Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp2045210ybg; Thu, 30 Jul 2020 09:02:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyjjr+bmXhbZBGdc6Rvxl450yn9BfCVLHkKl4GtMZdXQTIenWuqXd2qTvRrgPGUBXbUY28V X-Received: by 2002:a17:906:f90:: with SMTP id q16mr3193462ejj.208.1596124971989; Thu, 30 Jul 2020 09:02:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596124971; cv=none; d=google.com; s=arc-20160816; b=IyMoXS5ZEeaRR7kRNXh3LLZfB+Za+Gc6NzfVnRZAmd+fQp+AfSkYOxfmjoiw8/peJo 9hpCmxGofyN6JvICJOzzXuveRTfXU7Lw+mAhMYnG+cSM2ST+xL2dTyCAscEk1FN6ILR2 /3Ru8VAVjwyQ5KjWqCVoM0Q2LI+XkWOghecCmcQr8/Bsfv4WRkkGCm4f1+0+HFpHgh+C buPuWN+PMcRzh4QSjQqlNZS75drNvR6FEgBTjKx4GJk1iEawojXrQUPGCVMFSqVtoqgh D9CKHXKcmPDR5mUt9m6/yKmaEoAE8wxvDFIifcr86Xz961IuRQjyt/2n7ieldDlR2WFr 1/9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=hFzOoNcN7n7B7xikVvpIb8RA2QNnhRc9K35smUSPvG4=; b=0fhChlgWv2NPqLTZLgipXu1KLTbIVcuGkVYwk8DG3IgOHGZ3MknG8A7QldKmNp96dw O10IXm2Zs2nTnOLlzCxrI1g8LK7hjZY7oHAwEo0aA+xG9NMIyX4VRdnXJgWa7lxGhmVQ djBmmlrLRh1Y9mmryhFzNTCcx9p+MdnUzrbR3ER3Xq1kITt2BMCS//7lm13NTHN5Lbd5 tw2FQ1Zt5ONtSx2wiXE0lVbZIEEcO6jE8QHt3raj6/SPUEPfJk6EtdN3gK9NmlIHHd3G cE3ZvOUlOmQGf5GANqI1SfDiFXBAGAlIHy9lNxha/yUW5SXc8wY4MJzTBuogu2gYVZUz 28SA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id pj24si1059973ejb.646.2020.07.30.09.02.27; Thu, 30 Jul 2020 09:02:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729699AbgG3QCE convert rfc822-to-8bit (ORCPT + 99 others); Thu, 30 Jul 2020 12:02:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:43364 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726275AbgG3QCE (ORCPT ); Thu, 30 Jul 2020 12:02:04 -0400 Received: from oasis.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2F934206F5; Thu, 30 Jul 2020 16:02:02 +0000 (UTC) Date: Thu, 30 Jul 2020 12:02:00 -0400 From: Steven Rostedt To: peter enderborg Cc: =?UTF-8?B?VGhpw6liYXVk?= Weksteen , Paul Moore , Nick Kralevich , Joel Fernandes , Stephen Smalley , Eric Paris , Ingo Molnar , Mauro Carvalho Chehab , "David S. Miller" , Rob Herring , , Subject: Re: [PATCH] RFC: selinux avc trace Message-ID: <20200730120200.1367e1cd@oasis.local.home> In-Reply-To: <6f1262fc-21ad-f872-5460-e78d4685c9c4@sony.com> References: <20200724091520.880211-1-tweek@google.com> <20200724095232.5f9d3f17@oasis.local.home> <80a23580-5067-93b0-53fa-3bd53253c056@sony.com> <20200730110459.5bf0b0df@oasis.local.home> <6f1262fc-21ad-f872-5460-e78d4685c9c4@sony.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 30 Jul 2020 17:31:17 +0200 peter enderborg wrote: > On 7/30/20 5:04 PM, Steven Rostedt wrote: > > On Thu, 30 Jul 2020 16:29:12 +0200 > > peter enderborg wrote: > > > >> +#undef TRACE_SYSTEM > >> +#define TRACE_SYSTEM avc > >> + > >> +#if !defined(_TRACE_AVC_H) || defined(TRACE_HEADER_MULTI_READ) > >> +#define _TRACE_AVC_H > >> + > >> +#include > >> +TRACE_EVENT(avc_data, > >> +        TP_PROTO(u32 requested, > >> +             u32 denied, > >> +             u32 audited, > >> +             int result, > >> +             const char *msg > >> +             ), > >> + > >> +        TP_ARGS(requested, denied, audited, result,msg), > >> + > >> +        TP_STRUCT__entry( > >> +             __field(u32, requested) > >> +             __field(u32, denied) > >> +             __field(u32, audited) > >> +             __field(int, result) > >> +             __array(char, msg, 255) > > You want to use __string() here, otherwise you are wasting a lot of > > buffer space. > > > > __string( msg, msg) > It should be a full structure with a lot of sub strings.  But that make is even more relevant. So one event instance can have a list of strings recorded? > > > >> +                 ), > >> + > >> +        TP_fast_assign( > >> +               __entry->requested    = requested; > >> +               __entry->denied    = denied; > >> +               __entry->audited    = audited; > >> +               __entry->result    = result; > >> +               memcpy(__entry->msg, msg, 255); > > Not to mention, the above is a bug. As the msg being passed in, is > > highly unlikely to be 255 bytes. You just leaked all that memory after > > the sting to user space. > > > > Where you want here: > > > > __assign_str( msg, msg ); > > Directly in to the code. Was more in to get in to discussion on how complex we should have > the trace data. There is a lot of fields. Not all is always present. Is there any good way > to handle that? Like "something= somethingelse=42" or "something=nil somthingelse=42" Can you show what you want to record and what you want to display? I'm not totally understanding the request. -- Steve > >> +    ), > >> + > >> +        TP_printk("requested=0x%x denied=%d audited=%d result=%d > >> msg=%s", > >> +              __entry->requested, __entry->denied, __entry->audited, > >> __entry->result, __entry->msg > >> +              ) >