Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 1 Oct 2018 09:27:07 +0300
From: Alexey Budankov <alexey.budankov@...ux.intel.com>
To: Jann Horn <jannh@...gle.com>, Kees Cook <keescook@...omium.org>
Cc: tvrtko.ursulin@...ux.intel.com, Thomas Gleixner <tglx@...utronix.de>,
 tursulin@...ulin.net, kernel list <linux-kernel@...r.kernel.org>,
 Peter Zijlstra <peterz@...radead.org>,
 the arch/x86 maintainers <x86@...nel.org>, "H . Peter Anvin"
 <hpa@...or.com>, acme@...nel.org, alexander.shishkin@...ux.intel.com,
 jolsa@...hat.com, namhyung@...nel.org, maddy@...ux.vnet.ibm.com,
 Andi Kleen <ak@...ux.intel.com>, kernel-hardening@...ts.openwall.com
Subject: Re: [RFC 0/5] perf: Per PMU access controls (paranoid setting)

Hello Jann and Kees,

On 29.09.2018 1:02, Jann Horn wrote:
<SNIP>
> Ah, I guess the answer is "0", since you want to see data about what
> other users are doing.
> 
> Does the i915 PMU expose sampling events, counting events, or both?
> The thing about sampling events is that they AFAIK always let the user
> pick arbitrary data to collect - like register contents, or userspace
> stack memory -, and independent of the performance counter being
> monitored, this kind of access should not be permitted to other
> contexts. (But it might be that I misunderstand how perf works - I'm
> not super familiar with its API.)
> 

Currently *core* paranoid >= 1 (per-process mode) prevents simultaneous 
sampling on CPU events (perf record) and reading of uncore HW counters 
(perf stat -I), because uncore counters count system wide and that is 
allowed only when *core* paranoid <= 0.

Uncore counts collected simultaneously with CPU event samples can be 
correlated using timestamps taken from some common system clock e.g. 
CLOCK_MONOTONIC_RAW.

Could it be secure enough to still allow reading of system wide uncore 
HW counters when sampling of CPU events is limited to specific processes 
by *core* paranoid >= 1?

Thanks,
Alexey

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.