On Fri, May 3, 2013 at 2:11 PM, Peter Zijlstra <a.p.zijls...@chello.nl> wrote: > We should always have proper privileges when requesting kernel data. > > Cc: Andi Kleen <a...@linux.intel.com> > Cc: eran...@google.com > Signed-off-by: Peter Zijlstra <a.p.zijls...@chello.nl> > Link: http://lkml.kernel.org/n/tip-v0x9ky3ahzr6nm3c6ilwr...@git.kernel.org > --- > arch/x86/kernel/cpu/perf_event_intel_lbr.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > --- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c > +++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c > @@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filte > if (br_type & PERF_SAMPLE_BRANCH_USER) > mask |= X86_BR_USER; > > - if (br_type & PERF_SAMPLE_BRANCH_KERNEL) > + if (br_type & PERF_SAMPLE_BRANCH_KERNEL) { > + if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) > + return -EACCES; > mask |= X86_BR_KERNEL; > + } > This will prevent regular users from capturing kernel -> kernel branches. But it won't prevent users from getting kernel -> user branches. Thus some kernel address will still be captured. I guess they could be eliminated by the sw_filter.
When using LBR priv level filtering, the filter applies to the branch target only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
