Commit 6c86ae29 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'ftrace-urgent-3.12-v2' of...

Merge tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull perf/ftrace fix from Steven Rostedt:
 "Dave Jones's trinity program was able to enable the function tracer
  from a normal user account via the perf syscall "perf_event_open()".
  When I was able to reproduce it with trinity, I was able to track down
  exactly how it happened.

  I discovered that the check for whether the function tracepoint should
  be activated or not was using the "perf_paranoid_kernel()" check which
  by default, lets the user continue.  The user should not by default be
  able to enable function tracing.

  The fix is to use "perf_paranoid_tracepoint_raw()" which will not let
  the user enable function tracing.  This is a security fix as normal
  users should never be allowed to enable the function tracer"

* tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  perf/ftrace: Fix paranoid level for enabling function tracer
parents 3ae423fe 12ae030d
...@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event, ...@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
{ {
/* The ftrace function trace is allowed only for root. */ /* The ftrace function trace is allowed only for root. */
if (ftrace_event_is_function(tp_event) && if (ftrace_event_is_function(tp_event) &&
perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
/* No tracing, just counting, so no obvious leak */ /* No tracing, just counting, so no obvious leak */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment