Re: [RFC 0/5] perf: Per PMU access controls (paranoid setting)

[Alexey Budankov]

Hello,

On 02.10.2018 9:40, Thomas Gleixner wrote:

<SNIP>

> 
> Not only the user group, it really should do the full security checks which
> are done on open().

I expect it is already implemented by some internal kernel API so that 
it could be reused.

> 
>>    b) then traditional checks against perf_event_pranoid content are applied;
> 
> Hmm, not sure about that because that might be conflicting.

Well, possible contradictions could be converged to some reasonable point 
during technical review stage.

Current perf_event_paranoid semantics is still required for PMUs 
that are governed by global setting at /proc/sys/kernel/perf_event_paranoid.

<SNIP>

>> 4. Documentation/admin-guide/perf-security.rst file is introduced that:
> 
>      0) Better documentation of /proc/sys/kernel/perf_even_paranoid

Exactly. perf_event_open man7 [1] requires update as well, however 
this is not a part of kernel source tree so these docs changes are 
to be mailed TO: mtk.manpages@xxxxxxxxx and CC: linux-api@xxxxxxxxxxxxxxxx

Thanks,
Alexey

[1] http://man7.org/linux/man-pages/man2/perf_event_open.2.html