77 lines
2.7 KiB
Diff
77 lines
2.7 KiB
Diff
From: Ben Hutchings <ben@decadent.org.uk>
|
|
Subject: grsecurity: GRKERNSEC_PERF_HARDEN
|
|
Origin: https://grsecurity.net/test/grsecurity-3.1-4.1.3-201507261932.patch
|
|
|
|
The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity. Adds the
|
|
option to disable perf_event_open() entirely for unprivileged users.
|
|
This standalone version doesn't include making the variable read-only
|
|
(or renaming it).
|
|
|
|
---
|
|
--- a/include/linux/perf_event.h
|
|
+++ b/include/linux/perf_event.h
|
|
@@ -1122,6 +1122,11 @@ extern int perf_cpu_time_max_percent_han
|
|
int perf_event_max_stack_handler(struct ctl_table *table, int write,
|
|
void __user *buffer, size_t *lenp, loff_t *ppos);
|
|
|
|
+static inline bool perf_paranoid_any(void)
|
|
+{
|
|
+ return sysctl_perf_event_paranoid > 2;
|
|
+}
|
|
+
|
|
static inline bool perf_paranoid_tracepoint_raw(void)
|
|
{
|
|
return sysctl_perf_event_paranoid > -1;
|
|
--- a/kernel/events/core.c
|
|
+++ b/kernel/events/core.c
|
|
@@ -352,8 +352,13 @@ static struct srcu_struct pmus_srcu;
|
|
* 0 - disallow raw tracepoint access for unpriv
|
|
* 1 - disallow cpu events for unpriv
|
|
* 2 - disallow kernel profiling for unpriv
|
|
+ * 3 - disallow all unpriv perf event use
|
|
*/
|
|
+#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
|
|
+int sysctl_perf_event_paranoid __read_mostly = 3;
|
|
+#else
|
|
int sysctl_perf_event_paranoid __read_mostly = 2;
|
|
+#endif
|
|
|
|
/* Minimum for 512 kiB + 1 user control page */
|
|
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
|
|
@@ -9181,6 +9186,11 @@ SYSCALL_DEFINE5(perf_event_open,
|
|
if (flags & ~PERF_FLAG_ALL)
|
|
return -EINVAL;
|
|
|
|
+#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
|
|
+ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN))
|
|
+ return -EACCES;
|
|
+#endif
|
|
+
|
|
err = perf_copy_attr(attr_uptr, &attr);
|
|
if (err)
|
|
return err;
|
|
--- a/grsecurity/Kconfig
|
|
+++ b/grsecurity/Kconfig
|
|
@@ -1,3 +1,21 @@
|
|
#
|
|
# grecurity configuration
|
|
#
|
|
+config GRKERNSEC_PERF_HARDEN
|
|
+ bool "Disable unprivileged PERF_EVENTS usage by default"
|
|
+ depends on PERF_EVENTS
|
|
+ help
|
|
+ If you say Y here, the range of acceptable values for the
|
|
+ /proc/sys/kernel/perf_event_paranoid sysctl will be expanded to allow and
|
|
+ default to a new value: 3. When the sysctl is set to this value, no
|
|
+ unprivileged use of the PERF_EVENTS syscall interface will be permitted.
|
|
+
|
|
+ Though PERF_EVENTS can be used legitimately for performance monitoring
|
|
+ and low-level application profiling, it is forced on regardless of
|
|
+ configuration, has been at fault for several vulnerabilities, and
|
|
+ creates new opportunities for side channels and other information leaks.
|
|
+
|
|
+ This feature puts PERF_EVENTS into a secure default state and permits
|
|
+ the administrator to change out of it temporarily if unprivileged
|
|
+ application profiling is needed.
|
|
+
|