1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * ksyms_common.c: A split of kernel/kallsyms.c
4  * Contains a few generic function definations independent of config KALLSYMS.
5  */
6 #include <linux/kallsyms.h>
7 #include <linux/security.h>
8 
kallsyms_for_perf(void)9 static inline int kallsyms_for_perf(void)
10 {
11 #ifdef CONFIG_PERF_EVENTS
12 	extern int sysctl_perf_event_paranoid;
13 
14 	if (sysctl_perf_event_paranoid <= 1)
15 		return 1;
16 #endif
17 	return 0;
18 }
19 
20 /*
21  * We show kallsyms information even to normal users if we've enabled
22  * kernel profiling and are explicitly not paranoid (so kptr_restrict
23  * is clear, and sysctl_perf_event_paranoid isn't set).
24  *
25  * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to
26  * block even that).
27  */
kallsyms_show_value(const struct cred * cred)28 bool kallsyms_show_value(const struct cred *cred)
29 {
30 	switch (kptr_restrict) {
31 	case 0:
32 		if (kallsyms_for_perf())
33 			return true;
34 		fallthrough;
35 	case 1:
36 		if (security_capable(cred, &init_user_ns, CAP_SYSLOG,
37 				     CAP_OPT_NOAUDIT) == 0)
38 			return true;
39 		fallthrough;
40 	default:
41 		return false;
42 	}
43 }
44