Merge tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull perf/ftrace fix from Steven Rostedt: "Dave Jones's trinity program was able to enable the function tracer from a normal user account via the perf syscall "perf_event_open()". When I was able to reproduce it with trinity, I was able to track down exactly how it happened. I discovered that the check for whether the function tracepoint should be activated or not was using the "perf_paranoid_kernel()" check which by default, lets the user continue. The user should not by default be able to enable function tracing. The fix is to use "perf_paranoid_tracepoint_raw()" which will not let the user enable function tracing. This is a security fix as normal users should never be allowed to enable the function tracer" * tag 'ftrace-urgent-3.12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: perf/ftrace: Fix paranoid level for enabling function tracer
2013-11-08 08:54:53 +09:00
parent 3ae423fe47 12ae030d54
commit 6c86ae2928
1 changed files with 1 additions and 1 deletions
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
 {
 	/* The ftrace function trace is allowed only for root. */
 	if (ftrace_event_is_function(tp_event) &&
-	    perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+	    perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
 		return -EPERM;

 	/* No tracing, just counting, so no obvious leak */