Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1277244ybp; Fri, 11 Oct 2019 11:39:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqy+xIZveJf2a/6jR9QPpEI0J7ixAizQsj9FjBxnn2o2QuZ/oFjoTr+bVVlSrDI+OrjhDMfa X-Received: by 2002:a17:906:1be1:: with SMTP id t1mr15566311ejg.73.1570819153224; Fri, 11 Oct 2019 11:39:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570819153; cv=none; d=google.com; s=arc-20160816; b=Gkn7JzfwVc18iL18Sqc0i6PRMYxYdBae0NGfI9T1tLdSZWYXRt+PAcnamJd/8m7HZI HY38MFrdVJpL5t0l1Ne4C3vIh944+vKXm/6BtMAyrnyrUfHJZY8DzuDBTrv4ImDFJ8Tk 8uARAh3+UuMTiiHWFesStDpkupDspOZnRoXXZz4ed37yFe4zB9yv41HmD9lM2fK532Ql xYLizBfsIWXX6MwK/2D0KwIaYSGABzphhT7mqt0L6PHHeok2Ka5+HdJFnWc1BVvM1FNM aQv7VqliiD/CnuPFuMLcOYDAp6akW22zaDcW8WSNZN9zr8cgAx33sL18nlBgfXX2039e f1rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=UbF8NaRJMERpstHaLoMiIiIJux2uZltHThdFi8ANObs=; b=oUIXlEvUiosn7vlswOCbFoeCLRgdfUuQswyVDFlchPLK/sNY1i7RbNfVk+rRdMq3Ld PowZAtO0aHcPSC3A3tNqcg/+ZztbB4/uFQCmLc3SLorBhJV2kWpR8KBExfiwUjUcgGjt yUZSy1LsVt9dAv1WERMppN2XB2pmz52sn192PmrF39YvuKKgccY1OwoMl4b7PT96eAzn cW9PSCwISwP5MG3CQ+Hyt16XrjcRLkf0/akQ99KYhhSSbGMIYnvqXfIoGozmJzA14ZKw lKj3Wju5T633RTK2/mF6d5ag990Dd4Q8b49VSubEiedWhVbd49drLWSAasVApd7/3J92 g0Yw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l15si5859888ejz.74.2019.10.11.11.38.49; Fri, 11 Oct 2019 11:39:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728864AbfJKSgO (ORCPT + 99 others); Fri, 11 Oct 2019 14:36:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:45636 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728689AbfJKSgN (ORCPT ); Fri, 11 Oct 2019 14:36:13 -0400 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AED3B206CD; Fri, 11 Oct 2019 18:36:12 +0000 (UTC) Date: Fri, 11 Oct 2019 14:36:10 -0400 From: Steven Rostedt To: Linus Torvalds Cc: LKML , Matthew Garrett , James Morris James Morris , LSM List , Linux API , Ben Hutchings , Al Viro Subject: Re: [PATCH] tracefs: Do not allocate and free proxy_ops for lockdown Message-ID: <20191011143610.21bcd9c0@gandalf.local.home> In-Reply-To: References: <20191011135458.7399da44@gandalf.local.home> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 11 Oct 2019 11:20:30 -0700 Linus Torvalds wrote: > Willing to do that instead? Honestly, what you described was my preferred solution ;-) I just didn't want to upset the lockdown crowd if a new tracefs file was opened without doing this. Once locked down is set, can it ever be undone without rebooting? If not, a lockdown call could also trigger setting tracing_disabled to 1. Which is much stronger, as that was the code we added to kill tracing if anything abnormal was detected (and it does a hard shutdown of all the tracing utilities). It's set to one on bootup and cleared, after tracing is initialized. But it is never cleared again. If lockdown can be enabled at bootup, we could simply not clear it, and we can have something to allow lockdown to set it as well. Currently, the only places tracing_disabled gets set is in the self tests and if the ring buffer gets corrupted. -- Steve