Hi,
On 19.11.2018 13:33, Peter Zijlstra wrote:

On Mon, Nov 19, 2018 at 08:42:52AM +0300, Alexey Budankov wrote:

quoted

Implement initial version of perf-security.rst documentation file 
initially covering security concerns related to PCL/Perf performance 
monitoring in multiuser environments.

Ditch the PCL thing. That's not a term used anywhere in the kernel.

Ok. Which is the proper wording to reference to Perf kernel subsystem?

Also:

quoted

+PCL/Perf unprivileged users
+---------------------------
+
+PCL/Perf *scope* and *access* control for unprivileged processes is governed by
+perf_event_paranoid [2]_ setting:
+
+**-1**:
+     Impose no *scope* and *access* restrictions on using PCL performance
+     monitoring. Per-user per-cpu perf_event_mlock_kb [2]_ locking limit is
+     ignored when allocating memory buffers for storing performance data.
+     This is the least secure mode since allowed monitored *scope* is
+     maximized and no PCL specific limits are imposed on *resources*
+     allocated for performance monitoring.
+
+**>=0**:
+     *scope* includes per-process and system wide performance monitoring
+     but excludes raw tracepoints and ftrace function tracepoints monitoring.
+     CPU and system events happened when executing either in user or
+     in kernel space can be monitored and captured for later analysis.
+     Per-user per-cpu perf_event_mlock_kb locking limit is imposed but
+     ignored for unprivileged processes with CAP_IPC_LOCK [6]_ capability.
+
+**>=1**:
+     *scope* includes per-process performance monitoring only and excludes
+     system wide performance monitoring. CPU and system events happened when
+     executing either in user or in kernel space can be monitored and
+     captured for later analysis. Per-user per-cpu perf_event_mlock_kb
+     locking limit is imposed but ignored for unprivileged processes with
+     CAP_IPC_LOCK capability.
+
+**>=2**:
+     *scope* includes per-process performance monitoring only. CPU and system
+     events happened when executing in user space only can be monitored and
+     captured for later analysis. Per-user per-cpu perf_event_mlock_kb
+     locking limit is imposed but ignored for unprivileged processes with
+     CAP_IPC_LOCK capability.
+
+**>=3**:
+     Restrict *access* to PCL performance monitoring for unprivileged processes.
+     This is the default on Debian and Android [7]_ , [8]_ .

that ** crud is unreadable.

It can be avoided without missing the sense.

"two asterisks: **text** for strong emphasis (boldface)". 

Thanks,
Alexey

http://lkml.kernel.org/r/094556ca-ea87-9c4a-2115-600d2833fb2a@darmarit.de