From: Rusty Russell <rusty@rustcorp.com.au>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@elte.hu>,
Frederic Weisbecker <fweisbec@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk()
Date: Fri, 22 Oct 2010 15:04:51 +1030 [thread overview]
Message-ID: <201010221504.51535.rusty@rustcorp.com.au> (raw)
In-Reply-To: <1287719918.16971.615.camel@gandalf.stny.rr.com>
On Fri, 22 Oct 2010 02:28:38 pm Steven Rostedt wrote:
> On Fri, 2010-10-22 at 14:13 +1030, Rusty Russell wrote:
>
> > > >
> > > > I think disabling use in modules is lazy,
> > >
> > > and safer.
> >
> > Well then just delete trace_bprintk altogether. Even safer!
>
> Reminds me of the argument against lowering the speed limit to 55. "it's
> safer"... "Then lower it to zero, even safer!"
>
>
> >
> > > > Can't you detect this on module unload and fix it up? Or delay freeing the
> > > > module until the trace ring is emptied?
> > >
> > > One possibility is to magically make all string formats used in
> > > trace_printk into its own section, and keep it allocated until the ring
> > > buffer is empty. Or, we can just do that with the module's entire string
> > > section, since we know whether or not that module has a trace_printk in
> > > it or not.
> >
> > Exactly. Set a flag in the module if it resolves trace_printk, and defer freeing
> > the module in that case. This shouldn't be that hard...
>
> Here's my worry.
>
> 1) Some module with tracepoints is loaded at boot up.
> 2) The user does tracing and forgets about it (ring buffer filled)
> 3) Unloads module (don't free)
> 4) loads module with trace points
> 5) unloads module (don't free)
> etc, etc
>
> memory leak.
Sure. Then mark the rb count or something in the module at init time,
then compare before deciding too dangerous to free.
> Thus this is not that trivial. We probably need to have a way to lock a
> module when its tracepoint is activated, and only unlock it when the
> ring buffer is emptied.
How about the intuitive and completely obvious thing? When a tp activated,
use the module. When deactivated, unuse it?
> Do we want to prevent the module from being unloaded while the ring
> buffer is full (after that module has been traced?), or do we let the
> module be unloaded, but just prevent this one section from being freed?
I was thinking the latter, basically defer the module_free() call.
Cheers,
Rusty.
next prev parent reply other threads:[~2010-10-22 4:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-21 13:45 [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk() Steven Rostedt
2010-10-21 21:35 ` Rusty Russell
2010-10-21 22:34 ` Steven Rostedt
2010-10-22 3:43 ` Rusty Russell
2010-10-22 3:58 ` Steven Rostedt
2010-10-22 4:34 ` Rusty Russell [this message]
2010-10-22 5:30 ` Li Zefan
2010-10-22 13:49 ` Steven Rostedt
2010-10-25 1:32 ` Li Zefan
2010-10-22 8:05 ` Ingo Molnar
2010-10-22 13:50 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201010221504.51535.rusty@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.