[tip: perf/core] perf/core: Check kernel access when kernel callchains are requested

From: tip-bot2 for Dapeng Mi

Date: Tue Jun 30 2026 - 05:58:47 EST


The following commit has been merged into the perf/core branch of tip:

Commit-ID: a4573a3838ae4fc73b70019cfa1dac9aaea7cc2f
Gitweb: https://git.kernel.org/tip/a4573a3838ae4fc73b70019cfa1dac9aaea7cc2f
Author: Dapeng Mi <dapeng1.mi@xxxxxxxxxxxxxxx>
AuthorDate: Tue, 16 Jun 2026 12:46:54 +08:00
Committer: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
CommitterDate: Tue, 30 Jun 2026 11:46:08 +02:00

perf/core: Check kernel access when kernel callchains are requested

perf_event_open() currently gates perf_allow_kernel() only on
!attr.exclude_kernel.

However, users can still request kernel callchain collection with
attr.exclude_callchain_kernel == 0 even when attr.exclude_kernel == 1.
That still requires kernel profiling privilege, but the existing check
does not enforce it.

Update the permission check to call perf_allow_kernel() when either
kernel sampling is requested or kernel callchains are requested.

This keeps permission checks aligned with requested data and prevents
unprivileged use of kernel callchain capture.

Signed-off-by: Dapeng Mi <dapeng1.mi@xxxxxxxxxxxxxxx>
Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Link: https://patch.msgid.link/20260616044654.3468742-9-dapeng1.mi@xxxxxxxxxxxxxxx
---
kernel/events/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index dd3bd9c..0f29d17 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -13932,7 +13932,9 @@ SYSCALL_DEFINE5(perf_event_open,
if (err)
return err;

- if (!attr.exclude_kernel) {
+ if (!attr.exclude_kernel ||
+ ((attr.sample_type & PERF_SAMPLE_CALLCHAIN) &&
+ !attr.exclude_callchain_kernel)) {
err = perf_allow_kernel();
if (err)
return err;