Re: [PATCH v2 4/5] perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler

Next message: Simon Horman: "Re: [PATCH v2 net] net: enetc: safely reinitialize TX BD ring when it has unsent frames"
Previous message: Jason Gunthorpe: "Re: [PATCH] iommupt/amdv1: avoid GCOV builds triggering FIELD_PREP build failure"
In reply to: Michael Petlan: "Re: [PATCH v2 4/5] perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ravi Bangoria

Date: Tue Mar 10 2026 - 13:10:17 EST

Hi Michael,

>>> By evaluating the privileges at the event-init moment and using cached
>>> value later, couldn't it lead to the cached value being obsolete at
>>> some point? E.g. a setuid program later dropping the privileges but
>>> still being able to read physical addresses?
>>
>> Yes, but wouldn't the same concern apply to all other call sites of
>> perf_allow_kernel() ?
>
> Well, I don't say this case is worse than the others, just raising a
> more generic question whether this design is fairly acceptable or would
> deserve e.g. privilege adjusting at the time when they are dropped or
> something... Nothing more, just a note... :)

I understand. However, performing the privilege check at the beginning
and then continuing to allow accessing the privileged resource even
after privileges have been dropped is a common design pattern, isn't it?
For example, I assume something like this is allowed:

fd = open("/root/only/file");
setresuid(); /* drop the privilege */
read(fd);

Thanks,
Ravi