lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Jan 2020 08:03:53 +0000
From:   Will Deacon <will@...nel.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Jason Baron <jbaron@...mai.com>, linux-kernel@...r.kernel.org,
        kernel-team@...roid.com
Subject: Re: [PATCH] dynamic_debug: allow to work if debugfs is disabled

On Wed, Jan 22, 2020 at 08:43:43AM +0100, Greg Kroah-Hartman wrote:
> With the realization that having debugfs enabled on "production" systems is
> generally not a good idea, debugfs is being disabled from more and more
> platforms over time.  However, the functionality of dynamic debugging still is
> needed at times, and since it relies on debugfs for its user api, having
> debugfs disabled also forces dynamic debug to be disabled.

Why is the dyndbg= command-line option not sufficient for these use-cases?

> To get around this, move the "control" file for dynamic_debug to procfs IFF
> debugfs is disabled.  This lets people turn on debugging as needed at runtime
> for individual driverfs and subsystems.

Hmm. If something called "dynamic_debug" is getting moved out of debugfs,
this does raise the question as to what (if anything) should be left behind.
I worry this is a bit of a slippery slope...

Anywho, comments below.

> Reported-by: many different companies
> Cc: Jason Baron <jbaron@...mai.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> ---
>  .../admin-guide/dynamic-debug-howto.rst         |  3 +++
>  lib/Kconfig.debug                               |  2 +-
>  lib/dynamic_debug.c                             | 17 ++++++++++++++---
>  3 files changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/Documentation/admin-guide/dynamic-debug-howto.rst b/Documentation/admin-guide/dynamic-debug-howto.rst
> index 252e5ef324e5..41f43a373a6a 100644
> --- a/Documentation/admin-guide/dynamic-debug-howto.rst
> +++ b/Documentation/admin-guide/dynamic-debug-howto.rst
> @@ -54,6 +54,9 @@ If you make a mistake with the syntax, the write will fail thus::
>  				<debugfs>/dynamic_debug/control
>    -bash: echo: write error: Invalid argument
>  
> +Note, for systems without 'debugfs' enabled, the control file can be
> +also found in ``/proc/dynamic_debug/control``.
> +
>  Viewing Dynamic Debug Behaviour
>  ===============================
>  
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index 5ffe144c9794..01d4add8b963 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -98,7 +98,7 @@ config DYNAMIC_DEBUG
>  	bool "Enable dynamic printk() support"
>  	default n
>  	depends on PRINTK
> -	depends on DEBUG_FS
> +	depends on (DEBUG_FS || PROC_FS)
>  	help
>  
>  	  Compiles debug level messages into the kernel, which would noti

The help text here also needs updating, since it refers to debugfs.

> diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
> index c60409138e13..077b2d6623ac 100644
> --- a/lib/dynamic_debug.c
> +++ b/lib/dynamic_debug.c
> @@ -993,13 +993,24 @@ static __initdata int ddebug_init_success;
>  
>  static int __init dynamic_debug_init_debugfs(void)
>  {
> -	struct dentry *dir;
> +	struct dentry *debugfs_dir;
> +	struct proc_dir_entry *procfs_dir;
>  
>  	if (!ddebug_init_success)
>  		return -ENODEV;
>  
> -	dir = debugfs_create_dir("dynamic_debug", NULL);
> -	debugfs_create_file("control", 0644, dir, NULL, &ddebug_proc_fops);
> +	/* Create the control file in debugfs if it is enabled */
> +	if (debugfs_initialized) {
> +		debugfs_dir = debugfs_create_dir("dynamic_debug", NULL);
> +		debugfs_create_file("control", 0644, debugfs_dir, NULL,
> +				    &ddebug_proc_fops);
> +		return 0;
> +	}
> +
> +	/* No debugfs so put it in procfs instead */
> +	procfs_dir = proc_mkdir("dynamic_debug", NULL);
> +	if (procfs_dir)
> +		proc_create("control", 0x644, procfs_dir, &ddebug_proc_fops);

Shouldn't this be octal rather than hex? Even then, I don't understand what
use it is being able to read but not write to this file. Perhaps make it
0600 for /proc ?

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ