[RFC PATCH 15/17] perf: Allow controlled non-root access to detached events

From: Alexander Shishkin
Date: Tue Sep 05 2017 - 10:01:23 EST


The user who created the event should also be able to open its
corresponding file in tracefs and/or remove it.

Signed-off-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
---
kernel/events/core.c | 25 ++++++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index fbee221d19..802c0862a9 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5579,7 +5579,7 @@ static int perf_fasync(int fd, struct file *filp, int on)
static int perf_open(struct inode *inode, struct file *file)
{
struct perf_event *event = inode->i_private;
- int ret;
+ int ret = 0;

if (WARN_ON_ONCE(!event))
return -EINVAL;
@@ -5587,7 +5587,13 @@ static int perf_open(struct inode *inode, struct file *file)
if (!atomic_long_inc_not_zero(&event->refcount))
return -ENOENT;

- ret = simple_open(inode, file);
+ /* event's user is stable while we're holding the reference */
+ if (event->rb->mmap_user != current_user() &&
+ !capable(CAP_SYS_ADMIN))
+ ret = -EACCES;
+
+ if (!ret)
+ ret = simple_open(inode, file);
if (ret)
put_event(event);

@@ -9593,7 +9599,7 @@ perf_event_detach(struct perf_event *event, struct perf_event *parent_event,
if (!filename)
return -ENOMEM;

- event->dent = tracefs_create_file(filename, 0600,
+ event->dent = tracefs_create_file(filename, 0666,
perf_tracefs_dir,
event, &perf_fops);
kfree(filename);
@@ -11521,6 +11527,7 @@ static int perf_instance_unlink(const char *name)
{
struct perf_event *event;
struct dentry *dent;
+ int ret = 0;

dent = lookup_one_len_unlocked(name, perf_tracefs_dir, strlen(name));
if (!dent)
@@ -11530,6 +11537,18 @@ static int perf_instance_unlink(const char *name)
if (!event)
return -EINVAL;

+ if (!atomic_long_inc_not_zero(&event->refcount))
+ return 0;
+
+ /* event's user is stable while we're holding the reference */
+ if (event->rb->mmap_user != current_user() &&
+ !capable(CAP_SYS_ADMIN))
+ ret = -EACCES;
+ put_event(event);
+
+ if (ret)
+ return ret;
+
if (!(event->attach_state & PERF_ATTACH_CONTEXT))
return -EBUSY;

--
2.14.1