Enable users to use perf-trace to trace their own processes, like strace but without the overhead of ptrace(). Ensure that users cannot access other users' or systemwide tracing data.
Changes in v4: - Preserve security_perf_event_open(PERF_SECURITY_KERNEL) LSM hook in the tp_bypass path. - Lift the PERF_SAMPLE_IP check out of the tp_bypass path above the PERF_SAMPLE_RAW branch so it applies to counting and sampling. This also allows us to ensure PERF_SAMPLE_IP is set for uprobes. - Block counting path for TRACE_EVENT_FL_CAP_ANY for unprivileged users with sysctl_perf_event_paranoid > 1. Changes in v3: - Don't set PERF_SAMPLE_IP for unprivileged tracepoints. This allows us to exclude PERF_SAMPLE_IP from kaddr_leak without weakening KASLR. - Mount tracefs as world-traversable so users can access eventfs directories. Anubhav Shelat (3): perf evsel: don't set PERF_SAMPLE_IP for unprivileged tracepoints perf: enable unprivileged syscall tracing with perf trace tracefs: make root directory world-traversable fs/tracefs/inode.c | 2 +- kernel/events/core.c | 28 +++++++++++++++++++++++++--- kernel/trace/trace_event_perf.c | 21 ++++++++++++++++++++- kernel/trace/trace_events.c | 16 ++++++++++++++-- tools/perf/util/evsel.c | 14 +++++++++++++- 5 files changed, 73 insertions(+), 8 deletions(-) -- 2.54.0
