From: "Rémi Denis-Courmont" <remi@remlab.net>
To: Atish Patra <atishp@atishpatra.org>, linux-riscv@lists.infradead.org
Cc: linux-kernel@vger.kernel.org,
Aurelien Jarno <aurelien@aurel32.net>,
Mathieu Malaterre <malat@debian.org>,
Jan Newger <jannewger@google.com>
Subject: Re: [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters
Date: Tue, 18 Jul 2023 20:06:36 +0300 [thread overview]
Message-ID: <4761144.fSbbhVQpq0@basile.remlab.net> (raw)
In-Reply-To: <CAOnJCU+ee=FXWp7mz_Tn07TbRBb3eXLFBqyRBAJbhQTO-Jxvrw@mail.gmail.com>
Hi,
Le tiistaina 18. heinäkuuta 2023, 2.22.54 EEST Atish Patra a écrit :
> > AFAIK, if the default settings breaks user space, the patchset is
> > considered to break user space. That being the case, either this case is
> > deemed special enough that breaking user space is OK, or it is not.
> This case is a special case as the usage was incorrect in the first
> place.
I agree that it's not only insecure but also incorrect. However it mostly
works. In fact I don't disagree with the change as such, but I think that the
commit messages are misleading and confusing. For a start, in one place it
says that it is not breaking user space and in another it says basically the
opposite.
(Unfortunately, not everybody agrees with the change. I can't seem to get
FFmpeg's checkasm tool fixed:
http://ffmpeg.org/pipermail/ffmpeg-devel/2023-July/312245.html )
Also this is not the first time somebody argues that an API should be removed
because it's broken. That's not special.
> Any application that genuinely requires rdcycle can always get
> it now via the perf interface.
Sure. But the question is whether it breaks user space and if so, whether
that's acceptable. Existing apps that call RDCYCLE will now fail, presumbly
receive SIGILL(?).
> If the insecure and incorrect behavior is allowed, we suspect the user
> space behavior will never be fixed as it is hard to put a future flag
> date in these cases.
For better or worse, I can only agree there. But then adding an option to
preserve the broken behaviour is begging for people to (ab)use it, and indeed
never fix the problem, and never be able to remove the option.
> > If it is not OK, then the only way out that I can think of, consists of
> > trapping and emulating the counters, returning the same sanitised values
> > that Linux perf would return. Then you can add a kernel config option to
> > disable that trap-and-emulation code in the future.
> What do you mean by "sanitised" value ?
I mean whatever avoids creating a security issue. Presumably report the number
of cycles spent in the calling thread and in user mode since the first time
that the process called RDCYCLE?
Maybe it's not reasonable for complexity or performance reasons, but then IMO,
it deserves a little bit better explaining in the commit message.
--
雷米‧德尼-库尔蒙
http://www.remlab.net/
next prev parent reply other threads:[~2023-07-18 17:25 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-03 12:46 [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters Alexandre Ghiti
2023-07-03 12:46 ` [PATCH v4 01/10] perf: Fix wrong comment about default event_idx Alexandre Ghiti
2023-07-03 12:46 ` [PATCH v4 02/10] include: riscv: Fix wrong include guard in riscv_pmu.h Alexandre Ghiti
2023-07-03 12:46 ` [PATCH v4 03/10] riscv: Make legacy counter enum match the HW numbering Alexandre Ghiti
2023-07-14 8:01 ` Atish Patra
2023-07-03 12:46 ` [PATCH v4 04/10] drivers: perf: Rename riscv pmu sbi driver Alexandre Ghiti
2023-07-14 8:01 ` Atish Patra
2023-07-03 12:46 ` [PATCH v4 05/10] riscv: Prepare for user-space perf event mmap support Alexandre Ghiti
2023-07-14 8:03 ` Atish Patra
2023-07-03 12:46 ` [PATCH v4 06/10] drivers: perf: Implement perf event mmap support in the legacy backend Alexandre Ghiti
2023-07-14 8:03 ` Atish Patra
2023-07-03 12:46 ` [PATCH v4 07/10] drivers: perf: Implement perf event mmap support in the SBI backend Alexandre Ghiti
2023-07-14 8:46 ` Atish Patra
2023-07-20 8:36 ` Alexandre Ghiti
2023-07-03 12:46 ` [PATCH v4 08/10] Documentation: admin-guide: Add riscv sysctl_perf_user_access Alexandre Ghiti
2023-07-03 13:03 ` Andrew Jones
2023-07-04 12:28 ` Vince Weaver
2023-07-14 8:50 ` Atish Patra
2023-07-03 12:46 ` [PATCH v4 09/10] tools: lib: perf: Implement riscv mmap support Alexandre Ghiti
2023-07-14 9:29 ` Atish Patra
2023-07-03 12:46 ` [PATCH v4 10/10] perf: tests: Adapt mmap-basic.c for riscv Alexandre Ghiti
2023-07-14 9:29 ` Atish Patra
2023-07-14 9:07 ` [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters Atish Patra
2023-07-17 13:35 ` Rémi Denis-Courmont
2023-07-17 23:22 ` Atish Patra
2023-07-18 17:06 ` Rémi Denis-Courmont [this message]
2023-07-18 18:45 ` Atish Patra
2023-07-18 19:04 ` Rémi Denis-Courmont
2023-07-18 22:48 ` Atish Patra
2023-07-19 14:45 ` Rémi Denis-Courmont
2023-07-19 17:14 ` Atish Patra
2023-07-20 9:13 ` Alexandre Ghiti
-- strict thread matches above, loose matches on Subject: below --
2023-07-27 14:14 Alexandre Ghiti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4761144.fSbbhVQpq0@basile.remlab.net \
--to=remi@remlab.net \
--cc=atishp@atishpatra.org \
--cc=aurelien@aurel32.net \
--cc=jannewger@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=malat@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox