[Devel] [PATCH RH7] ve/perf: forbid perf events syscall in containers
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 1 19:09:05 MSK 2020
On 09/01/2020 06:53 PM, Pavel Tikhomirov wrote:
> If some process has perf_event_open fd it can monitor different (kernel,
> hardware, etc) perfomance counters through it. And this fd is configured
> through perf_event_attr which has more than 30 fields. There is
> currently no kernel interface to get the configuration of existing perf
> event fd. So to dump such an fd with CRIU we should add this interface.
>
> We have ovs-vswitchd, which opens perf event fd and does nothing with it
> according to comments, it is only used in case someone will use PERF()
> macros to debug some code parts which implies recompilation of ovs. But
> it is still a problem on migration because CRIU detects this fd and
> fails. Also ovs can handle if it can't open perf event fd and fallbacks
> gracefully to work without it.
>
> So (at least for now) we should forbid this interface, to fix problems
> with ovs daemon migration.
>
> https://jira.sw.ru/browse/PSBM-107217
>
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
ack
> ---
> kernel/events/core.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 2fdc89591c39..a6f4653e3421 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -46,6 +46,7 @@
> #include <linux/parser.h>
> #include <linux/bpf.h>
> #include <linux/filter.h>
> +#include <linux/ve.h>
>
> #include "internal.h"
>
> @@ -10045,6 +10046,9 @@ SYSCALL_DEFINE5(perf_event_open,
> if (flags & ~PERF_FLAG_ALL)
> return -EINVAL;
>
> + if (!ve_is_super(get_exec_env()))
> + return -EACCES;
> +
> err = perf_copy_attr(attr_uptr, &attr);
> if (err)
> return err;
>
More information about the Devel
mailing list