From nobody Sun May 24 19:33:16 2026 Received: from DM5PR21CU001.outbound.protection.outlook.com (mail-centralusazon11011057.outbound.protection.outlook.com [52.101.62.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4848B1FC7C5; Sat, 23 May 2026 01:33:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.62.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779500016; cv=fail; b=GFgDpWL1Hm9Fpho4yHzbk5Pcm6bOsbjqaCqo5FFE63t+Dzh3AxsP6O9jkLK9TP1PgjcPx/T4bbn3WKi6SQ11nrm0js6psVnRN77VcBpXQZUsh4jImg8llXscICrKainXTKp2XS8IhwCEn+4FLARPBhB5Teq5fGux+/W/maMTDkw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779500016; c=relaxed/simple; bh=pdBhv+OyzW11cJggV35bXPtWFBak+zI+l7tFb0n+w9k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: Content-Type:MIME-Version; b=d4rpVcVV6fTghWeVyES7KAZCelcaR/EAJ8b8VmPBWBGeNWdfI8YhNucRgHK+CS6sQIZP4RSZ1s4RQa2SsUtj6mG99TtjY0gK7sGVNVoTp+Ve6LED+OtqXwjP9gkDGEnOhhqnwxTnOrT1t1bLqH69kqcI3JzxJPuq1k811f2b0O4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=LUKkv4sF; arc=fail smtp.client-ip=52.101.62.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="LUKkv4sF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HC42BMhY5Y2hUZ8CaTxfvQpjQ7Bg+geISYI2FINSauCAzrTQgzXQnu1ho/5CpiR2u5om8s2YRwkmvtAuaNg6hvn9ceB3YYbV1vS5OeuIRJzXVBWYydIBZP+p/Jk8uynxdbwQTdyy1cCMDpah1GYrNatFqEQ58xsv35EgIo8QPKL2dd7QGdM2Ufel6eatc0tJ6mDox7373VXkbO0uxMhA/NovNv/j9oYnYbYZKofAE4uZ5dbZ5HgBi+/Ps2C+y7kndqbtqAWzx8sl3ztLCvezmIQPWSKhfNo8pQgg2Som/VcMz5/QHuNW1CSXBkkCQa2lMXWNm9oW3XoarV7Hr3MpPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xVNrry3ePPio9ywsljg31pRuO0QaUUjqGsMXEWZKvXY=; b=Ifh4wjCKexQ91I/PTzAMFrYfvWMuAEbAwh4FDrvGSw8S/02HMZEzrvZ1a+D87JHUKULBnjsRXYtsZ8HC2yXW+846usXWxUp4G7dy+iUbFgs22Gq84mUU8WjGuyxnqgYXNSriTP5QRcicG5LCaCtAvC9tgW9cHmbYWwPy5nwTDIvihab7vHxFmzxG7gtNad7rakqpQd4DxahHnIXAuG1BpI37dlPrDghfrElN24qWjPtrsUc/eqg31W9U7VDaNydILu8Zu/hG3+0YyzhK9KsJS137SKBK78uAx8PvoZ9PWFpzwYx9jVJg2vp/kuq7kEBCpt4HdKlMdHXHo2A3sFmCBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xVNrry3ePPio9ywsljg31pRuO0QaUUjqGsMXEWZKvXY=; b=LUKkv4sFNFo+1RQkLC+2CWLaaAlAAm5JUBqo15vyGqmybTW0DK5smBA7yHKh9MLa4k7SNO0Tchkx9cKD/NZMdN2YKdZq/nJJgLe1DgKx1tQsvTvH6pvq/jOOKnXQxfkKjpx6bh3+mQYv6M8n+ru/1d0zXGCFRNsr5f0fKRIENmvhr0oBiP1zAFZU/ds6ggEGSpbHa/9DGGINHU4ZiwxUz+K/m4NP1D94YAQF7CYyI8gx2/ujusABU6+T4L1lXrFIl5HwjoqHzYXrDxAaajEmAzIEhlFdUZOr16HPQQEFJCI4er9ZoEIuiSc+oNtWq+Oe2yiWUbmsbmXjISglfYcFnw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DM3PR12MB9416.namprd12.prod.outlook.com (2603:10b6:0:4b::8) by CY3PR12MB9580.namprd12.prod.outlook.com (2603:10b6:930:10a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.19; Sat, 23 May 2026 01:33:29 +0000 Received: from DM3PR12MB9416.namprd12.prod.outlook.com ([fe80::8cdd:504c:7d2a:59c8]) by DM3PR12MB9416.namprd12.prod.outlook.com ([fe80::8cdd:504c:7d2a:59c8%5]) with mapi id 15.21.0048.016; Sat, 23 May 2026 01:33:29 +0000 From: John Hubbard To: Matthew Brost , =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= , Rodrigo Vivi , David Airlie , Simona Vetter , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim Cc: Mark Rutland , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , James Clark , intel-xe@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-perf-users@vger.kernel.org, LKML , John Hubbard Subject: [PATCH v2 1/2] perf/core: out-of-line and export perf_allow_cpu/tracepoint() Date: Fri, 22 May 2026 18:33:25 -0700 Message-ID: <20260523013326.129491-2-jhubbard@nvidia.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260523013326.129491-1-jhubbard@nvidia.com> References: <20260523013326.129491-1-jhubbard@nvidia.com> X-NVConfidentiality: public Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: BYAPR21CA0015.namprd21.prod.outlook.com (2603:10b6:a03:114::25) To DM3PR12MB9416.namprd12.prod.outlook.com (2603:10b6:0:4b::8) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM3PR12MB9416:EE_|CY3PR12MB9580:EE_ X-MS-Office365-Filtering-Correlation-Id: f2af6726-92e2-4283-d68f-08deb86b4b3c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|18002099003|22082099003|56012099003|11063799006|5023799004; X-Microsoft-Antispam-Message-Info: AoYuk28rmm6smjNutzcQN0+GCDbjENLpO7WDb1ifQuyhMiExoU3k0/WuOH1rP+1fFR0fqs92W9Yui5aaYRcbUw1ugGvhJFGc+bS/SQQkd35N3cDbe6jpLddWeAV9wezH1kfBzI9+TY4nQuKRI2cT5+nfHeuv31zjbJA1LyMLRZJhaprGFB51MU8b1SUXLEGGT31jsYwfWnpIB8Nr8VLgEEiEZ482KXzE6RMZAExix0gn0pjDHTD6u2Rl4+KgnA/qSm1cULoLzcMsn7Jfnqn3EeSgjzfLw5FiYqFnHB/m70joQT/kj1+v7XRvnaBYfQVCDBcsEbqwsxA9W/ZXPY8R1kWpJtyPAQ3SBltZDey7vwPvkNdka+VGWWarS+82pTxl5WTfIO2aT/CQfNGnxez2JltnD4rInb4/v9Tr8JGEtB4SgbfZpr3s1i2NyuLRxRlbD3bA3/8kdr8MmW8MEGVk2fTm7qs8oG8PA+9Bv/qIWB4WLQQLFlZLu2yI67d8PbjGHZ3WU3YSfpWNaYHWw7ZuBzlxgkmppL+Ys0sqJsN1BXX7v7hFESjAZCw948Y5L/IyW7twcB2DsDnquMi71lqclGNr1Jnn+R8In5ostuz6JT3srsuOLNWb1tZzA4qFRMdrvsPi1hC+EwTcbTcXzETT7uHUZwjvodvE32b3IW3LythyZEoz22KwqOKBlZsLQaRH X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM3PR12MB9416.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(18002099003)(22082099003)(56012099003)(11063799006)(5023799004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?6hVekFzMMuMoqkSO8D8a+hFcPZk7uPTrKlPePaN7FLijp/Se3c5ot4bNzDOX?= =?us-ascii?Q?ilRFJxbPye4DjBbBM526rAww4caywZzuKgiTeCk5rc/AzBSAoYk6rTBj/nfM?= =?us-ascii?Q?/BC2qMA2WKa0VdiO8RyjRAoAiQB3OwzXbQnsedosGiTLwiTG3vei4MRY1812?= =?us-ascii?Q?dwfbdSaKd9CqI7thBd4WZ7ZgFI/lu8knapd9LmhGcbfo2b4q1YEYot0BOj2E?= =?us-ascii?Q?1pE9681a8x9pJfNfu9KtBP1CSmCrdFiVJPvs0rYRQd41PzU2ePsMVDB7I4kM?= =?us-ascii?Q?6OSOuYM54Tt654ZVlJNNGNh2qG9XuuBm0D08VKrCGVU0AUVn51rMnRUEdnKt?= =?us-ascii?Q?85YFUQP3NdcWMK/PWJ7Jnkhxy8IhcCSeL+dVr3YI8fay6YOWpZY3LqsUolvs?= =?us-ascii?Q?k9xUOHE8o6QSsmUCAGfWKEijiVI3vvXDSSuZt5UDKy4Hn/CKf47y59zmSS4D?= =?us-ascii?Q?G/jffhELiDZo0JP31GgGqIv42W7rS6JVVwCwQwDDNK3ZgjvdnbTOKn3icPBe?= =?us-ascii?Q?RSVuZUo/l1kfUzOBLhiBJLYGrRsqLmn5fs3vi197EPERQn41nZ7lA4urQFkN?= =?us-ascii?Q?I89NvAabO/31QcuHY1Nezyb89p5gcHwLxT2d8iVg6vJQGeyDY+kpbjFdXflM?= =?us-ascii?Q?YS+JdOmLasmrOJFBbDck0Twqdm3OlkvC9Jqa3etNvEZ05CaVWzlW5qPmXYfZ?= =?us-ascii?Q?N7xqjZJkgMqBQUZeQ59UV8yflHg3MvFYMIRT5Tw4YkQGy82IUusW/+g+rWEY?= =?us-ascii?Q?Z6np9MaffnJxL2UvN/Vddtr/cqEWAglSaP+D8KiSLZTwaMfPBM3oN9m2DTIk?= =?us-ascii?Q?dPa2a+89mrujItQEbburSLHhB+TKNpN9tareBDGIew89KCcVUXBHqJ+pBGIR?= =?us-ascii?Q?jPpXWC8uDEz/pKMmaYlog0xIWajMEEGJSoyIGptTi+hvFPydFXEPAhpecMvX?= =?us-ascii?Q?HFXBE/EcSegF1dTlqF7kaBqugLTkQW1CumCrnaqLwklCvHhi16/8ldsVtUYk?= =?us-ascii?Q?sC/g5f8KyzyTa3MDlqJbFO4cZKuwb8jpCTaeG4XhltrUw51bRvHXeyz5wESz?= =?us-ascii?Q?DhNKXBX91irPUamd68+IWkWZ2gNhdgtri40XGZRCrFrXABdRnrpvDrvZLBcB?= =?us-ascii?Q?Xiy75hOnh7yW7S4IJfc7IrU6Nw9ixN7Np07FicgnPMUUnskm5UWBEopa//pt?= =?us-ascii?Q?g4JGXk7d6U2hP2uEo3bJaVQ0Y2AZTiohj6Ivo18IYcFhLZSqpvEBvHC1wPQU?= =?us-ascii?Q?ZgKAtXbxAvARE703ruu+/kjMDWf2vvzgu+m2wZe2cKu2ICD1eZzUvIwKhQj4?= =?us-ascii?Q?KQcpvnCYcFn3ZOU6XUQqgL+0klxUVJDAqYaj9MRWgUfHSKlOaz0nyTrgm9Uq?= =?us-ascii?Q?Z+jfQDoNykT/qkH1/F1y489BG9cZB0mGg2e6oL5niAa0vD6Q1BcqEuEHZdjo?= =?us-ascii?Q?K0orzhEB0mL82MzJije24WAiuAsGFWfHl6V6gsOUrXCcZodfYcsa4e/UUYn+?= =?us-ascii?Q?qfglGjWnmY6S9B6i6nmvxD+3YTZLvpTBKYuRZgeGj5GGnGekt5mDYrrzmxzL?= =?us-ascii?Q?9waC4w+rF6jfSHRNE4X6briTaXnRNYHCLWihs0/dw/EudTGSyz4LSqUVEm1f?= =?us-ascii?Q?ytJZrYMIFRGAN9GDRcRQKc55pndT4t2g+TwDfvmhRYks2JKmZoYF2PRVGwWp?= =?us-ascii?Q?M+oA8ClwEe5BXMwLAm9mkdCCZY31RjG6Eqv9rHNMWLD0QtXmM2wthYo7C1Dw?= =?us-ascii?Q?bUY2qNX7fg=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: f2af6726-92e2-4283-d68f-08deb86b4b3c X-MS-Exchange-CrossTenant-AuthSource: DM3PR12MB9416.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2026 01:33:29.7789 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PGdtyW4sTGiHRgf+4GLthtkIXPlU9PipG1iC+EFWj0BKkD9T9/zElTAd3kzekvl6s6NkxcC0p7EZvkWJLvCHnQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY3PR12MB9580 Content-Type: text/plain; charset="utf-8" These helpers are static inline in and reach into sysctl_perf_event_paranoid and security_perf_event_open(), neither of which is itself exported. The perf_allow_* trio is therefore asymmetric: built-in callers can use any of the three, but modular code can only call perf_allow_kernel(). Move both bodies into kernel/events/core.c next to perf_allow_kernel() and export them with EXPORT_SYMBOL_GPL, following the shape of commit 5e9629d0ae97 ("drivers/perf: arm_spe: Use perf_allow_kernel() for permissions"). Existing in-tree callers live in built-in arch and tracing code, so the change is invisible to them. Provide !CONFIG_PERF_EVENTS stubs that fall back to perfmon_capable(), so the helpers stay callable when perf is compiled out. Signed-off-by: John Hubbard --- include/linux/perf_event.h | 31 +++++++++++++++---------------- kernel/events/core.c | 18 ++++++++++++++++++ 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index 48d851fbd8ea..5842552294c1 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -1791,22 +1791,8 @@ static inline int perf_is_paranoid(void) } =20 extern int perf_allow_kernel(void); - -static inline int perf_allow_cpu(void) -{ - if (sysctl_perf_event_paranoid > 0 && !perfmon_capable()) - return -EACCES; - - return security_perf_event_open(PERF_SECURITY_CPU); -} - -static inline int perf_allow_tracepoint(void) -{ - if (sysctl_perf_event_paranoid > -1 && !perfmon_capable()) - return -EPERM; - - return security_perf_event_open(PERF_SECURITY_TRACEPOINT); -} +extern int perf_allow_cpu(void); +extern int perf_allow_tracepoint(void); =20 extern int perf_exclude_event(struct perf_event *event, struct pt_regs *re= gs); =20 @@ -2023,6 +2009,19 @@ perf_event_pause(struct perf_event *event, bool rese= t) { return 0; } static inline int perf_exclude_event(struct perf_event *event, struct pt_regs *regs) { retur= n 0; } =20 +static inline int perf_allow_kernel(void) +{ + return perfmon_capable() ? 0 : -EACCES; +} +static inline int perf_allow_cpu(void) +{ + return perfmon_capable() ? 0 : -EACCES; +} +static inline int perf_allow_tracepoint(void) +{ + return perfmon_capable() ? 0 : -EPERM; +} + #endif /* !CONFIG_PERF_EVENTS */ =20 #if defined(CONFIG_PERF_EVENTS) && defined(CONFIG_CPU_SUP_INTEL) diff --git a/kernel/events/core.c b/kernel/events/core.c index 7935d5663944..cb13f3ad11a3 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -14731,6 +14731,24 @@ int perf_allow_kernel(void) } EXPORT_SYMBOL_GPL(perf_allow_kernel); =20 +int perf_allow_cpu(void) +{ + if (sysctl_perf_event_paranoid > 0 && !perfmon_capable()) + return -EACCES; + + return security_perf_event_open(PERF_SECURITY_CPU); +} +EXPORT_SYMBOL_GPL(perf_allow_cpu); + +int perf_allow_tracepoint(void) +{ + if (sysctl_perf_event_paranoid > -1 && !perfmon_capable()) + return -EPERM; + + return security_perf_event_open(PERF_SECURITY_TRACEPOINT); +} +EXPORT_SYMBOL_GPL(perf_allow_tracepoint); + /* * Inherit an event from parent task to child task. * --=20 2.54.0 From nobody Sun May 24 19:33:16 2026 Received: from DM5PR21CU001.outbound.protection.outlook.com (mail-centralusazon11011057.outbound.protection.outlook.com [52.101.62.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6C54270EC1; Sat, 23 May 2026 01:33:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.62.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779500018; cv=fail; b=DtUKDWJa63GCgh7CNFnKatpeswomwszK9ji2LV2Tst1T6RPz+1x6OeORtL4jZvjSLStNDUDmMdJDuAICZcQkGrEii4nFlhRebmSXOm5HR4AMx+a0wJOy8PzImiZMUH5KOXkOHkcOj3VZdEVpaYMpmhokCZSTolyeLXQbKuj0ns0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779500018; c=relaxed/simple; bh=gpYxVYeRxamQyoQ+k0ghw1LyPUEpaQpyqPfg4WNaF4w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: Content-Type:MIME-Version; b=GoWunxq+M9mr4PveOpU++taeoiymb2o+zjLL1TN6z+JdVyAuw4UsfiB8fE8cd1KwNadUTz3ebwDn0n85lBZ5OfRAauzHV0xES0z384++uA591p9elrdW35ejuUzIydNRAmDLd9mzhEE6JPzXQpCs2siy16jIqB/bDm6OiHlng98= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=YiCv/NFx; arc=fail smtp.client-ip=52.101.62.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="YiCv/NFx" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HBGih1y5RHF8YuGKzvQUVh9ev0f24yhm8TzZs6s8bL9knFocgjzILdrsIeBRU4kV9YAmhZoO4oUiW1XbKJGsbzYx1CT/womA81ESarloYn1E0wSay/Q2gNul7rghf69eFLFmsi4ouNyuJQ5zx4dLjOfTi4iKuuIF1eRlxdVNNpLHOecS0fSyo+H31mOyW+TuWKuq36oWIgSr5nm7MXUwUfv7dX0PN4kpHbpYCbGwxq5SAEYu7KDqilA+UEABd2JrHYdMymWEeEnhtdnOik8xIU4l2bW/7NK3uXD0gT3a3XXWShhOAiBUNWm6u4hjhemHm7G4Xbr8if6qncTn6gAYqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JnDHBQMTjS1NYEkoYbsKHuQ6bVJXcvBMT3b4FM5PmxA=; b=KUz7khExCmc9imHDja4DpBDzYTtWLiEldpzLov+6GhdXDzZaDLQYp+GBBEeqbmhbREPjSoo/Be7Ja355dgWLU278hJl6edTaOWGRcfUvgJvkoIr55Ir3H8xi3qjpakWawzb/cL3A86ZrWoa6MzOw1Qk/JCauH8zc+m3eMd5AaIXtFs+o7dhyvZ4h1MKGZfQKvzsCmnViIs6+QahwBCs7FDiGAgg2lC9D9X93yqkyVVI8NpBJAuw9dqSpZgobfn28/F/G0/ypEEM/VG8BlCpKCj68rZXEDVPOqEyUhQvbDSvRTuPDB5uhdZzWvj4GTjkGSGB7XOf8d9H14fbXZXpqpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JnDHBQMTjS1NYEkoYbsKHuQ6bVJXcvBMT3b4FM5PmxA=; b=YiCv/NFx4Ln29aNYXUEk7Uv46nXMh/vqNnwBIG9pShDRQNPcrl4ldIg2Cud17QU5oTS5/5dr3tNt0PkZyK5PgQbHgdEIJQOjcklTZeKbPUpN7j2YAT6KPyerz5qNpTbRhdKvkY7r4yDkybojColtajj7rI7WLRTvT4+iqmEn7Gp9ytdIhnKtajXD/wOFpRGinf+jJyY3rh2tmjJ/FWSXl/QWTE/rdFvX9h2KFGvLd2zqqOBQUxdxw+RQ4Woy01v2JClpaqZkFqGn0aVvoY0LfY/5F1Be4mxWeqKHmKa8s9hkWPuU5H+UAiBKXpa98sxkAuj1E3Q/J5Lwy5N+jmUkEQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from DM3PR12MB9416.namprd12.prod.outlook.com (2603:10b6:0:4b::8) by CY3PR12MB9580.namprd12.prod.outlook.com (2603:10b6:930:10a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.19; Sat, 23 May 2026 01:33:31 +0000 Received: from DM3PR12MB9416.namprd12.prod.outlook.com ([fe80::8cdd:504c:7d2a:59c8]) by DM3PR12MB9416.namprd12.prod.outlook.com ([fe80::8cdd:504c:7d2a:59c8%5]) with mapi id 15.21.0048.016; Sat, 23 May 2026 01:33:31 +0000 From: John Hubbard To: Matthew Brost , =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= , Rodrigo Vivi , David Airlie , Simona Vetter , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Namhyung Kim Cc: Mark Rutland , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , James Clark , intel-xe@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-perf-users@vger.kernel.org, LKML , John Hubbard Subject: [PATCH v2 2/2] drm/xe: gate observation streams with perf_allow_cpu() Date: Fri, 22 May 2026 18:33:26 -0700 Message-ID: <20260523013326.129491-3-jhubbard@nvidia.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260523013326.129491-1-jhubbard@nvidia.com> References: <20260523013326.129491-1-jhubbard@nvidia.com> X-NVConfidentiality: public Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SJ0PR03CA0087.namprd03.prod.outlook.com (2603:10b6:a03:331::32) To DM3PR12MB9416.namprd12.prod.outlook.com (2603:10b6:0:4b::8) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM3PR12MB9416:EE_|CY3PR12MB9580:EE_ X-MS-Office365-Filtering-Correlation-Id: fa379677-a12f-42e5-b96d-08deb86b4c0d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|18002099003|22082099003|56012099003|11063799006|5023799004; X-Microsoft-Antispam-Message-Info: mOENB8h+QZAZREGzgoNQV0Qhg/TkG4k6LvGOU+VZPcA+Is8ON+0cj7SVqqETUcJqqtvZO2Dix5VS2QpGMBUwZkJjDOPDh909V9xBp9fmIneguvAnBfTfwCNqzcxPyatVSOaF2n1KiCkoWMzLYEhzquecEk+epr+UeSdYoUTMkdd0mbbSk7r1wrGXkqtzcEqirklfCjyIl/kX+AP7MUpb8gnIbVDV9fiz31BL1/Hw9ggenKK3I6YXAI0IbBQ0Fw0xeoQMafO6TENyw83+qu60fBA75fKGozHK7kBO6+KiLKi5Q/yyBi9bmDeu3cj3afCnPc4X0sMB2j2oO5k/MbnjNDhDEMgJA03MIaOHbxyl3ELjnepyQ6zBq5xNwKkzY7AxncTWoa7LDSSA8KlKFoIVXY0nIgG8ux3tbW3gMIr4qWhD+yUIMg2dGiyHLG9D+S/JSMimtZN0tvFobX264o1UV4KJ3IEeDLLcOnxtBCtwiN8OSSizUG4rusRGzxJXjOfC7HAVB28tf2b1FRd5jrBBZryCqa4YAORjRtRg0DIEcdxBnqDr8OEJKo+8O8fFMn8sDXRokAp2aQm+a1WzlMxOfvYP/1mLeiEa9eprimkroRBlylS3DW0NFu4/2OdOwZ1Vl6YdZPf31RT9OuarwZyRAJ37vh1iY+z5sLZCLTJJukgRIdtUgXXU8ruoZPxGOcnF X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM3PR12MB9416.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(18002099003)(22082099003)(56012099003)(11063799006)(5023799004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?BRwaHPUZV9BML+t79/q0B3FZWi63TYLIIki/2lrzXbIzyzgBwqtcqbNook9M?= =?us-ascii?Q?uMauBNEmR3AUsj+RRpaY8iNveOplV/uSj1nfTlR6mTbd+7OPb8P43SsPchoU?= =?us-ascii?Q?sJiphjwELEi/9w/695+nr/s0PdSTOJMdx0dOMIUxXyZP87eIAHsaUI5T3s1O?= =?us-ascii?Q?Ybfoul6atvyyV3zCVp2DmVa2YBxCNPFLKI1yxLAVJjnBW872fVZpA+8L7Rbj?= =?us-ascii?Q?3Yxm5P9LL584RMsnY1ptwdSF3Kwl3xkeY8a4YGRz65Wa0klFXBMIBVzPMzak?= =?us-ascii?Q?3CuoiPxS6pt4EqXL0eed3uwdBoRMgh/VW+URqNr2lhE4bKut3Vmhs7/3/mpF?= =?us-ascii?Q?c2yVmDKbaHcgR20tIwIyx6Q+UDpSYE5+6UINeqC031VXbUcH2b+jwHZZQSeP?= =?us-ascii?Q?NeyyWuQWv97UuCHZtxNor5pnBV7bIouxrsgsiMIOpj38fbtBbZYtWtlDP/P4?= =?us-ascii?Q?CcDVaLZOgCyGKIaKzFjEcQtIzxlSzCp0d8DxqslVNvfL5vDig9q5ALl8s/pR?= =?us-ascii?Q?foxji1MMmWs8DxaGKDA/ECEPy9EejAzaDoDvDi2/VzHTDOl+vvXzOMPK4Rz3?= =?us-ascii?Q?1WyaF7GM+3NlglUIYUOHyqV1Ss7bE4mRaolEppLOpPXeCa1hqZLjN5p+YkeZ?= =?us-ascii?Q?/J4NFoNGHkM50p3c4sFka98YHcv+U8wYiJUAUqA3Vp4rINPyQTmD9OErondh?= =?us-ascii?Q?ogi3GcymKug53iJfaBLyBtIsBtVFWBBpzvUY4AIowFibk0CdOdVJZ85iE23t?= =?us-ascii?Q?Qn3pWCmi0tsMmDen5+NwkvFMzZtsC95nceXWVrjCgiC7HxQjK3gwWjW0N8FO?= =?us-ascii?Q?Eu7+e4uw/P47BSsIezVNAqIjHV1WYuX23iQTTY3U2A9qSqFMwD89lKBymJ/B?= =?us-ascii?Q?nF1urGsRmNBAUuNFKcJlpa+JMRoh1BfXjXvUr5nI8VuWQotU4ZQP9yOTu+eD?= =?us-ascii?Q?xI+hxfchAVe29nLMDkeHKa6WwLcmsczjgIRjp1YiaQJk4hKv0Y8dOVA5UO0f?= =?us-ascii?Q?9LkEuwZffwnS7p2K8OsE9eCwLQnbHdtP5I2waNxaD0cZmEJ2PT1iJxaRGCy2?= =?us-ascii?Q?Y9JI7zzJ37becYMgFhgB500MIN7qiuDjf3/DTnFfqtU1ZQBAuO5VhZXQ9SK5?= =?us-ascii?Q?WBbPs5dy/Fw6T3kPw1VI4sWgR4H952LbAd2Ce/K0Sph9n1RcCRPL72aP3d+L?= =?us-ascii?Q?KTWLedo46C2qmkZdUiwF3g7zxS9oxe0PYj85Wu/lIiq2bKj1XuS0+eo6nfqG?= =?us-ascii?Q?J53YpowUqgFmb3kX3CM3dhIX4YQjpWPFKUpFVl15gLdgaTuvGIZLJM3w7nPu?= =?us-ascii?Q?YrP2BC35C0q1l7SLUp8eb27vxE6kfcZtEpjVHquJ3b8/fRTeT2oZVCnmXkeC?= =?us-ascii?Q?5cUIiGFJVZZBVm8B05TAm49USJeTPxmSi8ryuR0Q1i0I8+mN+FirL5EgC1eW?= =?us-ascii?Q?HpJn6hE/CRhsQW++rCOWqA0z+sWBABU8mMO0bTro8B4hMJy12N1Oj3FTVm81?= =?us-ascii?Q?L5vBs2zy4i6HB6/iKfOVu4S1RbE5uxQPJ6tiEMdM+iEEhuunRH72T0pc4dLT?= =?us-ascii?Q?rQlJYpjdzqmQJ806GC6hwalVoaa/2uay3RsDxmjfgfWRfDnNzX/EIvUmXUzg?= =?us-ascii?Q?02+Co3sGvj2FELhgaCm+MjiYbqqj1N09+xsL+Pn0Ux5rDloT3EdZ2w37aBHz?= =?us-ascii?Q?OnRz2hMdo7j00Vv75TRzorfE/F3XSIdCcG802ho9jMszkRoaY49fLlL0e5b2?= =?us-ascii?Q?RFuQN0/n9g=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: fa379677-a12f-42e5-b96d-08deb86b4c0d X-MS-Exchange-CrossTenant-AuthSource: DM3PR12MB9416.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2026 01:33:31.1146 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1qxsNh5bfY23eNvDUDUlff4BVKvnTQvHmBi/7TiDFcpHqvffY6sapTU+q0cv62UkOgYgL4MjssgFU+Gb/nHh1Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY3PR12MB9580 Content-Type: text/plain; charset="utf-8" xe OA and EU-stall paths open-code a partial copy of the system-wide perf CPU-event permission check: if (xe_observation_paranoid && !perfmon_capable()) return -EACCES; This open-coded check skips two things perf_allow_cpu() handles: the graduated kernel.perf_event_paranoid policy that an administrator may have tuned, and the security_perf_event_open() LSM hook. Introduce xe_observation_paranoid_check() to wrap perf_allow_cpu(), and convert the open-coded sites in xe_oa.c and xe_eu_stall.c. The dev.xe.observation_paranoid sysctl still acts as an escape hatch when cleared. xe observation now consults kernel.perf_event_paranoid and the LSM perf hook on every open. Sites that have already configured an LSM perf policy or tuned the paranoid sysctl will see those settings extend to xe. Signed-off-by: John Hubbard --- drivers/gpu/drm/xe/xe_eu_stall.c | 5 +++-- drivers/gpu/drm/xe/xe_oa.c | 25 +++++++++++++--------- drivers/gpu/drm/xe/xe_observation.c | 32 ++++++++++++++++++++++++----- drivers/gpu/drm/xe/xe_observation.h | 3 +-- 4 files changed, 46 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_eu_stall.c b/drivers/gpu/drm/xe/xe_eu_st= all.c index dddcdd0bb7a3..ede8e3c98b2b 100644 --- a/drivers/gpu/drm/xe/xe_eu_stall.c +++ b/drivers/gpu/drm/xe/xe_eu_stall.c @@ -963,9 +963,10 @@ int xe_eu_stall_stream_open(struct drm_device *dev, u6= 4 data, struct drm_file *f return -ENODEV; } =20 - if (xe_observation_paranoid && !perfmon_capable()) { + ret =3D xe_observation_paranoid_check(); + if (ret) { drm_dbg(&xe->drm, "Insufficient privileges for EU stall monitoring\n"); - return -EACCES; + return ret; } =20 /* Initialize and set default values */ diff --git a/drivers/gpu/drm/xe/xe_oa.c b/drivers/gpu/drm/xe/xe_oa.c index d908f4e03906..f3dcff66b336 100644 --- a/drivers/gpu/drm/xe/xe_oa.c +++ b/drivers/gpu/drm/xe/xe_oa.c @@ -1676,9 +1676,10 @@ static int xe_oa_mmap(struct file *file, struct vm_a= rea_struct *vma) unsigned long start =3D vma->vm_start; int i, ret; =20 - if (xe_observation_paranoid && !perfmon_capable()) { + ret =3D xe_observation_paranoid_check(); + if (ret) { drm_dbg(&stream->oa->xe->drm, "Insufficient privilege to map OA buffer\n= "); - return -EACCES; + return ret; } =20 /* Can mmap the entire OA buffer or nothing (no partial OA buffer mmaps) = */ @@ -2054,10 +2055,12 @@ int xe_oa_stream_open_ioctl(struct drm_device *dev,= u64 data, struct drm_file *f privileged_op =3D true; } =20 - if (privileged_op && xe_observation_paranoid && !perfmon_capable()) { - drm_dbg(&oa->xe->drm, "Insufficient privileges to open xe OA stream\n"); - ret =3D -EACCES; - goto err_exec_q; + if (privileged_op) { + ret =3D xe_observation_paranoid_check(); + if (ret) { + drm_dbg(&oa->xe->drm, "Insufficient privileges to open xe OA stream\n"); + goto err_exec_q; + } } =20 if (!param.exec_q && !param.sample) { @@ -2336,9 +2339,10 @@ int xe_oa_add_config_ioctl(struct drm_device *dev, u= 64 data, struct drm_file *fi return -ENODEV; } =20 - if (xe_observation_paranoid && !perfmon_capable()) { + err =3D xe_observation_paranoid_check(); + if (err) { drm_dbg(&oa->xe->drm, "Insufficient privileges to add xe OA config\n"); - return -EACCES; + return err; } =20 err =3D copy_from_user(¶m, u64_to_user_ptr(data), sizeof(param)); @@ -2438,9 +2442,10 @@ int xe_oa_remove_config_ioctl(struct drm_device *dev= , u64 data, struct drm_file return -ENODEV; } =20 - if (xe_observation_paranoid && !perfmon_capable()) { + ret =3D xe_observation_paranoid_check(); + if (ret) { drm_dbg(&oa->xe->drm, "Insufficient privileges to remove xe OA config\n"= ); - return -EACCES; + return ret; } =20 ret =3D get_user(arg, ptr); diff --git a/drivers/gpu/drm/xe/xe_observation.c b/drivers/gpu/drm/xe/xe_ob= servation.c index e3f9b546207e..39e05b9131a7 100644 --- a/drivers/gpu/drm/xe/xe_observation.c +++ b/drivers/gpu/drm/xe/xe_observation.c @@ -4,6 +4,7 @@ */ =20 #include +#include #include =20 #include @@ -12,9 +13,28 @@ #include "xe_oa.h" #include "xe_observation.h" =20 -u32 xe_observation_paranoid =3D true; +static u32 xe_observation_paranoid =3D true; static struct ctl_table_header *sysctl_header; =20 +/** + * xe_observation_paranoid_check - Gate access to xe observation streams. + * + * When the xe-specific observation_paranoid sysctl is enabled (the + * default), defer to perf_allow_cpu() so that access is governed by the + * same policy as system-wide perf CPU events: kernel.perf_event_paranoid + * plus the security_perf_event_open() LSM hook. When the sysctl has been + * cleared by a privileged user, observation is open to all callers. + * + * Return: 0 if access is permitted, a negative errno otherwise. + */ +int xe_observation_paranoid_check(void) +{ + if (!xe_observation_paranoid) + return 0; + + return perf_allow_cpu(); +} + static int xe_oa_ioctl(struct drm_device *dev, struct drm_xe_observation_p= aram *arg, struct drm_file *file) { @@ -83,11 +103,13 @@ static const struct ctl_table observation_ctl_table[] = =3D { }; =20 /** - * xe_observation_sysctl_register - Register xe_observation_paranoid sysctl + * xe_observation_sysctl_register - Register the observation_paranoid sysc= tl * - * Normally only superuser/root can access observation stream - * data. However, superuser can set xe_observation_paranoid sysctl to 0 to - * allow non-privileged users to also access observation data. + * When dev.xe.observation_paranoid is set (the default), access to + * observation streams follows the system-wide perf_allow_cpu() policy: + * kernel.perf_event_paranoid plus the security_perf_event_open() LSM + * hook. A privileged user can clear the sysctl to bypass that gate and + * allow unprivileged access to observation data. * * Return: always returns 0 */ diff --git a/drivers/gpu/drm/xe/xe_observation.h b/drivers/gpu/drm/xe/xe_ob= servation.h index 17816998e966..73a03e03c96a 100644 --- a/drivers/gpu/drm/xe/xe_observation.h +++ b/drivers/gpu/drm/xe/xe_observation.h @@ -11,8 +11,7 @@ struct drm_device; struct drm_file; =20 -extern u32 xe_observation_paranoid; - +int xe_observation_paranoid_check(void); int xe_observation_ioctl(struct drm_device *dev, void *data, struct drm_fi= le *file); int xe_observation_sysctl_register(void); void xe_observation_sysctl_unregister(void); --=20 2.54.0