lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260211104244.193953be@fedora>
Date: Wed, 11 Feb 2026 10:42:44 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org
Subject: Re: [PATCH v6 2/4] tracing: Make the backup instance non-reusable

On Tue, 10 Feb 2026 14:14:15 +0900
Masami Hiramatsu (Google) <mhiramat@...nel.org> wrote:

> Hmm, OK. Now I found how sysfs handles it.
> 
> 	/*
> 	 * For regular files, if the opener has CAP_DAC_OVERRIDE, open(2)
> 	 * succeeds regardless of the RW permissions.  sysfs had an extra
> 	 * layer of enforcement where open(2) fails with -EACCES regardless
> 	 * of CAP_DAC_OVERRIDE if the permission doesn't have the
> 	 * respective read or write access at all (none of S_IRUGO or
> 	 * S_IWUGO) or the respective operation isn't implemented.  The
> 	 * following flag enables that behavior.
> 	 */
> 	KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK	= 0x0002,
> 
> So for the similar reason, I will make tracefs to check the permission
> even if CAP_DAC_OVERRIDE is set. (But this check should be done in general,
> instead of each open() operation)
> 

I don't believe this is the same. This is about an instance being truly
read only. The instance is special, not the files. Note, permissions can
be changed by root too. After applying your patches, I did the following:

~# cd /sys/kernel/tracing/instances/backup/
~# ls -l current_tracer
-r--r----- 1 root root 0 Feb 11 10:29 current_tracer

~# cat current_tracer 
nop

~# cat trace
# tracer: nop
#
# entries-in-buffer/entries-written: 0/0   #P:8
#
#                                _-----=> irqs-off/BH-disabled
#                               / _----=> need-resched
#                              | / _---=> hardirq/softirq
#                              || / _--=> preempt-depth
#                              ||| / _-=> migrate-disable
#                              |||| /     delay
#           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
#              | |         |   |||||     |         |

~# chmod 664 current_tracer
~# ls -l current_tracer
-rw-rw-r-- 1 root root 0 Feb 11 10:29 current_tracer

~# echo function > current_tracer
~# cat current_tracer 
function

~# cat trace
# tracer: function
#
# entries-in-buffer/entries-written: 1750306/2076556   #P:8
#
#                                _-----=> irqs-off/BH-disabled
#                               / _----=> need-resched
#                              | / _---=> hardirq/softirq
#                              || / _--=> preempt-depth
#                              ||| / _-=> migrate-disable
#                              |||| /     delay
#           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
#              | |         |   |||||     |         |
            bash-1056    [001] .....   231.448852: mutex_unlock <-tracing_set_tracer
          <idle>-0       [002] ...1.   231.448853: arch_cpu_idle_exit <-do_idle
##### CPU 7 buffer started ####
          <idle>-0       [007] ...1.   231.448853: arch_cpu_idle_exit <-do_idle
            bash-1056    [001] .....   231.448854: __mutex_unlock_slowpath <-tracing_set_tracer
          <idle>-0       [002] d..1.   231.448855: arch_cpu_idle_enter <-do_idle
          <idle>-0       [007] d..1.   231.448855: arch_cpu_idle_enter <-do_idle
          <idle>-0       [007] d..1.   231.448855: tsc_verify_tsc_adjust <-arch_cpu_idle_enter
          <idle>-0       [002] d..1.   231.448855: tsc_verify_tsc_adjust <-arch_cpu_idle_enter
            bash-1056    [001] d....   231.448856: fpregs_assert_state_consistent <-arch_exit_to_user_mode_prepare
          <idle>-0       [007] d..1.   231.448856: local_touch_nmi <-do_idle
          <idle>-0       [002] d..1.   231.448856: local_touch_nmi <-do_idle
            bash-1056    [001] d....   231.448856: switch_fpu_return <-arch_exit_to_user_mode_prepare
          <idle>-0       [007] d..1.   231.448856: rcu_nocb_flush_deferred_wakeup <-do_idle
          <idle>-0       [002] d..1.   231.448856: rcu_nocb_flush_deferred_wakeup <-do_idle
          <idle>-0       [007] d..1.   231.448857: cpuidle_get_cpu_driver <-do_idle
          <idle>-0       [002] d..1.   231.448857: cpuidle_get_cpu_driver <-do_idle
          <idle>-0       [007] d..1.   231.448857: cpuidle_not_available <-do_idle
[..]

Not too read only!

I change permissions all the time for tracefs files, so I don't want
that changed.

This is not the same as sysfs. Let's keep it simple. Have all the open
callers that can do writes return error -EACCES if a file allows writes
and is open for write, but is part of the read only instance.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ