[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87r1y382nj.fsf@nanos.tec.linutronix.de>
Date: Sun, 08 Mar 2020 13:14:08 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: Joe Jin <joe.jin@...cle.com>, Marc Zyngier <maz@...nel.org>
Cc: linux-kernel@...r.kernel.org, Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] genirq/debugfs: add new config option for trigger interrupt from userspace
Joe,
Joe Jin <joe.jin@...cle.com> writes:
> On 2/28/20 11:54 AM, Marc Zyngier wrote:
>> On 2020-02-28 19:13, Joe Jin wrote:
>>>> On 2020-02-28 05:42, Joe Jin wrote:
>>>>> commit 536e2e34bd00 ("genirq/debugfs: Triggering of interrupts from
>>>>> userspace") is allowed developer inject interrupts via irq debugfs, which
>>>>> is very useful during development phase, but on a production system, this
>>>>> is very dangerous, add new config option, developers can enable it as
>>>>> needed instead of enabling it by default when irq debugfs is enabled.
>>>>
>>>> I don't really mind the patch (although it could be more elegant), but in
>>>> general I object to most debugfs options being set on a production kernel.
>>>> There is way too much information in most debugfs backends to be comfortable
>>>> with it, and you can find things like page table dumps, for example...
>>>
>>> We should not enable any debug option on production system, actual customer
>>> want to resize their BM or VM, cpu offline may lead system not works properly,
>>> and if we knew more details of IRQ info it will be very help to identify
>>> if it caused by IRQ/vectors, this is the motivation of we want to enable it
>>> on production kernel.
>>
>> If something doesn't work properly, then you are still debugging, AFAICT.
>
> Yes you're right, there are various reasons to led the problem such like
> bad mapping, interrupts lost, vectors used up .... irq debugfs is help to
> identify which part caused the problem, and it help to save troubleshooting
> time :-)
Just picking out individual interfaces is going to create a whack a mole
game and a boat load of config options to disable these. That's really
not the way to go.
The right thing to do is to have ONE config switch which disables all
write interfaces at once by refusing the write right in the debugfs
entry point.
Of course there might be a few debugfs files which need write access
even in that case, but that's easy enough to fix by marking them as
explicitely allowed.
Thanks,
tglx
Powered by blists - more mailing lists