perf/core: Change the default paranoia level to 2 (0161028b) · Commits · 戴 / test

Allowing unprivileged kernel profiling lets any user dump follow kernel control flow and dump kernel registers. This most likely allows trivial kASLR bypassing, and it may allow other mischief as well. (Off the top of my head, the PERF_SAMPLE_REGS_INTR output during /dev/urandom reads could be quite interesting.) Signed-off-by:

Andy Lutomirski <luto@kernel.org> Acked-by:

Kees Cook <keescook@chromium.org> Signed-off-by:

Linus Torvalds <torvalds@linux-foundation.org>

Documentation/sysctl/kernel.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -645,7 +645,7 @@ allowed to execute.
		perf_event_paranoid:

		Controls use of the performance events system by unprivileged
		users (without CAP_SYS_ADMIN). The default value is 1.
		users (without CAP_SYS_ADMIN). The default value is 2.

		-1: Allow use of (almost) all events by all users
		>=0: Disallow raw tracepoint access by users without CAP_IOC_LOCK

kernel/events/core.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -351,7 +351,7 @@ static struct srcu_struct pmus_srcu;
		* 1 - disallow cpu events for unpriv
		* 2 - disallow kernel profiling for unpriv
		*/
		int sysctl_perf_event_paranoid __read_mostly = 1;
		int sysctl_perf_event_paranoid __read_mostly = 2;

		/* Minimum for 512 kiB + 1 user control page */
		int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */

Admin message