From: Jacob Pan <jacob.jun.pan-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
To: Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
Cc: Ravi V Shankar
<ravi.v.shankar-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
"Raj, Ashok" <ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Fenghua Yu <fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andy Shevchenko
<andriy.shevchenko-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
Gayatri Kammela
<gayatri.kammela-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH v7 0/5] Add Intel IOMMU debugfs support
Date: Mon, 19 Mar 2018 09:37:14 -0700 [thread overview]
Message-ID: <20180319093714.3afe698b@jacob-builder> (raw)
In-Reply-To: <20180315131854.s6xmltsvsysublcw-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
On Thu, 15 Mar 2018 14:18:54 +0100
Joerg Roedel <joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org> wrote:
> On Thu, Feb 15, 2018 at 08:38:11AM -0800, Jacob Pan wrote:
> > Just wondering if your concern is on the implementation or the
> > debugfs idea in general. Perhaps have some common IOMMU debugfs?
>
> My concern mainly is that we add interfaces which reveal
> potentially security relevant information
I don;t think security is any worse than existing kernel page table in
debugfs. i.e. /sys/kernel/debug/page_tables
This is a debug feature.
> to user-space and that tools
> come up using it so that this also becomes kABI and we can't easily
> change it anymore and this whole stuff turns into a maintence
> nightmare.
>
Agreed, perhaps we can address that by only dumping user readable data
which avoid having a parser tool that relies on stable kABI?
> So that is definitly not something I'd like to see enabled in the
> distros, and its better to avoid it at all and search for better ways
> to debug upcoming issues.
>
We can make it "def_bool n" so only used by advanced customers who can
recompile kernel.
> BPF tracers and tracing in general comes to mind here...
>
my concern is that tracing is suitable for dynamic debugging, but these
context info are mostly static. Perhaps I am missing some tracing
features.
Thanks,
Jacob
>
> Joerg
>
[Jacob Pan]
WARNING: multiple messages have this Message-ID (diff)
From: Jacob Pan <jacob.jun.pan@linux.intel.com>
To: Joerg Roedel <joro@8bytes.org>
Cc: "Raj, Ashok" <ashok.raj@intel.com>,
Sohil Mehta <sohil.mehta@intel.com>,
Alex Williamson <alex.williamson@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
Gayatri Kammela <gayatri.kammela@intel.com>,
Ravi V Shankar <ravi.v.shankar@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Lu Baolu <baolu.lu@linux.intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
jacob.jun.pan@linux.intel.com
Subject: Re: [PATCH v7 0/5] Add Intel IOMMU debugfs support
Date: Mon, 19 Mar 2018 09:37:14 -0700 [thread overview]
Message-ID: <20180319093714.3afe698b@jacob-builder> (raw)
In-Reply-To: <20180315131854.s6xmltsvsysublcw@8bytes.org>
On Thu, 15 Mar 2018 14:18:54 +0100
Joerg Roedel <joro@8bytes.org> wrote:
> On Thu, Feb 15, 2018 at 08:38:11AM -0800, Jacob Pan wrote:
> > Just wondering if your concern is on the implementation or the
> > debugfs idea in general. Perhaps have some common IOMMU debugfs?
>
> My concern mainly is that we add interfaces which reveal
> potentially security relevant information
I don;t think security is any worse than existing kernel page table in
debugfs. i.e. /sys/kernel/debug/page_tables
This is a debug feature.
> to user-space and that tools
> come up using it so that this also becomes kABI and we can't easily
> change it anymore and this whole stuff turns into a maintence
> nightmare.
>
Agreed, perhaps we can address that by only dumping user readable data
which avoid having a parser tool that relies on stable kABI?
> So that is definitly not something I'd like to see enabled in the
> distros, and its better to avoid it at all and search for better ways
> to debug upcoming issues.
>
We can make it "def_bool n" so only used by advanced customers who can
recompile kernel.
> BPF tracers and tracing in general comes to mind here...
>
my concern is that tracing is suitable for dynamic debugging, but these
context info are mostly static. Perhaps I am missing some tracing
features.
Thanks,
Jacob
>
> Joerg
>
[Jacob Pan]
next prev parent reply other threads:[~2018-03-19 16:37 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-03 0:49 [PATCH v7 0/5] Add Intel IOMMU debugfs support Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
[not found] ` <1517619001-148586-1-git-send-email-sohil.mehta-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2018-02-03 0:49 ` [PATCH v7 1/5] iommu/vt-d: Relocate struct/function declarations to its header files Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
2018-02-03 0:49 ` [PATCH v7 2/5] iommu/vt-d: Enable debugfs support to show context internals Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
2018-02-03 0:49 ` [PATCH v7 3/5] iommu/vt-d: Add debugfs support to show register contents Sohil Mehta
2018-02-03 0:49 ` Sohil Mehta
2018-02-03 0:50 ` [PATCH v7 4/5] iommu/vt-d: Add debugfs support to show Pasid table contents Sohil Mehta
2018-02-03 0:50 ` Sohil Mehta
2018-02-03 0:50 ` [PATCH v7 5/5] iommu/vt-d: Add debugfs support for Interrupt remapping Sohil Mehta
2018-02-03 0:50 ` Sohil Mehta
2018-02-04 14:13 ` [PATCH v7 0/5] Add Intel IOMMU debugfs support Andy Shevchenko
2018-02-04 14:13 ` Andy Shevchenko
2018-02-13 14:03 ` Joerg Roedel
2018-02-13 14:03 ` Joerg Roedel
2018-02-13 21:40 ` Raj, Ashok
2018-02-13 22:53 ` Jacob Pan
2018-02-13 22:53 ` Jacob Pan
2018-02-15 9:53 ` Joerg Roedel
2018-02-15 9:53 ` Joerg Roedel
[not found] ` <20180215095337.fccoozdclfnbepi4-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2018-02-15 16:38 ` Jacob Pan
2018-02-15 16:38 ` Jacob Pan
2018-03-15 13:18 ` Joerg Roedel
[not found] ` <20180315131854.s6xmltsvsysublcw-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2018-03-19 16:37 ` Jacob Pan [this message]
2018-03-19 16:37 ` Jacob Pan
2018-03-29 8:48 ` Joerg Roedel
2018-03-29 8:48 ` Joerg Roedel
[not found] ` <20180329084824.fvy7cg2wban4by4n-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2018-03-29 15:52 ` Gary R Hook
2018-03-29 15:52 ` Gary R Hook
2018-03-29 16:05 ` Jacob Pan
2018-03-29 16:05 ` Jacob Pan
2018-02-18 22:15 ` Yves-Alexis Perez
2018-02-18 22:15 ` Yves-Alexis Perez
[not found] ` <1518992132.2542.5.camel-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org>
2018-02-20 22:25 ` Jacob Pan
2018-02-20 22:25 ` Jacob Pan
2018-02-22 7:48 ` Yves-Alexis Perez
2018-02-22 7:48 ` Yves-Alexis Perez
[not found] ` <1519285717.2388.11.camel-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org>
2018-02-22 17:09 ` Jacob Pan
2018-02-22 17:09 ` Jacob Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180319093714.3afe698b@jacob-builder \
--to=jacob.jun.pan-vuqaysv1563yd54fqh9/ca@public.gmane.org \
--cc=andriy.shevchenko-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=gayatri.kammela-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=ravi.v.shankar-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.