blob: cf1a73cbf2f6bc8e31fbf57a8cb2e0ed24e06551 [file] [log] [blame]
Maninder Singhb06e9312023-06-08 09:01:18 +05301// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * ksyms_common.c: A split of kernel/kallsyms.c
4 * Contains a few generic function definations independent of config KALLSYMS.
5 */
6#include <linux/kallsyms.h>
7#include <linux/security.h>
8
Maninder Singhb06e9312023-06-08 09:01:18 +05309static inline int kallsyms_for_perf(void)
10{
11#ifdef CONFIG_PERF_EVENTS
12 extern int sysctl_perf_event_paranoid;
13
14 if (sysctl_perf_event_paranoid <= 1)
15 return 1;
16#endif
17 return 0;
18}
19
20/*
21 * We show kallsyms information even to normal users if we've enabled
22 * kernel profiling and are explicitly not paranoid (so kptr_restrict
23 * is clear, and sysctl_perf_event_paranoid isn't set).
24 *
25 * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to
26 * block even that).
27 */
28bool kallsyms_show_value(const struct cred *cred)
29{
30 switch (kptr_restrict) {
31 case 0:
32 if (kallsyms_for_perf())
33 return true;
34 fallthrough;
35 case 1:
36 if (security_capable(cred, &init_user_ns, CAP_SYSLOG,
37 CAP_OPT_NOAUDIT) == 0)
38 return true;
39 fallthrough;
40 default:
41 return false;
42 }
43}