Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp6914030ybc; Thu, 28 Nov 2019 07:35:17 -0800 (PST) X-Google-Smtp-Source: APXvYqyJ2RBsSQBQ+3ZNiFrRJjFJn4x7sr0za317cz85VvhIwQtGpuL503+iCU9352boMCtMAvA9 X-Received: by 2002:a17:906:6a43:: with SMTP id n3mr55218921ejs.31.1574955317537; Thu, 28 Nov 2019 07:35:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574955317; cv=none; d=google.com; s=arc-20160816; b=D69PYmRi+aFdaKVBxVK2Rf3WHvB/V/AM/GUkMEiynJmHaRpYTiqHB5jVhWfLJThbOH 8vHYYECiSWRISpE3cfR6SCinozVXzzZXHDULxJsc4zNTl7xCOC/8nraLxt8oCtX/A2V6 Cs/QnjpC6sszkUomnig6KGT+S/kD5CjnlLbPbzUQpW5yIHb2YI7vyw/j5/INAEVayn6B 6btyhj6SJBmNCgbCK2kLL4QOovPaDm4L/aHHWSNH6ud4L11AWjyx8ZhIcndrcN+Hds5F c643XoK638yui/p2PV9vqcOpIsChiGM7D2PPnA/Yipprvco4ZGO0ol4DGpCxGW0VQFtx i2tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:reply-to:cc :from:to:dkim-signature:date; bh=jrPTZgi0SU4x8PDrknsTeduahbLr99zyjShTd7swWm4=; b=emcXbIfvZjZ+n12v/sE0zn9/UES5cHMQ3AhIPNbarlyHhf0ALxWRjqeSVxwjon5/nU FbVO6JRb3VUmJwhIyCJsjd/XfbajlrjaAzQgOmuzdw1paScNelG51gjozGaMB4Ju32Ka 0yXugmuA195lNNx3I83Ko9mL3iLcct0Cxb+puLhG094Q9lD6Me2viIR2g6SCMSo2kLHn 8r6LoLCgGD5IW94XBeTPuQI7ep634aduMFcOQJhK9i8qZJ7DwZodNkk50muwSwpQABKj GR9Mg2Vlm0jjz7UflX90WhCUsTJdKSds6QpjaBXcPFpZgvMJw6J7tl9ecCXZcThqKxvg 63aA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.ch header.s=default header.b=DWR+RBx1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x16si11475749ejw.375.2019.11.28.07.34.52; Thu, 28 Nov 2019 07:35:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.ch header.s=default header.b=DWR+RBx1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726681AbfK1Pbj (ORCPT + 99 others); Thu, 28 Nov 2019 10:31:39 -0500 Received: from mail-40130.protonmail.ch ([185.70.40.130]:57608 "EHLO mail-40130.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726436AbfK1Pbj (ORCPT ); Thu, 28 Nov 2019 10:31:39 -0500 Date: Thu, 28 Nov 2019 15:31:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch; s=default; t=1574955096; bh=jrPTZgi0SU4x8PDrknsTeduahbLr99zyjShTd7swWm4=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=DWR+RBx1r49fxhEEvwf506KeubbDh7cTV/Gh20Uuetz+r+wT8yoUCjTAxuTw44Wz1 FlgwK6mIc0S99+e/1Uu67LxCQU3GTDA6YPZc5B9esHWhQAVq2Z8geR14gPDLVkV4ay hp9RBO0Y9dLoQedLXRNDT44BZzJi8aG1rNVE16u0= To: Steven Rostedt From: Jordan Glover Cc: dann frazier , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Seth Forshee , Matthew Garrett , James Morris , Linux API , Ben Hutchings , Al Viro , Linus Torvalds Reply-To: Jordan Glover Subject: Re: tracefs splats in lockdown=confidentiality mode Message-ID: <2vtDIdkutRsBBbaiswjFZlGeQPSlDHF3et5ZxQ4YJ4zArOKo7-53A6d8SwpUtt7NCYdQEmmkeTADvrS7NCzw0Stw33n44vJC_qspqXgRPZQ=@protonmail.ch> In-Reply-To: <20191101181501.4beff81b@grimm.local.home> References: <20191101210803.GA9841@xps13.dannf> <20191101181501.4beff81b@grimm.local.home> Feedback-ID: QEdvdaLhFJaqnofhWA-dldGwsuoeDdDw7vz0UPs8r8sanA3bIt8zJdf4aDqYKSy4gJuZ0WvFYJtvq21y6ge_uQ==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.7 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.protonmail.ch Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Friday, November 1, 2019 10:15 PM, Steven Rostedt = wrote: > On Fri, 1 Nov 2019 15:08:03 -0600 > dann frazier dann.frazier@canonical.com wrote: > > > hey, > > fyi, I'm seeing a bunch of errors from tracefs when booting 5.4-rc5 in > > lockdown=3Dconfidentiality mode: > > [ 1.763630] Lockdown: swapper/0: use of tracefs is restricted; see man = kernel_lockdown.7 > > [ 1.772332] Could not create tracefs 'available_events' entry > > [ 1.778633] Lockdown: swapper/0: use of tracefs is restricted; see man = kernel_lockdown.7 > > [ 1.787095] Could not create tracefs 'set_event' entry > > [ 1.792412] Lockdown: swapper/0: use of tracefs is restricted; see man = kernel_lockdown.7 > > (...) > > [ 2.899481] Could not create tracefs 'set_graph_notrace' entry > > [ 2.905671] Lockdown: swapper/0: use of tracefs is restricted; see man = kernel_lockdown.7 > > [ 2.913934] ------------[ cut here ]------------ > > [ 2.918435] Could not register function stat for cpu 0 > > [ 2.923717] WARNING: CPU: 1 PID: 1 at kernel/trace/ftrace.c:987 ftrace_= init_tracefs_toplevel+0x168/0x1bc > > [ 2.933939] Modules linked in: > > [ 2.937290] CPU: 1 PID: 1 Comm: > > Looks to me that it's working as designed ;-) > > I'm guessing we could quiet these warnings for boot up though. :-/ > > But there should be at least one message that states that the tracefs > files are not being created due to lockdown. > > -- Steve Could you clarify what functionality is lost here and if it affects system stability? I agree that triggering WARNING on every boot with supported kernel configuration isn't optimal experience for users. Jordan