From: Rusty Russell <rusty@rustcorp.com.au>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@elte.hu>,
Frederic Weisbecker <fweisbec@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk()
Date: Fri, 22 Oct 2010 15:04:51 +1030 [thread overview]
Message-ID: <201010221504.51535.rusty@rustcorp.com.au> (raw)
In-Reply-To: <1287719918.16971.615.camel@gandalf.stny.rr.com>
On Fri, 22 Oct 2010 02:28:38 pm Steven Rostedt wrote:
> On Fri, 2010-10-22 at 14:13 +1030, Rusty Russell wrote:
>
> > > >
> > > > I think disabling use in modules is lazy,
> > >
> > > and safer.
> >
> > Well then just delete trace_bprintk altogether. Even safer!
>
> Reminds me of the argument against lowering the speed limit to 55. "it's
> safer"... "Then lower it to zero, even safer!"
>
>
> >
> > > > Can't you detect this on module unload and fix it up? Or delay freeing the
> > > > module until the trace ring is emptied?
> > >
> > > One possibility is to magically make all string formats used in
> > > trace_printk into its own section, and keep it allocated until the ring
> > > buffer is empty. Or, we can just do that with the module's entire string
> > > section, since we know whether or not that module has a trace_printk in
> > > it or not.
> >
> > Exactly. Set a flag in the module if it resolves trace_printk, and defer freeing
> > the module in that case. This shouldn't be that hard...
>
> Here's my worry.
>
> 1) Some module with tracepoints is loaded at boot up.
> 2) The user does tracing and forgets about it (ring buffer filled)
> 3) Unloads module (don't free)
> 4) loads module with trace points
> 5) unloads module (don't free)
> etc, etc
>
> memory leak.
Sure. Then mark the rb count or something in the module at init time,
then compare before deciding too dangerous to free.
> Thus this is not that trivial. We probably need to have a way to lock a
> module when its tracepoint is activated, and only unlock it when the
> ring buffer is emptied.
How about the intuitive and completely obvious thing? When a tp activated,
use the module. When deactivated, unuse it?
> Do we want to prevent the module from being unloaded while the ring
> buffer is full (after that module has been traced?), or do we let the
> module be unloaded, but just prevent this one section from being freed?
I was thinking the latter, basically defer the module_free() call.
Cheers,
Rusty.
next prev parent reply other threads:[~2010-10-22 4:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-21 13:45 [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk() Steven Rostedt
2010-10-21 21:35 ` Rusty Russell
2010-10-21 22:34 ` Steven Rostedt
2010-10-22 3:43 ` Rusty Russell
2010-10-22 3:58 ` Steven Rostedt
2010-10-22 4:34 ` Rusty Russell [this message]
2010-10-22 5:30 ` Li Zefan
2010-10-22 13:49 ` Steven Rostedt
2010-10-25 1:32 ` Li Zefan
2010-10-22 8:05 ` Ingo Molnar
2010-10-22 13:50 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201010221504.51535.rusty@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox