| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Aug 2020 19:49:59 -0700
From: Joe Perches <joe@...ches.com>
To: Nicolas Boichat <drinkcat@...omium.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Sakari Ailus <sakari.ailus@...ux.intel.com>,
devel@...verdev.osuosl.org, lkml <linux-kernel@...r.kernel.org>,
Linux Media Mailing List <linux-media@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Douglas Anderson <dianders@...omium.org>,
Guenter Roeck <groeck@...omium.org>
Subject: Re: [PATCH v4 3/3] media: atomisp: Only use trace_printk if allowed
On Fri, 2020-08-21 at 10:42 +0800, Nicolas Boichat wrote:
> On Fri, Aug 21, 2020 at 10:36 AM Joe Perches <joe@...ches.com> wrote:
> > On Thu, 2020-08-20 at 21:57 -0400, Steven Rostedt wrote:
> > > On Fri, 21 Aug 2020 09:39:19 +0800
> > > Nicolas Boichat <drinkcat@...omium.org> wrote:
> > []
> > > > Some other approaches/ideas:
> > > > 1. Filter all lkml messages that contain trace_printk. Already found
> > > > 1 instance, and I can easily reply to those with a semi-canned answer,
> > > > if I remember to check that filter regularly (not sustainable in the
> > > > long run...).
> > >
> > > Added Joe Perches to the thread.
> > >
> > > We can update checkpatch.pl to complain about a trace_printk() that it
> > > finds in the added code.
> >
> > Why?
> >
> > I don't see much value in a trace_printk checkpatch warning.
> > tracing is still dependent on CONFIG_TRACING otherwise
> > trace_printk is an if (0)
> >
> > ELI5 please.
>
> This is my "new" canned answer to this:
>
> Please do not use trace_printk in production code [1,2], it is only
> meant for debug use. Consider using trace events, or dev_dbg.
> [1] https://elixir.bootlin.com/linux/v5.8/source/kernel/trace/trace.c#L3158
> [2] https://elixir.bootlin.com/linux/v5.8/source/include/linux/kernel.h#L766
>
> I also had arguments in patch 2/3 notes:
>
> There's at least 3 reasons that I can come up with:
> 1. trace_printk introduces some overhead. [some users, e.g.
> Android/Chrome OS, want CONFIG_TRACING but _not_ that extra overhead]
> 2. If the kernel keeps adding always-enabled trace_printk, it will be
> much harder for developers to make use of trace_printk for debugging.
> 3. People may assume that trace_printk is for debugging only, and may
> accidentally output sensitive data (theoretical at this stage).
Perhaps make trace_printk dependent on #define DEBUG?
Something like:
---
include/linux/kernel.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 500def620d8f..6ca8f958df73 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -717,6 +717,7 @@ do { \
* let gcc optimize the rest.
*/
+#ifdef DEBUG
#define trace_printk(fmt, ...) \
do { \
char _______STR[] = __stringify((__VA_ARGS__)); \
@@ -725,6 +726,12 @@ do { \
else \
trace_puts(fmt); \
} while (0)
+#else
+#define trace_printk(fmt, ...) \
+do { \
+ __trace_printk_check_format(fmt, ##args); \
+} while (0)
+#endif
#define do_trace_printk(fmt, args...) \
do { \
Powered by blists - more mailing lists