From nobody Wed Jun 17 07:34:32 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2B8E31619C for ; Thu, 23 Apr 2026 15:18:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776957509; cv=none; b=lcttuC3mSWrUlRdcnpaCdYjAzt2hA3j6oAVb2TyQBLObwYQFruIw01mGePEKF/N+D3FHLSeHR+mCJFwAOZdl6nyNqYbit7rGNROPtAUk1bcXYJnZS9vx6thaHlJZvbZ1w7BMnE2qM6TdBltpBt0ZfecHOAQlU88vigwHzpuPb4E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776957509; c=relaxed/simple; bh=ma0OE6jc72wX99S3EDlOnhT41J21hCR55F44rTDbdMk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eIYwE8CsPVra83Ai7pVNw9jXdyxVJK6sVBBAP7wl6eGGnVMI/wKpVP2KNT7kW6757kwLrmplC9shW7PRupQWFhhLE1c3gwpAI/9F+9q3yf7JW3jWPHIjHi0O48VMeEUx0tGk5Bqnr2EFBPICI4RpqgpmExXrCZx0gy+sjahbKOs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=WoICO06Z; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WoICO06Z" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776957507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Tfrr+HWsFGxr25q1lEOOcrWGfevT4jtMVgKE83pLNF0=; b=WoICO06ZSzMSdCryj7F9qnU/jYYsiG82UZwx79pWd9VX9JByu2KsZeydk7AgpoYkH4fllv jwSFx6lcGN+6Z0VNQQlsJJAWOjp2my+HuHwtdGkauMZOIg7EmWd/qhScM5HQF47ylc/vJx yME82MxugoJUqXSv/EAUSV4IjIIE/9w= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-510-S-W2rFYJM32ZYdtYw1BbUQ-1; Thu, 23 Apr 2026 11:18:21 -0400 X-MC-Unique: S-W2rFYJM32ZYdtYw1BbUQ-1 X-Mimecast-MFC-AGG-ID: S-W2rFYJM32ZYdtYw1BbUQ_1776957499 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 6B44618003FC; Thu, 23 Apr 2026 15:18:18 +0000 (UTC) Received: from ashelat-thinkpadp1gen5.boston.csb (unknown [10.74.80.103]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 465391800348; Thu, 23 Apr 2026 15:18:09 +0000 (UTC) From: Anubhav Shelat To: peterz@infradead.org, mingo@redhat.com, mhiramat@kernel.org, rostedt@goodmis.org, acme@kernel.org, namhyung@kernel.org Cc: mathieu.desnoyers@efficios.com, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, irogers@google.com, adrian.hunter@intel.com, james.clark@linaro.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Anubhav Shelat Subject: [PATCH v3 1/3] perf evsel: don't set PERF_SAMPLE_IP for unprivileged tracepoints Date: Thu, 23 Apr 2026 11:17:44 -0400 Message-ID: <20260423151746.16258-2-ashelat@redhat.com> In-Reply-To: <20260423151746.16258-1-ashelat@redhat.com> References: <20260423151746.16258-1-ashelat@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Content-Type: text/plain; charset="utf-8" For tracepoint events the IP is a static kernel address. It doesn't vary by sample and provides no useful information for unprivileged users. Skipping setting PERF_SAMPLE_IP for unprivileged tracepoints avoids exposing a kernel address that reveals the KASLR base offset and slightly reduces sample record size. Assisted-by: Claude:claude-sonnet-4.5 Signed-off-by: Anubhav Shelat --- tools/perf/util/evsel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c index f59228c1a39e..a1091d937ff9 100644 --- a/tools/perf/util/evsel.c +++ b/tools/perf/util/evsel.c @@ -1503,7 +1503,9 @@ void evsel__config(struct evsel *evsel, struct record= _opts *opts, attr->write_backward =3D opts->overwrite ? 1 : 0; attr->read_format =3D PERF_FORMAT_LOST; =20 - evsel__set_sample_bit(evsel, IP); + if (attr->type !=3D PERF_TYPE_TRACEPOINT || perf_event_paranoid_check(1)) + evsel__set_sample_bit(evsel, IP); + evsel__set_sample_bit(evsel, TID); =20 if (evsel->sample_read) { --=20 2.53.0 From nobody Wed Jun 17 07:34:32 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 375D916F288 for ; Thu, 23 Apr 2026 15:18:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776957519; cv=none; b=VF495lZh1ajSNj/MrLkX6Cwlx0D6CLeUlfqwEdvO64tCjPEKMPlSX+r9k22SAeI8KZUq9dUcYbfSYFpm8AXhoE/ZvsTk75XeoTBQyKo9Xl5p5goTKSvZH8hcJhDG3yAT23AcAJq8w8s1wnPHNeP+PGdk13cLa2gho2KmDW+hBSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776957519; c=relaxed/simple; bh=i+05pOD95yC9cQlgWy+RVtvJuWffDTmCvOBKK+PssxM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IPVp3zEJy8urUdN4m54tGOpl+20FyBf/+9H+0UPY8VLk8h3Tw8wBTOZFHm2abpWbl/wlNtRdj8wMeRuvgk+eMpr3hWDALXWtd63nKwAzB0CJKlxUTEWGX37hLFKtY1T4b7Fb9Gio1/LL6RF20fS1wzG6Uu8NBw0dOWg2nHLOEnk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=F7+IEggq; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="F7+IEggq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776957517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gtV32AASD8DSAT0iamG4FraqG03WbASgj2I1O6++EdE=; b=F7+IEggqOR7yugt91pLZM5DyHs/1nb6+T5PuvlnaL3dfr82ei060pmQWYuGzbeArK0UEQA 0wrPe7+hAmF1f1m1uTz47Faw+iLQCH8ya7WlaNbwc5kYMV+DuetbIqbeiEy+QKFp727ML5 ytkggvSnT41SD25+rrLMITp5zEneYmQ= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-616-rvyzww_GOOWsADmDmOnigA-1; Thu, 23 Apr 2026 11:18:31 -0400 X-MC-Unique: rvyzww_GOOWsADmDmOnigA-1 X-Mimecast-MFC-AGG-ID: rvyzww_GOOWsADmDmOnigA_1776957510 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 7236E195606A; Thu, 23 Apr 2026 15:18:29 +0000 (UTC) Received: from ashelat-thinkpadp1gen5.boston.csb (unknown [10.74.80.103]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 940791800348; Thu, 23 Apr 2026 15:18:18 +0000 (UTC) From: Anubhav Shelat To: peterz@infradead.org, mingo@redhat.com, mhiramat@kernel.org, rostedt@goodmis.org, acme@kernel.org, namhyung@kernel.org Cc: mathieu.desnoyers@efficios.com, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, irogers@google.com, adrian.hunter@intel.com, james.clark@linaro.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Anubhav Shelat Subject: [PATCH v3 2/3] perf: enable unprivileged syscall tracing with perf trace Date: Thu, 23 Apr 2026 11:17:45 -0400 Message-ID: <20260423151746.16258-3-ashelat@redhat.com> In-Reply-To: <20260423151746.16258-1-ashelat@redhat.com> References: <20260423151746.16258-1-ashelat@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Allow unprivileged users to trace their own processes' syscalls using perf trace, similar to strace without the intrusive overhead of ptrace(). Currently, perf trace requires CAP_PERFMON or paranoid level =E2=89=A4 1 ev= en though the kernel has existing infrastructure (TRACE_EVENT_FL_CAP_ANY) specifically designed to mark syscall tracepoints as safe for unprivileged access. To fix this: 1. Loosen the condition in perf_event_open() which requires privileges for all events with exclude_kernel=3D0. This allows perf_event_open() to bypass the paranoid check for task-attached tracepoint events. Ensure that sample types which can expose kernel addresses to unprivileged users are blocked. 2. Make the format and id tracefs files world-readable only for tracepoints with TRACE_EVENT_FL_CAP_ANY, allowing unprivileged users to see syscall tracepoint ids without exposing sensitive information. Also add a check to perf_trace_event_perm() to ensure only TRACE_EVENT_FL_CAP_ANY events can be traced. Example usage after this change: $ perf trace ls # works as unprivileged user $ perf trace # system-wide, still requires privileges $ perf trace -p 1234 # requires ptrace permission on pid 1234 Assisted-by: Claude:claude-sonnet-4.5 Signed-off-by: Anubhav Shelat --- kernel/events/core.c | 24 +++++++++++++++++++++--- kernel/trace/trace_event_perf.c | 12 +++++++++++- kernel/trace/trace_events.c | 8 ++++++-- 3 files changed, 38 insertions(+), 6 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 6d1f8bad7e1c..e9c53758574d 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -13833,9 +13833,27 @@ SYSCALL_DEFINE5(perf_event_open, return err; =20 if (!attr.exclude_kernel) { - err =3D perf_allow_kernel(); - if (err) - return err; + bool tp_bypass =3D false; + + if (attr.type =3D=3D PERF_TYPE_TRACEPOINT && pid !=3D -1) { + /* + * Block sample types that expose kernel addresses to + * prevent KASLR bypass + */ + u64 kaddr_leak =3D PERF_SAMPLE_CALLCHAIN | + PERF_SAMPLE_BRANCH_STACK | + PERF_SAMPLE_ADDR | + PERF_SAMPLE_REGS_INTR | + PERF_SAMPLE_IP; + + tp_bypass =3D !(attr.sample_type & kaddr_leak); + } + + if (!tp_bypass) { + err =3D perf_allow_kernel(); + if (err) + return err; + } } =20 if (attr.namespaces) { diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_per= f.c index a6bb7577e8c5..e8347df7ede5 100644 --- a/kernel/trace/trace_event_perf.c +++ b/kernel/trace/trace_event_perf.c @@ -73,8 +73,18 @@ static int perf_trace_event_perm(struct trace_event_call= *tp_event, } =20 /* No tracing, just counting, so no obvious leak */ - if (!(p_event->attr.sample_type & PERF_SAMPLE_RAW)) + if (!(p_event->attr.sample_type & PERF_SAMPLE_RAW)) { + /* + * Only allow CAP_ANY tracepoints for unprivileged + * task-attached events in case kernel context is exposed. + */ + if (!p_event->attr.exclude_kernel && !perfmon_capable()) { + if (!(p_event->attach_state =3D=3D PERF_ATTACH_TASK && + (tp_event->flags & TRACE_EVENT_FL_CAP_ANY))) + return -EACCES; + } return 0; + } =20 /* Some events are ok to be traced by non-root users... */ if (p_event->attach_state =3D=3D PERF_ATTACH_TASK) { diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index aa422dc80ae8..69be5561d0b8 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -3054,7 +3054,9 @@ static int event_callback(const char *name, umode_t *= mode, void **data, struct trace_event_call *call =3D file->event_call; =20 if (strcmp(name, "format") =3D=3D 0) { - *mode =3D TRACE_MODE_READ; + *mode =3D (call->flags & TRACE_EVENT_FL_CAP_ANY) ? + (TRACE_MODE_READ | 0004) : + TRACE_MODE_READ; *fops =3D &ftrace_event_format_fops; return 1; } @@ -3090,7 +3092,9 @@ static int event_callback(const char *name, umode_t *= mode, void **data, #ifdef CONFIG_PERF_EVENTS if (call->event.type && call->class->reg && strcmp(name, "id") =3D=3D 0) { - *mode =3D TRACE_MODE_READ; + *mode =3D (call->flags & TRACE_EVENT_FL_CAP_ANY) ? + (TRACE_MODE_READ | 0004) : + TRACE_MODE_READ; *data =3D (void *)(long)call->event.type; *fops =3D &ftrace_event_id_fops; return 1; --=20 2.53.0 From nobody Wed Jun 17 07:34:32 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AB89306B08 for ; Thu, 23 Apr 2026 15:18:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776957526; cv=none; b=lYKnzUBwRrtWIIcaabpI5rCXtx7uU9aMtvQRMIGT+Kzx1xfoCzWq4McAsX46PzBfpJDOfOUzb4LgUcbCDtQOk0NE9adqZ/wZWsaAa6guKUvQlcclrtQj5g8HdTKeMSxppIBD5qa5Xf4Hj8PYXUpogOYXprdU4yZ/Yv9AnVwuDoQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776957526; c=relaxed/simple; bh=Hhh+x/aIcBYOReApr+Pc1Fq4ARuStX2+QbBxascteWE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=te0yjVXbJVkuF6n/GcjuINZiVfxM0a1cLk20+ngaTADBVqx4L8kNLjwgPkGTvlLiCFrCS2UZia/Mrx2P2adk+Pwyo4pSfj7ihdvoMYU2qxxeYBMuERjMksm5CPmpZyIkk/BO2pvAjqkraIaPKLCP/I9n7kwVOMdrS4DNskjW+fQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=J0pHxwYZ; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="J0pHxwYZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776957524; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=02ivVQLZXEiiH1k/LQi6XZgckhEW7oBgvHmte7wg1S0=; b=J0pHxwYZrwn/AU2UM8aaU2Vt9dME1gyHXHi3IdcZPSQ0KJgQgJ4me70xKSzYj6bBtoEAVn pqQLYNs/GYtx4z3k/gnFXTRyz++Cj1q2rBvZEbbg5vZ+/Qrcw05l0OhxaqVAor9coyzRs4 EZc+/161GRp8kY7cjwkayjroqzXnGkc= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-696-CN83baJBMom1HXrIGLpBSQ-1; Thu, 23 Apr 2026 11:18:40 -0400 X-MC-Unique: CN83baJBMom1HXrIGLpBSQ-1 X-Mimecast-MFC-AGG-ID: CN83baJBMom1HXrIGLpBSQ_1776957518 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9AEDF1800578; Thu, 23 Apr 2026 15:18:38 +0000 (UTC) Received: from ashelat-thinkpadp1gen5.boston.csb (unknown [10.74.80.103]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 893571800348; Thu, 23 Apr 2026 15:18:29 +0000 (UTC) From: Anubhav Shelat To: peterz@infradead.org, mingo@redhat.com, mhiramat@kernel.org, rostedt@goodmis.org, acme@kernel.org, namhyung@kernel.org Cc: mathieu.desnoyers@efficios.com, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, irogers@google.com, adrian.hunter@intel.com, james.clark@linaro.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Anubhav Shelat Subject: [PATCH v3 3/3] tracefs: make root directory world-traversable Date: Thu, 23 Apr 2026 11:17:46 -0400 Message-ID: <20260423151746.16258-4-ashelat@redhat.com> In-Reply-To: <20260423151746.16258-1-ashelat@redhat.com> References: <20260423151746.16258-1-ashelat@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Content-Type: text/plain; charset="utf-8" Change the default tracefs mount mode from 0700 to 0755. This allows unprivileged users to access the eventfs directories underneath which already use 0755. This does not expose any tracing data since access to the files themselves is controlled by individual permissions. Signed-off-by: Anubhav Shelat --- fs/tracefs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 03f768536fd5..9506450fbc91 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -23,7 +23,7 @@ #include #include "internal.h" =20 -#define TRACEFS_DEFAULT_MODE 0700 +#define TRACEFS_DEFAULT_MODE 0755 static struct kmem_cache *tracefs_inode_cachep __ro_after_init; =20 static struct vfsmount *tracefs_mount; --=20 2.53.0