Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <feac7efa-df6f-cca1-e321-28d220bf0411@linux.intel.com>
Date: Tue, 27 Nov 2018 11:11:47 +0300
From: Alexey Budankov <alexey.budankov@...ux.intel.com>
To: Jonatan Corbet <corbet@....net>, Thomas Gleixner <tglx@...utronix.de>,
 Kees Cook <keescook@...omium.org>, Jann Horn <jannh@...gle.com>,
 Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>,
 Andi Kleen <ak@...ux.intel.com>
Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
 Jiri Olsa <jolsa@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>,
 Mark Rutland <mark.rutland@....com>, Tvrtko Ursulin <tursulin@...ulin.net>,
 linux-kernel <linux-kernel@...r.kernel.org>,
 "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
 "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>
Subject: [PATCH v4 0/2] Documentation/admin-guide: introduce perf-security.rst
 file and extend perf_event_paranoid documentation


To facilitate informed decision making by system administrators [1]
to permit and manage access to Perf Events (perf_events) / Perf tool 
(Perf) [2],[3] performance monitoring for multiple users perf-security.rst 
document suggested by Thomas Gleixner is introduced [4] that:

a) states perf_events/Perf access security concerns for multi user environment
b) refers to base Linux access control and management principles
c) extends documentation of possible perf_event_paranoid knob settings 

The file serves as single knowledge source for perf_events/Perf security and 
access control related matter according to decisions, discussion and  
PoC prototype previously made here [5],[6].

The file can later be extended with information describing:

a) perf_events/Perf usage models and its security implications
b) perf_events/Perf user interface, its changes and related security implications
c) security related implications of monitoring by a specific perf_events PMU [2]

---
Alexey Budankov (2):
  Documentation/admin-guide: introduce perf-security.rst file
  Documentation/admin-guide: update admin-guide index.rst

 Documentation/admin-guide/index.rst         |  1 +
 Documentation/admin-guide/perf-security.rst | 97 +++++++++++++++++++++
 2 files changed, 98 insertions(+)
 create mode 100644 Documentation/admin-guide/perf-security.rst

---
Changes in v4:
- added docs for perf_event related capabilities
Changes in v3:
- toning down of the markup for "scope, access and resource"
- adding definite article for "Linux implementation"
Changes in v2:
- reverted patches order in the set to avoid CI issue
- replaced old PCL referencing by PE (Perf Events)
- skipped >=3 setting documentation at the moment

---
[1] https://marc.info/?l=linux-kernel&m=153815883923913&w=2
[2] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
[3] https://perf.wiki.kernel.org/index.php/Main_Page
[4] https://marc.info/?l=linux-kernel&m=153837512226838&w=2
[5] https://marc.info/?l=linux-kernel&m=153736008310781&w=2
[6] https://lkml.org/lkml/2018/5/21/156

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.