Commit | Line | Data |
---|---|---|
b06e9318 MS |
1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* | |
3 | * ksyms_common.c: A split of kernel/kallsyms.c | |
4 | * Contains a few generic function definations independent of config KALLSYMS. | |
5 | */ | |
6 | #include <linux/kallsyms.h> | |
7 | #include <linux/security.h> | |
8 | ||
b06e9318 MS |
9 | static inline int kallsyms_for_perf(void) |
10 | { | |
11 | #ifdef CONFIG_PERF_EVENTS | |
12 | extern int sysctl_perf_event_paranoid; | |
13 | ||
14 | if (sysctl_perf_event_paranoid <= 1) | |
15 | return 1; | |
16 | #endif | |
17 | return 0; | |
18 | } | |
19 | ||
20 | /* | |
21 | * We show kallsyms information even to normal users if we've enabled | |
22 | * kernel profiling and are explicitly not paranoid (so kptr_restrict | |
23 | * is clear, and sysctl_perf_event_paranoid isn't set). | |
24 | * | |
25 | * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to | |
26 | * block even that). | |
27 | */ | |
28 | bool kallsyms_show_value(const struct cred *cred) | |
29 | { | |
30 | switch (kptr_restrict) { | |
31 | case 0: | |
32 | if (kallsyms_for_perf()) | |
33 | return true; | |
34 | fallthrough; | |
35 | case 1: | |
36 | if (security_capable(cred, &init_user_ns, CAP_SYSLOG, | |
37 | CAP_OPT_NOAUDIT) == 0) | |
38 | return true; | |
39 | fallthrough; | |
40 | default: | |
41 | return false; | |
42 | } | |
43 | } |