1*b06e9318SManinder Singh // SPDX-License-Identifier: GPL-2.0-only 2*b06e9318SManinder Singh /* 3*b06e9318SManinder Singh * ksyms_common.c: A split of kernel/kallsyms.c 4*b06e9318SManinder Singh * Contains a few generic function definations independent of config KALLSYMS. 5*b06e9318SManinder Singh */ 6*b06e9318SManinder Singh #include <linux/kallsyms.h> 7*b06e9318SManinder Singh #include <linux/security.h> 8*b06e9318SManinder Singh kallsyms_for_perf(void)9*b06e9318SManinder Singhstatic inline int kallsyms_for_perf(void) 10*b06e9318SManinder Singh { 11*b06e9318SManinder Singh #ifdef CONFIG_PERF_EVENTS 12*b06e9318SManinder Singh extern int sysctl_perf_event_paranoid; 13*b06e9318SManinder Singh 14*b06e9318SManinder Singh if (sysctl_perf_event_paranoid <= 1) 15*b06e9318SManinder Singh return 1; 16*b06e9318SManinder Singh #endif 17*b06e9318SManinder Singh return 0; 18*b06e9318SManinder Singh } 19*b06e9318SManinder Singh 20*b06e9318SManinder Singh /* 21*b06e9318SManinder Singh * We show kallsyms information even to normal users if we've enabled 22*b06e9318SManinder Singh * kernel profiling and are explicitly not paranoid (so kptr_restrict 23*b06e9318SManinder Singh * is clear, and sysctl_perf_event_paranoid isn't set). 24*b06e9318SManinder Singh * 25*b06e9318SManinder Singh * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to 26*b06e9318SManinder Singh * block even that). 27*b06e9318SManinder Singh */ kallsyms_show_value(const struct cred * cred)28*b06e9318SManinder Singhbool kallsyms_show_value(const struct cred *cred) 29*b06e9318SManinder Singh { 30*b06e9318SManinder Singh switch (kptr_restrict) { 31*b06e9318SManinder Singh case 0: 32*b06e9318SManinder Singh if (kallsyms_for_perf()) 33*b06e9318SManinder Singh return true; 34*b06e9318SManinder Singh fallthrough; 35*b06e9318SManinder Singh case 1: 36*b06e9318SManinder Singh if (security_capable(cred, &init_user_ns, CAP_SYSLOG, 37*b06e9318SManinder Singh CAP_OPT_NOAUDIT) == 0) 38*b06e9318SManinder Singh return true; 39*b06e9318SManinder Singh fallthrough; 40*b06e9318SManinder Singh default: 41*b06e9318SManinder Singh return false; 42*b06e9318SManinder Singh } 43*b06e9318SManinder Singh } 44