lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <62cb12cb-d3b6-4ad1-b9e6-c49b642eaeb4@efficios.com>
Date: Thu, 28 Nov 2024 09:27:01 -0500
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: Tao Chen <chen.dylane@...il.com>, Steven Rostedt <rostedt@...dmis.org>
Cc: mhiramat@...nel.org, linux-kernel@...r.kernel.org,
 linux-trace-kernel@...r.kernel.org
Subject: Re: [PATCH] tracing: Add WARN_ON_ONCE for syscall_nr check

On 2024-11-28 08:15, Tao Chen wrote:
> 在 2024/11/28 20:46, Steven Rostedt 写道:
>> On Thu, 28 Nov 2024 19:53:19 +0800
>> Tao Chen <chen.dylane@...il.com> wrote:
>>
>>> Now, x86_64 kernel not support to trace syscall for ia32 syscall.
>>> As a result, there is no any trace output when tracing a ia32 task.
>>> Like unreg_event_syscall_enter, add a WARN_ON_ONCE judgment for
>>> syscall_nr in perf_syscall_enter and ftrace_syscall_enter to give
>>> some message.
>>
>> So on a system that has "panic_on_warn" set and they trace a 32 bit
>> system call, it will cause their system to crash. Is that the intended
>> behavior?
>>
>> WARN*() is for self testing the kernel to detect real bugs, not to
>> inform users that something isn't supported.
>>
>> BIG NAK!
>>
>> -- Steve
> 
> Hi, Steve, thank you for your reply, as you say, so what about 
> pr_warn_once api just to print something ?
> 

I understand that explicitly enabling a system call and observing
that ia32 system calls are just not traced by ftrace and perf can
be surprising for end users. But printing a warning on the tracing
path for an unimplemented tracing feature is just wrong.

Also, AFAIU the warning will trigger if an ia32 program issues any
system call when any unrelated system call tracing is enabled,
including non-compat syscalls.

If you want to check something and return an error, it would
be in tracefs where the users interact with files that represent
ia32 system calls to try to list/enable them. However, given the
exposed files have nothing that mention whether they apply to
non-compat or compat system calls, it's understandable that an
end user would think all system calls are traced, including
compat system calls. So I'm not sure how to solve that in ftrace/perf
without actually implementing the missing feature the way the
tracefs ABI is exposed.

If your end goal is to trace ia32 system call, you may want to try the
lttng-modules kernel tracer [1], which has supported compat system call
tracing for the past 12 years (at least since lttng-modules 2.0).

Thanks,

Mathieu

[1] https://lttng.org/

-- 
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ