Re: [PATCH] perf: Allow restricted kernel breakpoints on user addresses

From: Peter Zijlstra
Date: Tue Sep 06 2022 - 16:38:20 EST


On Fri, Sep 02, 2022 at 12:00:57PM +0200, Marco Elver wrote:
> Allow the creation of restricted breakpoint perf events that also fire
> in the kernel (!exclude_kernel), if:
>
> 1. No sample information is requested; samples may contain IPs,
> registers, or other information that may disclose kernel addresses.
>
> 2. The breakpoint (viz. data watchpoint) is on a user address.
>
> The rules constrain the allowable perf events such that no sensitive
> kernel information can be disclosed.
>
> Despite no explicit kernel information disclosure, the following
> questions may need answers:
>
> 1. Is obtaining information that the kernel accessed a particular
> user's known memory location revealing new information?
> Given the kernel's user space ABI, there should be no "surprise
> accesses" to user space memory in the first place.
>
> 2. Does causing breakpoints on user memory accesses by the kernel
> potentially impact timing in a sensitive way?
> Since hardware breakpoints trigger regardless of the state of
> perf_event_attr::exclude_kernel, but are filtered in the perf
> subsystem, this possibility already exists independent of the
> proposed change.
>

Changelog forgot to tell us why you want this :-)

I don't see any immediate concerns, but it's late so who knows..