lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241214235320.0b01d809@gandalf.local.home>
Date: Sat, 14 Dec 2024 23:53:20 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Masami Hiramatsu
 <mhiramat@...nel.org>, Mark Rutland <mark.rutland@....com>, Mathieu
 Desnoyers <mathieu.desnoyers@...icios.com>, Al Viro
 <viro@...iv.linux.org.uk>, Michal Simek <monstr@...str.eu>
Subject: Re: [GIT PULL] ftrace: Fixes for v6.13

On Sat, 14 Dec 2024 20:37:01 -0800
Linus Torvalds <torvalds@...ux-foundation.org> wrote:

> On Sat, 14 Dec 2024 at 20:23, Steven Rostedt <rostedt@...dmis.org> wrote:
> >
> > We are using this for ChromeOS in ChromeBooks where we have to have
> > KASLR on. And yes, I've documented that it has to be the same kernel to
> > work and will not work for modules. That has been accepted by the
> > users.  
> 
> "Accepted by users" is not an argument for sh*t code quality.

That's just for the mapped code. I can easily add logic to make it fail if
the kernel signature does not match, and the deltas will be zero and the
buffer is cleared, and it will not affect anything here. I was planning on
adding that anyway.

I can also make it ignore pointers to modules.

The use case is for always on tracing and when a crash happens, you can
retrieve the events that lead up to a crash.

The text_delta was only added to this because it was causing this logic to
trigger WARN_ON()s when it tried to read the origin address of the static
strings.

> 
> This smells of all the horrors you had in tracefs. Bad, unmaintainable
> code, that caused endless "fix up bugs because the code was doing bad
> things".
> 
> Now you're doing the same thing here. Bad, unmaintainable code that
> basically misuses the vsprintf code instead of misusing the VFS code.
> 
> I can rip it out if you refuse to do so. In the kernel we don't put in
> random hacks like this that "users are ok with". Code needs to make
> sense and be maintainable, not be a pile of garbage hackery that then
> results in even more hackery because the first hackery was broken and
> caused problems.

But main code of trace_check_vprintk() that you appear to be objecting to
is the hacking into vsnprintf() that was added back in 2021 to handle the
RCU and other events that point to their strings. I'm not sure how we can
check that before hand because we don't see the pointers until the event is
being printed.

Sure, we can harden the "%s" to just print "(fault)" or something, but then
we don't know about it until it happens, and then we will likely get trace
events that have string pointers to fields that may be freed in the future
popping up in the ring buffer again. Testing will not uncover this because
the strings will exist when the developer tests the events. But when a user
sends a report back to someone and the trace has a bunch of "(fault)"s in
it where strings should be, I'm the one that's going to be told that
tracing is broken.


-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ