linux/drivers
Alexey Budankov cea7d0d4a5 drivers/perf: Open access for CAP_PERFMON privileged process
Open access to monitoring for CAP_PERFMON privileged process.  Providing
the access under CAP_PERFMON capability singly, without the rest of
CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials
and makes operation more secure.

CAP_PERFMON implements the principle of least privilege for performance
monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39
principle of least privilege: A security design principle that states
that a process or program be granted only those privileges (e.g.,
capabilities) necessary to accomplish its legitimate function, and only
for the time that such privileges are actually required)

For backward compatibility reasons access to the monitoring remains open
for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for
secure monitoring is discouraged with respect to CAP_PERFMON capability.

Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Acked-by: Will Deacon <will@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Igor Lubashev <ilubashe@akamai.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: intel-gfx@lists.freedesktop.org
Cc: linux-doc@vger.kernel.org
Cc: linux-man@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: selinux@vger.kernel.org
Link: http://lore.kernel.org/lkml/4ec1d6f7-548c-8d1c-f84a-cebeb9674e4e@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2020-04-16 12:19:09 -03:00
..
accessibility
acpi More ACPI updates for 5.7-rc1 2020-04-10 09:52:15 -07:00
amba Revert "amba: Initialize dma_parms for amba devices" 2020-04-01 08:03:28 +02:00
android
ata ahci: Add Intel Comet Lake PCH RAID PCI ID 2020-04-09 09:31:38 -06:00
atm .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
auxdisplay
base mm/memory_hotplug: allow to specify a default online_type 2020-04-07 10:43:41 -07:00
bcma
block xen: branch for v5.7-rc1b 2020-04-10 17:20:06 -07:00
bluetooth
bus ARM: driver updates 2020-04-03 15:05:35 -07:00
cdrom
char Merge branch 'akpm' (patches from Andrew) 2020-04-10 17:57:48 -07:00
clk There's not much to see in the core framework this time around. Instead the 2020-04-05 10:43:32 -07:00
clocksource clocksource/drivers/timer-vf-pit: Add missing parenthesis 2020-04-05 09:24:58 +02:00
connector
counter
cpufreq Additional power management updates for 5.7-rc1 2020-04-06 10:14:39 -07:00
cpuidle Merge branch 'pm-cpuidle' 2020-04-10 11:32:22 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2020-04-08 21:35:29 -07:00
dax dax: Move mandatory ->zero_page_range() check in alloc_dax() 2020-04-02 19:15:03 -07:00
dca
devfreq PM / devfreq: Fix handling dev_pm_qos_remove_request result 2020-03-25 08:35:03 +09:00
dio
dma drivers/dma/tegra20-apb-dma.c: fix platform_get_irq.cocci warnings 2020-04-10 15:36:22 -07:00
dma-buf A bunch of fixes to avoid null pointer dereference in fbcon, fix a return 2020-04-08 09:14:34 +10:00
edac Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
eisa .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
extcon Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
firewire
firmware efi/libstub/file: Merge file name buffers to reduce stack usage 2020-04-14 08:32:15 +02:00
fpga
fsi
gnss
gpio This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
gpu drm/i915/perf: Open access for CAP_PERFMON privileged process 2020-04-16 12:19:08 -03:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2020-04-01 15:18:42 -07:00
hsi
hv hyperv-fixes for 5.7-rc1 2020-04-14 11:58:04 -07:00
hwmon change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
hwspinlock hwspinlock: hwspinlock_internal.h: Replace zero-length array with flexible-array member 2020-03-25 22:30:46 -07:00
hwtracing
i2c Merge branch 'i2c/for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2020-04-02 15:54:13 -07:00
i3c i3c: convert to use i2c_new_client_device() 2020-03-29 10:35:50 +02:00
ide drivers/ide: Fix build regression. 2020-04-04 18:07:59 -07:00
idle Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
iio chrome platform changes for 5.7 2020-04-08 21:25:49 -07:00
infiniband RDMA 5.7 pull request 2020-04-01 18:18:18 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-04-07 20:20:12 -07:00
interconnect
iommu Merge branches 'iommu/fixes', 'arm/qcom', 'arm/omap', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next 2020-03-27 11:33:27 +01:00
ipack
irqchip Two reverts addressing regressions of the Xilinx interrupt controller 2020-04-05 11:57:12 -07:00
isdn
leds leds: core: Fix warning message when init_data 2020-04-06 23:12:08 +02:00
lightnvm for-5.7/drivers-2020-03-29 2020-03-30 11:43:51 -07:00
macintosh Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
mailbox
mcb
md libnvdimm for 5.7 2020-04-08 21:03:40 -07:00
media Power management updates for 5.7-rc1 2020-03-30 15:05:01 -07:00
memory ARM: driver updates 2020-04-03 15:05:35 -07:00
memstick
message scsi: message: fusion: Replace zero-length array with flexible-array member 2020-03-26 22:40:47 -04:00
mfd mfd: intel-lpss: Fix Intel Elkhart Lake LPSS I2C input clock 2020-03-30 07:35:28 +01:00
misc virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
mmc MMC core: 2020-03-31 16:13:09 -07:00
most
mtd This pull request contains fixes for UBI and UBIFS: 2020-04-07 12:40:56 -07:00
mux
net virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
ntb pci-v5.7-changes 2020-04-03 14:25:02 -07:00
nubus
nvdimm libnvdimm for 5.7 2020-04-08 21:03:40 -07:00
nvme block-5.7-2020-04-10 2020-04-10 10:06:54 -07:00
nvmem nvmem: core: remove nvmem_sysfs_get_groups() 2020-03-25 19:23:49 +01:00
of Devicetree updates for v5.7: 2020-04-02 17:32:52 -07:00
opp
oprofile
parisc parisc: Replace setup_irq() by request_irq() 2020-04-05 22:05:23 +02:00
parport
pci IOMMU Updates for Linux v5.7 2020-04-08 11:00:00 -07:00
pcmcia pcmcia: remove some unused space characters 2020-03-31 18:48:22 +02:00
perf drivers/perf: Open access for CAP_PERFMON privileged process 2020-04-16 12:19:09 -03:00
phy pci-v5.7-changes 2020-04-03 14:25:02 -07:00
pinctrl This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
platform change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
pnp
power change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
powercap Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
pps
ps3 powerpc/ps3: Remove an unneeded NULL check 2020-04-03 00:09:59 +11:00
ptp ptp: Avoid deadlocks in the programmable pin code. 2020-03-30 11:16:38 -07:00
pwm pwm: pca9685: Fix PWM/GPIO inter-operation 2020-04-03 21:41:42 +02:00
rapidio
ras
regulator spi/regulator: Updates for v5.7 2020-03-30 14:58:26 -07:00
remoteproc remoteproc/omap: Fix set_load call in omap_rproc_request_timer 2020-04-03 10:47:21 -07:00
reset
rpmsg
rtc - New Drivers 2020-04-07 19:48:52 -07:00
s390 SCSI misc on 20200410 2020-04-10 12:21:11 -07:00
sbus
scsi SCSI misc on 20200410 2020-04-10 12:21:11 -07:00
sfi
sh
siox
slimbus
soc RISC-V Patches for the 5.7 Merge Window, Part 1 2020-04-09 10:51:30 -07:00
soundwire Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
spi sound updates for 5.7-rc1 2020-04-02 15:50:04 -07:00
spmi
ssb
staging mm/vma: introduce VM_ACCESS_FLAGS 2020-04-10 15:36:21 -07:00
target SCSI misc on 20200410 2020-04-10 12:21:11 -07:00
tc
tee ARM: driver updates 2020-04-03 15:05:35 -07:00
thermal - Convert tsens configuration DT binding to yaml (Rajeshwari) 2020-04-07 20:00:16 -07:00
thunderbolt
tty powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
uio
usb SCSI misc on 20200402 2020-04-02 17:03:53 -07:00
vdpa vdpa: move to drivers/vdpa 2020-04-02 10:41:40 -04:00
vfio vfio: Ignore -ENODEV when getting MSI cookie 2020-04-01 13:51:51 -06:00
vhost vhost: introduce vDPA-based backend 2020-04-02 10:41:40 -04:00
video drm fixes for 5.7-rc1 2020-04-07 20:24:34 -07:00
virt
virtio virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
visorbus
vlynq
vme
w1
watchdog watchdog: Add K3 RTI watchdog support 2020-04-01 11:35:23 +02:00
xen xen: branch for v5.7-rc1b 2020-04-10 17:20:06 -07:00
zorro SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
Kconfig virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
Makefile virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00