Re: [PATCH 1/4] perf/core: Add support to exclude kernel mode instruction tracing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 30, 2021 at 12:35:10AM +0530, Sai Prakash Ranjan wrote:

> Here the idea is to protect such important information from all users
> including root users since root privileges does not have to mean full
> control over the kernel [1] and root compromise does not have to be
> the end of the world.

And yet, your thing lacks:

> +config EXCLUDE_KERNEL_HW_ITRACE
> +	bool "Exclude kernel mode hardware assisted instruction tracing"
> +	depends on PERF_EVENTS
	depends on SECURITY_LOCKDOWN

or whatever the appropriate symbol is.

> +	help
> +	  Exclude kernel mode instruction tracing by hardware tracing
> +	  family such as ARM Coresight ETM, Intel PT and so on.
> +
> +	  This option allows to disable kernel mode instruction tracing
> +	  offered by hardware assisted tracing for all users(including root)
> +	  especially for production systems where only userspace tracing might
> +	  be preferred for security reasons.

Also, colour me unconvinced, pretty much all kernel level PMU usage
can be employed to side-channel / infer crypto keys, why focus on
ITRACE over others?



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux