linux/kernel
Linus Torvalds 6c86ae2928 Dave Jones's trinity program was able to enable the function tracer
from a normal user account via the perf syscall "perf_event_open()".
 When I was able to reproduce it with trinity, I was able to track down
 exactly how it happened.
 
 I discovered that the check for whether the function tracepoint should
 be activated or not was using the "perf_paranoid_kernel()" check which
 by default, lets the user continue. The user should not by default be
 able to enable function tracing. The fix is to use
 "perf_paranoid_tracepoint_raw()" which will not let the user enable
 function tracing.
 
 This is a security fix as normal users should never be allowed to
 enable the function tracer.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.14 (GNU/Linux)
 
 iQEcBAABAgAGBQJSepxvAAoJEKQekfcNnQGuLeQH/jMe/m3ogrf2NaryszjJ12rc
 jyhxXL5tMYNWAY8mp5Dt7WIGgUcNFQFqGq8oNWwc0W/Snil0DHwzwGrbzg6+RMPL
 S53qfQvrU0wuFSQu4NdRfhWnq7JaGbji8jbH+d2QdMj2FpktlqxTq8BZETFgJTes
 Ex8NmU5paROuYeVNviPeqo5Ss4rPeQYmOE12B3rDhJFYvnzy37D11zO34GiVutoM
 mSqSHO5UFig6u2fv347lBM04fBSUDRbK22iXP6kC/xtjgRJh60ElZsRzc5fFzcsQ
 usLZ8IcybzpsEReXofFeLDVk98sZKioKYWpzerKwSc8RYDIIrQXaD94T/EDngV8=
 =QJRi
 -----END PGP SIGNATURE-----

Merge tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull perf/ftrace fix from Steven Rostedt:
 "Dave Jones's trinity program was able to enable the function tracer
  from a normal user account via the perf syscall "perf_event_open()".
  When I was able to reproduce it with trinity, I was able to track down
  exactly how it happened.

  I discovered that the check for whether the function tracepoint should
  be activated or not was using the "perf_paranoid_kernel()" check which
  by default, lets the user continue.  The user should not by default be
  able to enable function tracing.

  The fix is to use "perf_paranoid_tracepoint_raw()" which will not let
  the user enable function tracing.  This is a security fix as normal
  users should never be allowed to enable the function tracer"

* tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  perf/ftrace: Fix paranoid level for enabling function tracer
2013-11-08 08:54:53 +09:00
..
cpu idle: Enable interrupts in the weak arch_cpu_idle() implementation 2013-06-14 23:01:05 +02:00
debug kgdb/sysrq: fix inconstistent help message of sysrq key 2013-04-30 17:04:10 -07:00
events Driver Core / sysfs patches for 3.13-rc1 2013-11-07 11:42:15 +09:00
gcov kernel: replace strict_strto*() with kstrto*() 2013-09-12 15:38:03 -07:00
irq Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
power PM / hibernate: Move software_resume to late_initcall_sync 2013-10-25 01:58:49 +02:00
printk TTY/Serial driver patches for 3.12-rc1 2013-09-03 11:38:36 -07:00
sched sched/balancing: Fix cfs_rq->task_h_load calculation 2013-09-20 11:59:39 +02:00
time clockevents: Sanitize ticks to nsec conversion 2013-10-23 12:51:21 +02:00
trace perf/ftrace: Fix paranoid level for enabling function tracer 2013-11-06 14:44:49 -05:00
.gitignore kernel/hz.bc: ignore. 2013-04-22 07:09:06 -07:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks locking: Fix copy/paste errors of "ARCH_INLINE_*_UNLOCK_BH" 2013-05-28 08:50:00 +02:00
Kconfig.preempt
Makefile Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
acct.c fs: Fix hang with BSD accounting on frozen filesystem 2013-05-04 14:57:58 -04:00
async.c async: rename and redefine async_func_ptr 2013-03-12 13:59:14 -07:00
audit.c audit: fix endless wait in audit_log_start() 2013-09-24 17:00:26 -07:00
audit.h audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record 2013-07-09 10:33:19 -07:00
audit_tree.c kernel/audit_tree.c:audit_add_tree_rule(): protect `rule' from kill_rules() 2013-06-12 16:29:46 -07:00
audit_watch.c
auditfilter.c audit: Fix decimal constant description 2013-07-09 10:33:19 -07:00
auditsc.c audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record 2013-07-09 10:33:19 -07:00
backtracetest.c
bounds.c
capability.c xfs: update for v3.12-rc1 2013-09-09 11:19:09 -07:00
cgroup.c Merge branch 'for-3.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2013-10-22 08:20:34 +01:00
cgroup_freezer.c cgroup: make css_for_each_descendant() and friends include the origin css in the iteration 2013-08-08 20:11:27 -04:00
compat.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-05-01 07:21:43 -07:00
configs.c proc: Supply PDE attribute setting accessor functions 2013-05-01 17:29:18 -04:00
context_tracking.c arm: Fix build error with context tracking calls 2013-09-27 17:59:47 +02:00
cpu.c ACPI / processor: Acquire writer lock to update CPU maps 2013-08-13 12:20:16 +02:00
cpu_pm.c
cpuset.c Merge branch 'for-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2013-09-03 18:25:03 -07:00
crash_dump.c
cred.c
delayacct.c cputime: Use accessors to read task cputime stats 2013-01-27 19:23:31 +01:00
dma.c
elfcore.c
exec_domain.c
exit.c ptrace: revert "Prepare to fix racy accesses on task breakpoints" 2013-07-09 10:33:26 -07:00
extable.c extable: skip sorting if the table is empty 2013-09-11 15:58:25 -07:00
fork.c Merge git://git.kvack.org/~bcrl/aio-next 2013-09-13 10:55:58 -07:00
freezer.c freezer: set PF_SUSPEND_TASK flag on tasks that call freeze_processes 2013-07-30 14:05:06 +02:00
futex.c futex: Use freezable blocking call 2013-06-25 23:11:19 +02:00
futex_compat.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-02-23 18:50:11 -08:00
groups.c userns: Kill nsown_capable it makes the wrong thing easy 2013-08-30 23:44:11 -07:00
hrtimer.c kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
hung_task.c hung_task debugging: Print more info when reporting the problem 2013-08-02 11:02:42 +02:00
irq_work.c Merge branch 'nohz/printk-v8' into irq/core 2013-02-05 00:48:46 +01:00
itimer.c
jump_label.c jump_label: Split jumplabel ratelimit 2013-08-09 07:53:54 -07:00
kallsyms.c kernel: kallsyms: memory override issue, need check destination buffer length 2013-04-15 15:17:26 +09:30
kcmp.c
kexec.c kexec: remove unnecessary return 2013-09-11 15:59:10 -07:00
kmod.c kernel/kmod.c: check for NULL in call_usermodehelper_exec() 2013-09-30 14:31:02 -07:00
kprobes.c kprobes: allow to specify custom allocator for insn caches 2013-09-11 15:58:52 -07:00
ksysfs.c kernel: replace strict_strto*() with kstrto*() 2013-09-12 15:38:03 -07:00
kthread.c kthread: implement probe_kthread_data() 2013-04-30 17:04:02 -07:00
latencytop.c
lglock.c lglock: Update lockdep annotations to report recursive local locks 2013-07-12 13:51:19 +02:00
lockdep.c lockdep: remove task argument from debug_check_no_locks_held 2013-05-12 14:16:21 +02:00
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
modsign_certificate.S CONFIG_SYMBOL_PREFIX: cleanup. 2013-03-15 15:09:43 +10:30
modsign_pubkey.c kernel/modsign_pubkey.c: fix init const for module signing code 2013-09-11 15:58:21 -07:00
module-internal.h
module.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-09-05 08:50:26 -07:00
module_signing.c
mutex-debug.c
mutex-debug.h
mutex.c mutex: Avoid gcc version dependent __builtin_constant_p() usage 2013-10-18 21:58:54 +02:00
mutex.h
notifier.c
nsproxy.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-09-07 14:35:32 -07:00
padata.c padata - Register hotcpu notifier after initialization 2013-08-29 14:37:59 +10:00
panic.c panic: call panic handlers before kmsg_dump 2013-09-11 15:59:30 -07:00
params.c kernel/params: fix handling of signed integer types 2013-09-28 12:35:52 -07:00
pid.c pidns: fix free_pid() to handle the first fork failure 2013-09-30 14:31:03 -07:00
pid_namespace.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-09-07 14:35:32 -07:00
posix-cpu-timers.c posix_timers: fix racy timer delta caching on task exit 2013-07-03 16:54:42 +02:00
posix-timers.c posix-timers: Remove unused variable 2013-04-18 12:51:19 +02:00
profile.c kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
ptrace.c __ptrace_may_access() should not deny sub-threads 2013-09-11 15:59:01 -07:00
range.c range: Do not add new blank slot with add_range_with_merge 2013-06-18 11:32:10 -05:00
rcu.h rcu: Make call_rcu() leak callbacks for debug-object errors 2013-08-18 17:40:03 -07:00
rcupdate.c Not much changes for the 3.12 merge window. The major tracing changes 2013-09-09 14:42:15 -07:00
rcutiny.c rcu: Add const annotation to char * for RCU tracepoints and functions 2013-07-29 17:07:49 -04:00
rcutiny_plugin.h rcu: Add const annotation to char * for RCU tracepoints and functions 2013-07-29 17:07:49 -04:00
rcutorture.c rcu: Make rcutorture emit online failures if verbose 2013-08-20 11:38:45 -07:00
rcutree.c Merge branches 'doc.2013.08.19a', 'fixes.2013.08.20a', 'sysidle.2013.08.31a' and 'torture.2013.08.20a' into HEAD 2013-08-31 14:44:45 -07:00
rcutree.h nohz_full: Force RCU's grace-period kthreads onto timekeeping CPU 2013-08-31 14:44:02 -07:00
rcutree_plugin.h nohz_full: Force RCU's grace-period kthreads onto timekeeping CPU 2013-08-31 14:44:02 -07:00
rcutree_trace.c rcutrace: single_open() leaks 2013-05-05 00:16:35 -04:00
reboot.c kernel/reboot.c: re-enable the function of variable reboot_default 2013-09-24 17:00:26 -07:00
relay.c kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
res_counter.c memcg: reduce function dereference 2013-09-12 15:38:02 -07:00
resource.c kernel/resource.c: remove the unneeded assignment in function __find_resource 2013-07-03 16:08:06 -07:00
rtmutex-debug.c sched/rt: Move rt specific bits into new header file 2013-02-07 20:51:08 +01:00
rtmutex-debug.h
rtmutex-tester.c locking/rtmutex/tester: Set correct permissions on sysfs files 2013-04-10 14:48:37 +02:00
rtmutex.c rtmutex: Document rt_mutex_adjust_prio_chain() 2013-05-28 09:23:52 +02:00
rtmutex.h
rtmutex_common.h
rwsem.c Revert "rw_semaphore: remove up/down_read_non_owner" 2013-03-23 15:53:52 -07:00
seccomp.c seccomp: allow BPF_XOR based ALU instructions. 2013-03-26 11:07:19 +11:00
semaphore.c semaphore: use `bool' type for semaphore_waiter's up 2013-04-30 17:04:08 -07:00
signal.c kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user() 2013-09-11 15:58:18 -07:00
smp.c kernel/smp.c: quit unconditionally enabling irqs in on_each_cpu_mask(). 2013-09-11 15:58:25 -07:00
smpboot.c kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
smpboot.h
softirq.c irq: Force hardirq exit's softirq processing on its own stack 2013-10-01 12:39:08 +02:00
spinlock.c kernel/spinlock.c: add default arch_*_relax definitions for GENERIC_LOCKBREAK 2013-09-11 15:58:21 -07:00
srcu.c srcu: use ACCESS_ONCE() to access sp->completed in srcu_read_lock() 2013-02-07 15:19:36 -08:00
stacktrace.c
stop_machine.c stop_machine: Mark per cpu stopper enabled early 2013-02-26 22:25:17 +01:00
sys.c userns: Kill nsown_capable it makes the wrong thing easy 2013-08-30 23:44:11 -07:00
sys_ni.c unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE 2013-05-09 13:46:38 -04:00
sysctl.c sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
sysctl_binary.c kernel: remove unnecessary head file 2013-06-26 18:01:46 +09:00
task_work.c task_work: documentation 2013-09-11 15:58:27 -07:00
taskstats.c
test_kprobes.c kernel/: rename random32() to prandom_u32() 2013-04-29 18:28:42 -07:00
time.c sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
timeconst.bc kernel: Replace timeconst.pl with a bc script 2013-02-16 23:17:25 +01:00
timer.c kernel: delete __cpuinit usage from all core kernel files 2013-07-14 19:36:59 -04:00
tracepoint.c Tracing updates for Linux 3.10 2013-04-29 13:55:38 -07:00
tsacct.c cputime: Use accessors to read task cputime stats 2013-01-27 19:23:31 +01:00
uid16.c userns: Kill nsown_capable it makes the wrong thing easy 2013-08-30 23:44:11 -07:00
up.c smp.h: move !SMP version of on_each_cpu() out-of-line 2013-09-11 15:58:25 -07:00
user-return-notifier.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
user.c userns: Better restrictions on when proc and sysfs can be mounted 2013-08-26 19:17:03 -07:00
user_namespace.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-09-07 14:35:32 -07:00
utsname.c userns: Kill nsown_capable it makes the wrong thing easy 2013-08-30 23:44:11 -07:00
utsname_sysctl.c kernel/utsname_sysctl.c: put get/get_uts() into CONFIG_PROC_SYSCTL code block 2013-02-27 19:10:22 -08:00
wait.c kernel: fix new kernel-doc warning in wait.c 2013-08-19 09:08:54 -07:00
watchdog.c watchdog: update watchdog_thresh properly 2013-09-24 17:00:25 -07:00
workqueue.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
workqueue_internal.h sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00