mirror of
https://github.com/torvalds/linux.git
synced 2024-11-10 22:21:40 +00:00
c1034eb069
Implement selinux sysfs check to see the system is in enforcing mode and print warning message with pointer to check audit logs. Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org Link: http://lore.kernel.org/lkml/819338ce-d160-4a2f-f1aa-d756a2e7c6fc@linux.intel.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
106 lines
2.0 KiB
C
106 lines
2.0 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <errno.h>
|
|
#include <sched.h>
|
|
#include "util.h" // for sched_getcpu()
|
|
#include "../perf-sys.h"
|
|
#include "cloexec.h"
|
|
#include "event.h"
|
|
#include "asm/bug.h"
|
|
#include "debug.h"
|
|
#include <unistd.h>
|
|
#include <sys/syscall.h>
|
|
#include <linux/string.h>
|
|
|
|
static unsigned long flag = PERF_FLAG_FD_CLOEXEC;
|
|
|
|
int __weak sched_getcpu(void)
|
|
{
|
|
#ifdef __NR_getcpu
|
|
unsigned cpu;
|
|
int err = syscall(__NR_getcpu, &cpu, NULL, NULL);
|
|
if (!err)
|
|
return cpu;
|
|
#else
|
|
errno = ENOSYS;
|
|
#endif
|
|
return -1;
|
|
}
|
|
|
|
static int perf_flag_probe(void)
|
|
{
|
|
/* use 'safest' configuration as used in evsel__fallback() */
|
|
struct perf_event_attr attr = {
|
|
.type = PERF_TYPE_SOFTWARE,
|
|
.config = PERF_COUNT_SW_CPU_CLOCK,
|
|
.exclude_kernel = 1,
|
|
};
|
|
int fd;
|
|
int err;
|
|
int cpu;
|
|
pid_t pid = -1;
|
|
char sbuf[STRERR_BUFSIZE];
|
|
|
|
cpu = sched_getcpu();
|
|
if (cpu < 0)
|
|
cpu = 0;
|
|
|
|
/*
|
|
* Using -1 for the pid is a workaround to avoid gratuitous jump label
|
|
* changes.
|
|
*/
|
|
while (1) {
|
|
/* check cloexec flag */
|
|
fd = sys_perf_event_open(&attr, pid, cpu, -1,
|
|
PERF_FLAG_FD_CLOEXEC);
|
|
if (fd < 0 && pid == -1 && errno == EACCES) {
|
|
pid = 0;
|
|
continue;
|
|
}
|
|
break;
|
|
}
|
|
err = errno;
|
|
|
|
if (fd >= 0) {
|
|
close(fd);
|
|
return 1;
|
|
}
|
|
|
|
WARN_ONCE(err != EINVAL && err != EBUSY && err != EACCES,
|
|
"perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error %d (%s)\n",
|
|
err, str_error_r(err, sbuf, sizeof(sbuf)));
|
|
|
|
/* not supported, confirm error related to PERF_FLAG_FD_CLOEXEC */
|
|
while (1) {
|
|
fd = sys_perf_event_open(&attr, pid, cpu, -1, 0);
|
|
if (fd < 0 && pid == -1 && errno == EACCES) {
|
|
pid = 0;
|
|
continue;
|
|
}
|
|
break;
|
|
}
|
|
err = errno;
|
|
|
|
if (fd >= 0)
|
|
close(fd);
|
|
|
|
if (WARN_ONCE(fd < 0 && err != EBUSY && err != EACCES,
|
|
"perf_event_open(..., 0) failed unexpectedly with error %d (%s)\n",
|
|
err, str_error_r(err, sbuf, sizeof(sbuf))))
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
unsigned long perf_event_open_cloexec_flag(void)
|
|
{
|
|
static bool probed;
|
|
|
|
if (!probed) {
|
|
if (perf_flag_probe() <= 0)
|
|
flag = 0;
|
|
probed = true;
|
|
}
|
|
|
|
return flag;
|
|
}
|