However, this has been backported into the SLE11 codebase.

Code snippet is in SLES11 SP3 (not in SLES 11 SP2) apparently.

diff:
diff --git a/kernel/trace/trace_event_perf.c
b/kernel/trace/trace_event_perf.c index 80c36bc..78e27e3 100644
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct
ftrace_event_call *tp_event, {
        /* The ftrace function trace is allowed only for root. */
        if (ftrace_event_is_function(tp_event) &&
-           perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
+           perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
                return -EPERM;
 
        /* No tracing, just counting, so no obvious leak */

public

I think this hunk is not relevant for SP2 because it probably needs

commit ced39002f5ea736b716ae233fb68b26d59783912
Author: Jiri Olsa <jolsa@redhat.com>
Date:   Wed Feb 15 15:51:52 2012 +0100

    ftrace, perf: Add support to use function tracepoint in perf

prior to that. And I'd venture a guess that we don't support

perf record -e ftrace:<function>

in SP2? Tony?

(In reply to comment #3)
> I think this hunk is not relevant for SP2 because it probably needs
> 
> commit ced39002f5ea736b716ae233fb68b26d59783912
> Author: Jiri Olsa <jolsa@redhat.com>
> Date:   Wed Feb 15 15:51:52 2012 +0100
> 
>     ftrace, perf: Add support to use function tracepoint in perf
> 
> prior to that. And I'd venture a guess that we don't support
> 
> perf record -e ftrace:<function>
> 
> in SP2? Tony?


Correct,  the code in question (comment 1) was added to SP3 as part of the intel-perf-event series, specifically 'intel-perf-event-0066-ftrace-perf-add-support-to-use-function-tracepoint-in-perf.patch'

None of this is in SP2.

12ae030d looks correct for SP3.   Plus relevant OpenSUSE.

Obviously this is only exploitable in our -trace/-debug flavors (all products) but oddly I'm not able to reproduce as I expected using the trace flavor.  

The change in perf_trace_event_perm() is clearly correct but I must be missing something ......

After allowing non-root access to /sys/kernel/debug [so "perf list" sees the event] I get the following:

$ id
uid=1000(tonyj) gid=100(users) groups=100(users),33(video)

$ strace /usr/bin/perf record -e ftrace:function ls
...
...
perf_event_open(0x15a6d90, 0x18d8, 0, 0xffffffff, 0) = -1 EPERM (Operation not permitted)
write(2, "Error:\n", 7Error:
)                 = 7
write(2, "Permission error - are you root?"..., 243Permission error - are you root?
Consider tweaking /proc/sys/kernel/perf_event_paranoid:
 -1 - Not paranoid at all
  0 - Disallow raw tracepoint access for unpriv
  1 - Disallow cpu events for unpriv
  2 - Disallow kernel profiling for unpriv
) = 243
close(0)                                = 0

$ cat /proc/sys/kernel/perf_event_paranoid
1

I'll look at it tomorrow as based on the existing perf_paranoid_kernel() check it should reproduce.

Not able to reproduce using '-e ftrace:function' as existing paranoid fall-through test traps issue.   

Unclear what is necessary to reproduce, original discussion of issue is I believe https://lkml.org/lkml/2013/8/26/282 and it's not clear.  

Anyways, fix is obviously correct.


Submitted to SLE11-SP3 and OpenSUSE-12.3 as 'patches.fixes/perf-ftrace-fix-paranoid-level-for-enabling-function-tracer.patch'

Already in openSUSE-13.1 via stable 'patches.kernel.org/patch-3.11.9-10'.
Already in openSUSE-12.2 via stable 'patches.kernel.org/patch-3.4.70-71'

Update released for: cluster-network-kmp-rt, cluster-network-kmp-rt_trace, drbd-kmp-rt, drbd-kmp-rt_trace, iscsitarget-kmp-rt, iscsitarget-kmp-rt_trace, kernel-rt, kernel-rt-base, kernel-rt-debuginfo, kernel-rt-debugsource, kernel-rt-devel, kernel-rt-devel-debuginfo, kernel-rt-extra, kernel-rt-hmac, kernel-rt_trace, kernel-rt_trace-base, kernel-rt_trace-debuginfo, kernel-rt_trace-debugsource, kernel-rt_trace-devel, kernel-rt_trace-devel-debuginfo, kernel-rt_trace-extra, kernel-rt_trace-hmac, kernel-source-rt, kernel-syms-rt, lttng-modules-kmp-rt, lttng-modules-kmp-rt_trace, ocfs2-kmp-rt, ocfs2-kmp-rt_trace, ofed-kmp-rt, ofed-kmp-rt_trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-RT 11-SP3 (x86_64)

SUSE-SU-2014:0168-1: An update that solves 16 vulnerabilities and has 83 fixes is now available.

Category: security (moderate)
Bug References: 708296,733022,770541,787843,789359,803174,806988,810323,813245,818064,818545,819979,820102,820338,821619,821980,825006,825696,825896,826602,826756,826978,827527,827767,828236,831103,833097,834473,834708,834808,835074,835186,836718,837206,837739,838623,839407,839973,840116,840226,841445,841654,842239,843185,843419,843429,843445,843642,843645,843654,845352,845378,845729,846036,846298,846989,847261,847660,847842,848317,848321,848335,848336,848544,848864,849021,849029,849034,849256,849362,849404,849675,849809,849950,850072,850103,850324,850493,850640,851066,851101,851290,851314,851879,852373,852558,852559,852652,852761,853050,853051,853053,853428,853465,854546,854634,854722,856307,856481
CVE References: CVE-2013-2146,CVE-2013-2930,CVE-2013-4345,CVE-2013-4483,CVE-2013-4511,CVE-2013-4514,CVE-2013-4515,CVE-2013-4587,CVE-2013-4592,CVE-2013-6367,CVE-2013-6376,CVE-2013-6378,CVE-2013-6380,CVE-2013-6383,CVE-2013-6463,CVE-2013-7027
Sources used:
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.37, drbd-kmp-8.4.4-0.22.3, iscsitarget-1.4.20-0.38.22, kernel-rt-3.0.101.rt130-0.10.1, kernel-rt_trace-3.0.101.rt130-0.10.1, kernel-source-rt-3.0.101.rt130-0.10.1, kernel-syms-rt-3.0.101.rt130-0.10.1, lttng-modules-2.1.1-0.11.22, ocfs2-1.6-0.20.37, ofed-1.5.4.1-0.13.28

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ia64)
SLE-HAE 11-SP3 (ia64)
SLE-SERVER 11-SP3 (ia64)

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (s390x)
SLE-HAE 11-SP3 (s390x)
SLE-SERVER 11-SP3 (s390x)

Update released for: cluster-network-kmp-default, cluster-network-kmp-ppc64, cluster-network-kmp-trace, gfs2-kmp-default, gfs2-kmp-ppc64, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-default-hmac, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-ppc64-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra, kernel-trace-hmac, ocfs2-kmp-default, ocfs2-kmp-ppc64, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (ppc64)
SLE-HAE 11-SP3 (ppc64)
SLE-SERVER 11-SP3 (ppc64)

Update released for: cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-pae-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-pae, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (i386)
SLE-DESKTOP 11-SP3 (i386)
SLE-HAE 11-SP3 (i386)
SLE-SERVER 11-SP3 (i386)
SLES4VMWARE 11-SP3 (i386)

Update released for: cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-hmac, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-hmac, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-hmac, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, kernel-xen-hmac, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen, xen-kmp-default, xen-kmp-trace
Products:
SLE-DEBUGINFO 11-SP3 (x86_64)
SLE-DESKTOP 11-SP3 (x86_64)
SLE-HAE 11-SP3 (x86_64)
SLE-SERVER 11-SP3 (x86_64)
SLES4VMWARE 11-SP3 (x86_64)

Update released for: kernel-default-extra, kernel-ppc64-extra
Products:
SLE-SERVER 11-EXTRA (ppc64)

SUSE-SU-2014:0189-1: An update that solves 17 vulnerabilities and has 104 fixes is now available.

Category: security (moderate)
Bug References: 708296,733022,769035,769644,770541,787843,789359,793727,798050,805114,805740,806988,807434,810323,813245,818064,818545,819979,820102,820338,820434,821619,821980,823618,825006,825696,825896,826602,826756,826978,827527,827767,828236,831103,833097,834473,834708,834808,835074,835186,836718,837206,837739,838623,839407,839973,840116,840226,841445,841654,842239,843185,843419,843429,843445,843642,843645,843654,845352,845378,845621,845729,846036,846298,846654,846984,846989,847261,847660,847842,848055,848317,848321,848335,848336,848544,848652,848864,849021,849029,849034,849256,849362,849364,849404,849675,849809,849855,849950,850072,850103,850324,850493,850640,851066,851101,851290,851314,851603,851879,852153,852373,852558,852559,852624,852652,852761,853050,853051,853052,853053,853428,853465,854516,854546,854634,854722,856307,856481,858534,858831
CVE References: CVE-2013-2146,CVE-2013-2930,CVE-2013-4345,CVE-2013-4483,CVE-2013-4511,CVE-2013-4514,CVE-2013-4515,CVE-2013-4587,CVE-2013-4592,CVE-2013-6367,CVE-2013-6368,CVE-2013-6376,CVE-2013-6378,CVE-2013-6380,CVE-2013-6383,CVE-2013-6463,CVE-2013-7027
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.15.1, kernel-pae-3.0.101-0.15.1, kernel-source-3.0.101-0.15.1, kernel-syms-3.0.101-0.15.1, kernel-trace-3.0.101-0.15.1, kernel-xen-3.0.101-0.15.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.15.1, kernel-ec2-3.0.101-0.15.1, kernel-pae-3.0.101-0.15.1, kernel-ppc64-3.0.101-0.15.1, kernel-source-3.0.101-0.15.1, kernel-syms-3.0.101-0.15.1, kernel-trace-3.0.101-0.15.1, kernel-xen-3.0.101-0.15.1, xen-4.2.3_08-0.7.22
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.40, gfs2-2-0.16.46, ocfs2-1.6-0.20.40
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.15.1, kernel-pae-3.0.101-0.15.1, kernel-source-3.0.101-0.15.1, kernel-syms-3.0.101-0.15.1, kernel-trace-3.0.101-0.15.1, kernel-xen-3.0.101-0.15.1, xen-4.2.3_08-0.7.22
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.15.1, kernel-pae-3.0.101-0.15.1, kernel-ppc64-3.0.101-0.15.1, kernel-xen-3.0.101-0.15.1

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (ia64)

Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)

Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)

Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)

openSUSE-SU-2014:0204-1: An update that solves 16 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 804950,805226,808358,811746,825006,831836,838024,840226,840656,844513,848079,848255,849021,849023,849029,849034,849362,852373,852558,852559,853050,853051,853052,853053,854173,854634,854722,860993
CVE References: CVE-2013-0343,CVE-2013-1792,CVE-2013-4348,CVE-2013-4511,CVE-2013-4513,CVE-2013-4514,CVE-2013-4515,CVE-2013-4587,CVE-2013-6367,CVE-2013-6368,CVE-2013-6376,CVE-2013-6378,CVE-2013-6380,CVE-2013-6431,CVE-2013-7027,CVE-2014-0038
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.28.2, kernel-source-3.7.10-1.28.1, kernel-syms-3.7.10-1.28.1