linux_dsm_epyc7002/arch
Alexey Budankov cf91baf3f7 parisc/perf: open access for CAP_PERFMON privileged process
Open access to monitoring for CAP_PERFMON privileged process.  Providing
the access under CAP_PERFMON capability singly, without the rest of
CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials
and makes operation more secure.

CAP_PERFMON implements the principle of least privilege for performance
monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39
principle of least privilege: A security design principle that states
that a process or program be granted only those privileges (e.g.,
capabilities) necessary to accomplish its legitimate function, and only
for the time that such privileges are actually required)

For backward compatibility reasons access to the monitoring remains open
for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for
secure monitoring is discouraged with respect to CAP_PERFMON capability.

Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Acked-by: Helge Deller <deller@gmx.de>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Igor Lubashev <ilubashe@akamai.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: intel-gfx@lists.freedesktop.org
Cc: linux-doc@vger.kernel.org
Cc: linux-man@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: selinux@vger.kernel.org
Link: http://lore.kernel.org/lkml/8cc98809-d35b-de0f-de02-4cf554f3cf62@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2020-04-16 12:19:08 -03:00
..
alpha mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
arc mm/vma: define a default value for VM_DATA_DEFAULT_FLAGS 2020-04-10 15:36:21 -07:00
arm efi/arm: Deal with ADR going out of range in efi_enter_kernel() 2020-04-14 08:32:14 +02:00
arm64 mm/memory_hotplug: add pgprot_t to mhp_params 2020-04-10 15:36:21 -07:00
c6x mm/vma: define a default value for VM_DATA_DEFAULT_FLAGS 2020-04-10 15:36:21 -07:00
csky mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
h8300 Kbuild updates for v5.7 (2nd) 2020-04-11 09:46:12 -07:00
hexagon mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
ia64 mm/memory_hotplug: add pgprot_t to mhp_params 2020-04-10 15:36:21 -07:00
m68k m68k: Drop redundant generic-y += hardirq.h 2020-04-13 11:08:52 -07:00
microblaze mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
mips Kbuild updates for v5.7 (2nd) 2020-04-11 09:46:12 -07:00
nds32 mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
nios2 nios2 update for v5.7-rc1 2020-04-11 11:38:44 -07:00
openrisc mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
parisc parisc/perf: open access for CAP_PERFMON privileged process 2020-04-16 12:19:08 -03:00
powerpc powerpc/perf: open access for CAP_PERFMON privileged process 2020-04-16 12:19:08 -03:00
riscv mm/vma: define a default value for VM_DATA_DEFAULT_FLAGS 2020-04-10 15:36:21 -07:00
s390 Merge branch 'akpm' (patches from Andrew) 2020-04-10 17:57:48 -07:00
sh Kbuild updates for v5.7 (2nd) 2020-04-11 09:46:12 -07:00
sparc mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
um mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
unicore32 mm/special: create generic fallbacks for pte_special() and pte_mkspecial() 2020-04-10 15:36:21 -07:00
x86 Misc EFI fixes, including the boot failure regression caused by the BSS section not being cleared. 2020-04-15 17:37:48 -07:00
xtensa Merge branch 'akpm' (patches from Andrew) 2020-04-10 17:57:48 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
Kconfig dma-mapping updates for 5.7 2020-04-04 10:12:47 -07:00