lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Jan 2020 09:12:05 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Will Deacon <will@...nel.org>
Cc:     Jason Baron <jbaron@...mai.com>, linux-kernel@...r.kernel.org,
        kernel-team@...roid.com
Subject: Re: [PATCH] dynamic_debug: allow to work if debugfs is disabled

On Wed, Jan 22, 2020 at 08:03:53AM +0000, Will Deacon wrote:
> On Wed, Jan 22, 2020 at 08:43:43AM +0100, Greg Kroah-Hartman wrote:
> > With the realization that having debugfs enabled on "production" systems is
> > generally not a good idea, debugfs is being disabled from more and more
> > platforms over time.  However, the functionality of dynamic debugging still is
> > needed at times, and since it relies on debugfs for its user api, having
> > debugfs disabled also forces dynamic debug to be disabled.
> 
> Why is the dyndbg= command-line option not sufficient for these use-cases?

They want to enable things after booting, and changing the kernel
command line is not something you can do on many systems (i.e.
locked-down-bootloaders like embedded systems).

Also, the whole option is prevented to be booted if debugfs is not
enabled, so the command line wouldn't even work in that situation :)

> > To get around this, move the "control" file for dynamic_debug to procfs IFF
> > debugfs is disabled.  This lets people turn on debugging as needed at runtime
> > for individual driverfs and subsystems.
> 
> Hmm. If something called "dynamic_debug" is getting moved out of debugfs,
> this does raise the question as to what (if anything) should be left behind.
> I worry this is a bit of a slippery slope...

I totally agree, but dynamic_debug is independant of debugfs with the
exception of the control file itself.

> > Reported-by: many different companies
> > Cc: Jason Baron <jbaron@...mai.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > ---
> >  .../admin-guide/dynamic-debug-howto.rst         |  3 +++
> >  lib/Kconfig.debug                               |  2 +-
> >  lib/dynamic_debug.c                             | 17 ++++++++++++++---
> >  3 files changed, 18 insertions(+), 4 deletions(-)
> > 
> > diff --git a/Documentation/admin-guide/dynamic-debug-howto.rst b/Documentation/admin-guide/dynamic-debug-howto.rst
> > index 252e5ef324e5..41f43a373a6a 100644
> > --- a/Documentation/admin-guide/dynamic-debug-howto.rst
> > +++ b/Documentation/admin-guide/dynamic-debug-howto.rst
> > @@ -54,6 +54,9 @@ If you make a mistake with the syntax, the write will fail thus::
> >  				<debugfs>/dynamic_debug/control
> >    -bash: echo: write error: Invalid argument
> >  
> > +Note, for systems without 'debugfs' enabled, the control file can be
> > +also found in ``/proc/dynamic_debug/control``.
> > +
> >  Viewing Dynamic Debug Behaviour
> >  ===============================
> >  
> > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> > index 5ffe144c9794..01d4add8b963 100644
> > --- a/lib/Kconfig.debug
> > +++ b/lib/Kconfig.debug
> > @@ -98,7 +98,7 @@ config DYNAMIC_DEBUG
> >  	bool "Enable dynamic printk() support"
> >  	default n
> >  	depends on PRINTK
> > -	depends on DEBUG_FS
> > +	depends on (DEBUG_FS || PROC_FS)
> >  	help
> >  
> >  	  Compiles debug level messages into the kernel, which would noti
> 
> The help text here also needs updating, since it refers to debugfs.

Oops, missed that, thanks!

> > diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
> > index c60409138e13..077b2d6623ac 100644
> > --- a/lib/dynamic_debug.c
> > +++ b/lib/dynamic_debug.c
> > @@ -993,13 +993,24 @@ static __initdata int ddebug_init_success;
> >  
> >  static int __init dynamic_debug_init_debugfs(void)
> >  {
> > -	struct dentry *dir;
> > +	struct dentry *debugfs_dir;
> > +	struct proc_dir_entry *procfs_dir;
> >  
> >  	if (!ddebug_init_success)
> >  		return -ENODEV;
> >  
> > -	dir = debugfs_create_dir("dynamic_debug", NULL);
> > -	debugfs_create_file("control", 0644, dir, NULL, &ddebug_proc_fops);
> > +	/* Create the control file in debugfs if it is enabled */
> > +	if (debugfs_initialized) {
> > +		debugfs_dir = debugfs_create_dir("dynamic_debug", NULL);
> > +		debugfs_create_file("control", 0644, debugfs_dir, NULL,
> > +				    &ddebug_proc_fops);
> > +		return 0;
> > +	}
> > +
> > +	/* No debugfs so put it in procfs instead */
> > +	procfs_dir = proc_mkdir("dynamic_debug", NULL);
> > +	if (procfs_dir)
> > +		proc_create("control", 0x644, procfs_dir, &ddebug_proc_fops);
> 
> Shouldn't this be octal rather than hex? Even then, I don't understand what
> use it is being able to read but not write to this file. Perhaps make it
> 0600 for /proc ?

Argh, my fault, fingers are used to typing hex.

You can read from the file to see what the current settings are, I was
just trying to mirror the debugfs permissions.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ