1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * ksyms_common.c: A split of kernel/kallsyms.c
4 * Contains a few generic function definations independent of config KALLSYMS.
5 */
6#include <linux/kallsyms.h>
7#include <linux/security.h>
8
9static inline int kallsyms_for_perf(void)
10{
11#ifdef CONFIG_PERF_EVENTS
12	extern int sysctl_perf_event_paranoid;
13
14	if (sysctl_perf_event_paranoid <= 1)
15		return 1;
16#endif
17	return 0;
18}
19
20/*
21 * We show kallsyms information even to normal users if we've enabled
22 * kernel profiling and are explicitly not paranoid (so kptr_restrict
23 * is clear, and sysctl_perf_event_paranoid isn't set).
24 *
25 * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to
26 * block even that).
27 */
28bool kallsyms_show_value(const struct cred *cred)
29{
30	switch (kptr_restrict) {
31	case 0:
32		if (kallsyms_for_perf())
33			return true;
34		fallthrough;
35	case 1:
36		if (security_capable(cred, &init_user_ns, CAP_SYSLOG,
37				     CAP_OPT_NOAUDIT) == 0)
38			return true;
39		fallthrough;
40	default:
41		return false;
42	}
43}
44