Skip to content

Commit 12ae030

Browse files
rostedtSteven Rostedt
authored and
Steven Rostedt
committed
perf/ftrace: Fix paranoid level for enabling function tracer
The current default perf paranoid level is "1" which has "perf_paranoid_kernel()" return false, and giving any operations that use it, access to normal users. Unfortunately, this includes function tracing and normal users should not be allowed to enable function tracing by default. The proper level is defined at "-1" (full perf access), which "perf_paranoid_tracepoint_raw()" will only give access to. Use that check instead for enabling function tracing. Reported-by: Dave Jones <davej@redhat.com> Reported-by: Vince Weaver <vincent.weaver@maine.edu> Tested-by: Vince Weaver <vincent.weaver@maine.edu> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: stable@vger.kernel.org # 3.4+ CVE: CVE-2013-2930 Fixes: ced3900 ("ftrace, perf: Add support to use function tracepoint in perf") Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
1 parent 5e01dc7 commit 12ae030

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: kernel/trace/trace_event_perf.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
2626
{
2727
/* The ftrace function trace is allowed only for root. */
2828
if (ftrace_event_is_function(tp_event) &&
29-
perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
29+
perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
3030
return -EPERM;
3131

3232
/* No tracing, just counting, so no obvious leak */

0 commit comments

Comments
 (0)