Re: Hardening debugfs (Was Re: [PATCH] debugfs: more tightly restrict default mount mode)

[Rob Landley <rob@landley.net>]

On 08/28/2012 11:09 PM, Greg Kroah-Hartman wrote:
> On Tue, Aug 28, 2012 at 05:55:45PM -0500, Rob Landley wrote:
>> I've always been a bit confused by the debugfs design, which seems a
>> giant compost heap like /proc where we find a specific styrofoam cup
>> useful and the temporary thing becomes permanent. (Why is there _one_
>> debugfs?)
> 
> The rules for debugfs are very simple:
> 	There are no rules.
> 
> That's it.  It's up to the kernel developer to do what they need to do,
> for debugging stuff, how ever they best see fit.

Emergent de-facto standards with no review or versioning or anything,
check. It's the "every driver in the system shares a common resource
with no arbitration or guidelines" thing that I have trouble with.

Is it possible to have multiple instances of this filesystem? If so, can
they have -o "modulename,modulename,modulename..." so that only certain
modules' files get put in this instance?

I understand that /sys/module/$BLAH has rules and we can't have that,
but having a giant slush pile and asserting it won't become a new /proc
because reasons makes me nervous.

For example, ftrace is already built on top of debugfs. If debugfs has
no rules, but ftrace does, can another module put stuff in "tracing"? If
a stable API isn't important, will we start bundling whatever userspace
tools ftrace needs in with the kernel, along with udev/systemd? Or is
the position that ftrace will never have non-debugging uses, just like
ptrace?

> Yes, it replaces proc for all of the debugging stuff that shouldn't have
> been there before, how it's structured, is up to the developer adding
> the code.

For a definition of "replaces" that does not actually remove any of the
existing entries from /proc. (That garbage can's full, here's a new one?)

The problem with /proc is that lots of things used it for different
purposes with no rules. The goal of debugfs is to provide something that
lots of things use for different purposes, explicitly with no rules.

I'm just wondering why it's a big common hairball instead of separate
per-module filesystems. (Other than "Linux will never have a unionfs
because the perfect is the enemy of the good".)

Eh, it's your thing, not mine. I just don't understand it.

> greg k-h

Rob
-- 
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation.  Pick one.