lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87r1y382nj.fsf@nanos.tec.linutronix.de>
Date:   Sun, 08 Mar 2020 13:14:08 +0100
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Joe Jin <joe.jin@...cle.com>, Marc Zyngier <maz@...nel.org>
Cc:     linux-kernel@...r.kernel.org, Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] genirq/debugfs: add new config option for trigger interrupt from userspace

Joe,

Joe Jin <joe.jin@...cle.com> writes:
> On 2/28/20 11:54 AM, Marc Zyngier wrote:
>> On 2020-02-28 19:13, Joe Jin wrote:
>>>> On 2020-02-28 05:42, Joe Jin wrote:
>>>>> commit 536e2e34bd00 ("genirq/debugfs: Triggering of interrupts from
>>>>> userspace") is allowed developer inject interrupts via irq debugfs, which
>>>>> is very useful during development phase, but on a production system, this
>>>>> is very dangerous, add new config option, developers can enable it as
>>>>> needed instead of enabling it by default when irq debugfs is enabled.
>>>>
>>>> I don't really mind the patch (although it could be more elegant), but in
>>>> general I object to most debugfs options being set on a production kernel.
>>>> There is way too much information in most debugfs backends to be comfortable
>>>> with it, and you can find things like page table dumps, for example...
>>>
>>> We should not enable any debug option on production system, actual customer
>>> want to resize their BM or VM, cpu offline may lead system not works properly,
>>> and if we knew more details of IRQ info it will be very help to identify
>>> if it caused by IRQ/vectors, this is the motivation of we want to enable it
>>> on production kernel.
>> 
>> If something doesn't work properly, then you are still debugging, AFAICT.
>
> Yes you're right, there are various reasons to led the problem such like
> bad mapping, interrupts lost, vectors used up .... irq debugfs is help to
> identify which part caused the problem, and it help to save troubleshooting
> time :-)

Just picking out individual interfaces is going to create a whack a mole
game and a boat load of config options to disable these. That's really
not the way to go.

The right thing to do is to have ONE config switch which disables all
write interfaces at once by refusing the write right in the debugfs
entry point. 

Of course there might be a few debugfs files which need write access
even in that case, but that's easy enough to fix by marking them as
explicitely allowed.

Thanks,

        tglx


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ