which |
| "perf_paranoid_tracepoint_raw()" will only give access to. Use that |
| check instead for enabling function tracing. |
| |
| Reported-by: Dave Jones <davej@redhat.com> |
| Reported-by: Vince Weaver <vincent.weaver@maine.edu> |
| Tested-by: Vince Weaver <vincent.weaver@maine.edu> |
| Cc: Peter Zijlstra <peterz@infradead.org> |
| Cc: Ingo Molnar <mingo@kernel.org> |
| Cc: Jiri Olsa <jolsa@redhat.com> |
| Cc: Frederic Weisbecker <fweisbec@gmail.com> |
| CVE: CVE-2013-2930 |
| Fixes: ced39002f5ea ("ftrace, perf: Add support to use function tracepoint in perf") |
| Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| kernel/trace/trace_event_perf.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/kernel/trace/trace_event_perf.c |
| +++ b/kernel/trace/trace_event_perf.c |
| @@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct |
| { |
| /* The ftrace function trace is allowed only for root. */ |
| if (ftrace_event_is_function(tp_event) && |
| - perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) |
| + perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN)) |
| return -EPERM; |
| |
| /* No tracing, just counting, so no obvious leak */ |