Maninder Singh | b06e931 | 2023-06-08 09:01:18 +0530 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0-only |
| 2 | /* |
| 3 | * ksyms_common.c: A split of kernel/kallsyms.c |
| 4 | * Contains a few generic function definations independent of config KALLSYMS. |
| 5 | */ |
| 6 | #include <linux/kallsyms.h> |
| 7 | #include <linux/security.h> |
| 8 | |
Maninder Singh | b06e931 | 2023-06-08 09:01:18 +0530 | [diff] [blame] | 9 | static inline int kallsyms_for_perf(void) |
| 10 | { |
| 11 | #ifdef CONFIG_PERF_EVENTS |
| 12 | extern int sysctl_perf_event_paranoid; |
| 13 | |
| 14 | if (sysctl_perf_event_paranoid <= 1) |
| 15 | return 1; |
| 16 | #endif |
| 17 | return 0; |
| 18 | } |
| 19 | |
| 20 | /* |
| 21 | * We show kallsyms information even to normal users if we've enabled |
| 22 | * kernel profiling and are explicitly not paranoid (so kptr_restrict |
| 23 | * is clear, and sysctl_perf_event_paranoid isn't set). |
| 24 | * |
| 25 | * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to |
| 26 | * block even that). |
| 27 | */ |
| 28 | bool kallsyms_show_value(const struct cred *cred) |
| 29 | { |
| 30 | switch (kptr_restrict) { |
| 31 | case 0: |
| 32 | if (kallsyms_for_perf()) |
| 33 | return true; |
| 34 | fallthrough; |
| 35 | case 1: |
| 36 | if (security_capable(cred, &init_user_ns, CAP_SYSLOG, |
| 37 | CAP_OPT_NOAUDIT) == 0) |
| 38 | return true; |
| 39 | fallthrough; |
| 40 | default: |
| 41 | return false; |
| 42 | } |
| 43 | } |