kernel/ksyms_common.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * ksyms_common.c: A split of kernel/kallsyms.c
   4  * Contains a few generic function definations independent of config KALLSYMS.
   5  */
   6 #include <linux/kallsyms.h>
   7 #include <linux/security.h>
   8
   9 static inline int kallsyms_for_perf(void)
  10 {
  11 #ifdef CONFIG_PERF_EVENTS
  12         extern int sysctl_perf_event_paranoid;
  13
  14         if (sysctl_perf_event_paranoid <= 1)
  15                 return 1;
  16 #endif
  17         return 0;
  18 }
  19
  20 /*
  21  * We show kallsyms information even to normal users if we've enabled
  22  * kernel profiling and are explicitly not paranoid (so kptr_restrict
  23  * is clear, and sysctl_perf_event_paranoid isn't set).
  24  *
  25  * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to
  26  * block even that).
  27  */
  28 bool kallsyms_show_value(const struct cred *cred)
  29 {
  30         switch (kptr_restrict) {
  31         case 0:
  32                 if (kallsyms_for_perf())
  33                         return true;
  34                 fallthrough;
  35         case 1:
  36                 if (security_capable(cred, &init_user_ns, CAP_SYSLOG,
  37                                      CAP_OPT_NOAUDIT) == 0)
  38                         return true;
  39                 fallthrough;
  40         default:
  41                 return false;
  42         }
  43 }