lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 31 Mar 2012 17:37:39 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Ingo Molnar <mingo@...hat.com>, Jason Baron <jbaron@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: syscall_regfunc() && TIF_SYSCALL_TRACEPOINT

On Sat, 2012-03-31 at 22:45 +0200, Oleg Nesterov wrote:
> On 03/30, Steven Rostedt wrote:
> >
> > On Fri, 2012-03-30 at 22:15 +0200, Oleg Nesterov wrote:
> >
> > > But I don't really understand why do you think that "clear" is more
> > > important.
> >
> > They are both important. But as I tend to consider performance when
> > tracing is off as critical, I'm more concerned about that. But both must
> > be fixed, because not reporting traces can confuse a developer.
> 
> Ah, got it, thanks.
> 
> I was going to send the simple patch we discussed, but suddenly I
> realized that I have another question.
> 
> Why do we want to filter out the kernel threads in syscall_regfunc?
> 
> >From cc3b13c1 "tracing: Don't trace kernel thread syscalls"
> 
> 	 then it has no effect to trace the kernel thread calls
> 	 to syscalls in that path.
> 	 Setting the TIF_SYSCALL_TRACEPOINT flag is then useless for these.
> 
> OK, but then it doesn't hurt? Or is there another reason why
> TIF_SYSCALL_TRACEPOINT is not desirable on kthread?

Right, it doesn't hurt. I was about to say that in a previous email.

> 
> The problem is ____call_usermodehelper() which execs the user-space
> task. This clears PF_KTHREAD (sets ->mm), but obviously if
> sys_tracepoint_refcount != 0 this is too late.
> 
> So what do you think we should do,
> 
> 	- keep this check
> 
> 	- remove it
> 
> 	- remove it in a separate patch

I say this one (remove it in a separate patch). That way if something
breaks we know exactly what did it ;-)

> 
> 	- add the "sync with sys_tracepoint_refcount" hook
> 	  before kernel_execve()
> 
> ?

-- Steve


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ