lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Aug 2020 10:42:14 +0800
From:   Nicolas Boichat <drinkcat@...omium.org>
To:     Joe Perches <joe@...ches.com>
Cc:     Steven Rostedt <rostedt@...dmis.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        devel@...verdev.osuosl.org, lkml <linux-kernel@...r.kernel.org>,
        Linux Media Mailing List <linux-media@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Douglas Anderson <dianders@...omium.org>,
        Guenter Roeck <groeck@...omium.org>
Subject: Re: [PATCH v4 3/3] media: atomisp: Only use trace_printk if allowed

On Fri, Aug 21, 2020 at 10:36 AM Joe Perches <joe@...ches.com> wrote:
>
> On Thu, 2020-08-20 at 21:57 -0400, Steven Rostedt wrote:
> > On Fri, 21 Aug 2020 09:39:19 +0800
> > Nicolas Boichat <drinkcat@...omium.org> wrote:
> []
> > > Some other approaches/ideas:
> > >  1. Filter all lkml messages that contain trace_printk. Already found
> > > 1 instance, and I can easily reply to those with a semi-canned answer,
> > > if I remember to check that filter regularly (not sustainable in the
> > > long run...).
> >
> > Added Joe Perches to the thread.
> >
> > We can update checkpatch.pl to complain about a trace_printk() that it
> > finds in the added code.
>
> Why?
>
> I don't see much value in a trace_printk checkpatch warning.
> tracing is still dependent on CONFIG_TRACING otherwise
> trace_printk is an if (0)
>
> ELI5 please.

This is my "new" canned answer to this:

Please do not use trace_printk in production code [1,2], it is only
meant for debug use. Consider using trace events, or dev_dbg.
[1] https://elixir.bootlin.com/linux/v5.8/source/kernel/trace/trace.c#L3158
[2] https://elixir.bootlin.com/linux/v5.8/source/include/linux/kernel.h#L766

I also had arguments in patch 2/3 notes:

There's at least 3 reasons that I can come up with:
 1. trace_printk introduces some overhead. [some users, e.g.
Android/Chrome OS, want CONFIG_TRACING but _not_ that extra overhead]
 2. If the kernel keeps adding always-enabled trace_printk, it will be
much harder for developers to make use of trace_printk for debugging.
 3. People may assume that trace_printk is for debugging only, and may
accidentally output sensitive data (theoretical at this stage).

(we'll need to summarize that somehow if we want to add to checkpatch.pl)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ