lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 26 Aug 2015 22:05:13 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Johannes Berg <johannes@...solutions.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>, adrian.hunter@...el.com,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
	Vince Weaver <vince@...ter.net>,
	Arnaldo Carvalho de Melo <acme@...radead.org>,
	linux-kernel@...r.kernel.org,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Stephane Eranian <eranian@...gle.com>
Subject: Re: [PATCH v2 0/6] perf: Introduce extended syscall error reporting

On Wed, Aug 26, 2015 at 11:41:11AM -0700, Andrew Morton wrote:
> On Wed, 26 Aug 2015 09:26:56 +0200 Ingo Molnar <mingo@...nel.org> wrote:
> 
> > 
> > * Ingo Molnar <mingo@...nel.org> wrote:
> > 
> > > ... but back then I didn't feel like complicating an error recovery ABI for the 
> > > needs of the 1%, robust error handling is all about simplicity: if it's not 
> > > simple, tools won't use it.
> > 
> > And note that it needs to be 'simple' in two places for usage to grow naturally: 
> > 
> >   - the usage site in the kernel
> >   - the tooling side that recovers the information.
> > 
> > That's why I think that such a form:
> > 
> > 	return err_str(-EINVAL, "x86/perf: CPU does not support precise sampling");
> > 
> > is obviously simple on the kernel side as it returns -EINVAL, and is very simple 
> > on the tooling side as well, if we are allowed to extend prctl().
> > 
> 
> Is this whole thing overkill?  As far as I can see, the problem which is
> being addressed only occurs in a couple of places (perf, wifi netlink
> handling) and could be addressed with some local pr_debug statements.  ie,
> 
> #define err_str(e, s) ({
> 	if (debugging)
> 		pr_debug("%s:%d: error %d (%s)", __FILE__, __LINE__, e, s);
> 	e;
> })
> 
> (And I suppose that if this is later deemed inadequate, err_str() could
> be made more fancy).

Not really. That is something that's limited to root. Whereas the
problem is very much wider than that.

If you set one bit wrong in the pretty large perf_event_attr you've got
a fair chance of getting -EINVAL on trying to create the event. Good
luck finding what you did wrong.

Any user can create events (for their own tasks), this does not require
root.

Allowing users to flip your @debugging flag would be an insta DoS.

Furthermore, its very unfriendly in that you have to (manually) go
correlate random dmesg output with some program action.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ