1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * ksyms_common.c: A split of kernel/kallsyms.c |
4 | * Contains a few generic function definations independent of config KALLSYMS. |
5 | */ |
6 | #include <linux/kallsyms.h> |
7 | #include <linux/security.h> |
8 | |
9 | static inline int kallsyms_for_perf(void) |
10 | { |
11 | #ifdef CONFIG_PERF_EVENTS |
12 | extern int sysctl_perf_event_paranoid; |
13 | |
14 | if (sysctl_perf_event_paranoid <= 1) |
15 | return 1; |
16 | #endif |
17 | return 0; |
18 | } |
19 | |
20 | /* |
21 | * We show kallsyms information even to normal users if we've enabled |
22 | * kernel profiling and are explicitly not paranoid (so kptr_restrict |
23 | * is clear, and sysctl_perf_event_paranoid isn't set). |
24 | * |
25 | * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to |
26 | * block even that). |
27 | */ |
28 | bool kallsyms_show_value(const struct cred *cred) |
29 | { |
30 | switch (kptr_restrict) { |
31 | case 0: |
32 | if (kallsyms_for_perf()) |
33 | return true; |
34 | fallthrough; |
35 | case 1: |
36 | if (security_capable(cred, ns: &init_user_ns, CAP_SYSLOG, |
37 | CAP_OPT_NOAUDIT) == 0) |
38 | return true; |
39 | fallthrough; |
40 | default: |
41 | return false; |
42 | } |
43 | } |
44 | |