Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp426939imw; Fri, 15 Jul 2022 06:04:45 -0700 (PDT) X-Google-Smtp-Source: AGRyM1utzeNuVEmilJUR4l3fURST22sEfD5Rpg5LdwehhJ3ExWdCjrd417/BugdYkoh7wX47i2q7 X-Received: by 2002:a17:906:53c7:b0:711:d2e9:99d4 with SMTP id p7-20020a17090653c700b00711d2e999d4mr13628174ejo.716.1657890284783; Fri, 15 Jul 2022 06:04:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657890284; cv=none; d=google.com; s=arc-20160816; b=jJY6n0ONPMWAA0AuQus3Y7Zj7vnk0ww/1Ct82FD3rd3zJ9nANfQISL5Ibmx9yLvSNr F2sdq3tvZxjhQVP9N7TVAMMDBQOsKk4yT12MFowhJak5wOMo17xEp9nTqCDeArqFPS4R Sy68faZky1TE579k3tnahZKQcQZh18OqEYhbRm7iHUgTc4f+T9lnoXICf1fGC+l4RKBk DPP5fSnWA3M2uf5Afbgu00N36QyfAa5I37wN/IhkH/8VqZHapAGP4ZVHB/WQRXaORm+Y Poo0Xb3UKSUAOLzrHStpVcKU8zuYxFQcOnxRhnjWrE2L3PUxjxLTYM5RVT6blOLVGlEO QM6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=3SZjjm4GYKG35pso1ukOUvEhXJUwH5J2gDyR1sXUx/4=; b=tH1Iiu6pVGup8IKp5LHC7H1Bd3KA4AFm1n7E22YB78qfjG+SLWppSwpGvPZZ7KGZl8 a0Z1DkLw6D1pn9qONmTJHpy03b6Hk5R3tru/XN+czHYToWSTeAHKTAMdPx6qHNl/oMZR xJlYbmXpkmL6xa2XuxsVt42ZtDFsPl8rnrvx5vQEiwE+1MpVkgFYY0Epgr2XKMaqVdrX JeTpdqOOjOVmuEE0dTdg0/39xSj7I4qC5lySnVMD5QrbirGMidqW20DuMHWsPZuueFxu RxtIR5xPASuDOSmYbr3FOqg2ln/AvjPJDvg/gkDttI2JgfwQNQBOajr8oM8752NQhRfI 9+AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b="R0MtUe/h"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f27-20020a056402329b00b0043a75d89da8si6168724eda.45.2022.07.15.06.03.56; Fri, 15 Jul 2022 06:04:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b="R0MtUe/h"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232367AbiGOMtm (ORCPT + 99 others); Fri, 15 Jul 2022 08:49:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232141AbiGOMtj (ORCPT ); Fri, 15 Jul 2022 08:49:39 -0400 X-Greylist: delayed 75885 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Fri, 15 Jul 2022 05:49:38 PDT Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7DEC1CB27 for ; Fri, 15 Jul 2022 05:49:38 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 7925034D92; Fri, 15 Jul 2022 12:49:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1657889376; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3SZjjm4GYKG35pso1ukOUvEhXJUwH5J2gDyR1sXUx/4=; b=R0MtUe/hEJB9BskOjEkhPkBu+6cLXX4dBu72zDMAQpPEmFsBXIcOLg1WRq9MwV0qdrbFEl A3WrXX4WvXuaB+92ars8L8bXW4H7AsnMYTbuQKGzE9eZLQ5qs1M7dZxFETys7dOko0pxSk O84JGpHVoHuaghwtwi4LlzrWGdOncaA= Received: from suse.cz (pathway.suse.cz [10.100.12.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 253F32C141; Fri, 15 Jul 2022 12:49:36 +0000 (UTC) Date: Fri, 15 Jul 2022 14:49:35 +0200 From: Petr Mladek To: Chris Down Cc: linux-kernel@vger.kernel.org, Greg Kroah-Hartman , Sergey Senozhatsky , Steven Rostedt , John Ogness , Geert Uytterhoeven , kernel-team@fb.com Subject: Re: design: was: Re: [RFC PATCH v2] printk: console: Allow each console to have its own loglevel Message-ID: <20220715124935.GE2737@pathway.suse.cz> References: <20220714154452.GB24338@pathway.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220714154452.GB24338@pathway.suse.cz> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu 2022-07-14 17:44:52, Petr Mladek wrote: > On Wed 2022-07-13 15:49:19, Chris Down wrote: > > Petr Mladek writes: > > > IMHO, this makes things too complicated. A better solution is to do > > > not allow to set any log level below this limit in the first place. > > > > Hmm, how should we then handle the case that you have set the per-console > > loglevel to 3 and minimum_console_loglevel later gets changed to 5? > > > > We had this problem when designing cgroup v2 as well, for example in cases > > where a child requests a higher memory protection than can be afforded by > > the parent, or where a child sets a higher memory limit than a parent > > specifies. We went back and forth and eventually settled on allowing these, > > because the alternatives seemed difficult to reason about or unnecessarily > > inflexible. > > I see. > > > From the per-console loglevel side, one option is to return ERANGE or EINVAL > > on values we know won't be honoured when setting the per-console loglevel. > > The problem with that is that it doesn't allow to specify a "desired" limit > > in case the external factors (in this case, the minimum loglevel) change. > > This is even more difficult to reason about in our case because the minimum > > loglevel may be changed dynamically outside of user control. > > > > Another is to disallow setting the minimum loglevel without first resetting > > consoles which are above the value that is desired to be set, but this seems > > really cumbersome, and again it doesn't account for cases like panic() and > > elsewhere where we blindly change it anyway. > > > > Maybe you have another idea about how it should work in the case that the > > minimum loglevel would take precedence over an existing loglevel? > > minimum_console_loglevel is currently used only in syslog interface. > It is ignored when the levels are set using sysctl. > > IMHO, the reason is that sysctl might eventually get called even with > less privileged user. > > I would keep this behavior. I mean that a change of > minimum_console_loglevel would not affect other values immediately. > It will be used to crop the value when anyone wants to change > the global loglevel via syslog later. > > Well, it would make sense to crop the global or per-console > loglevels even when they are later changed via the new sysctl > or sysfs interface. It would be a limit for less privileged > users. > > Maybe, it is over-engineered. I wonder if anyone really uses > the minimum level in practice. I checked the history: 1. The possibility to change "console_loglevel" was added in 0.99.13k, 1992. The syslog syscall was the only way to change the value at runtime at that time. 2. MINIMUM_CONSOLE_LOGLEVEL was added in 1.3.37, 1995 It was hardcoded at that time. 3. minimum_console_loglevel was exported via sysctl in 2.1.32, between 1996-1999. This version added the sysctl interface for all 4 values: console_loglevel, minimum_console_loglevel, default_console_loglevel, default_message_loglevel. Before it was possible to change only console_loglevel via the syslog syscall. sysctl allows to set all four values to any value. It does not check if they make any sense. And it does not check if console_loglevel is above minimum_console_loglevel. Only the syslog syscall checks minimum_console_loglevel. I guess that nobody really though how the interface could be used. It just made the four "configurable" values accessible. IMHO, it confirms the theory that the minimum value should prevent less privileged users to change the loglevel below this minimum. And I would do it as I suggested. I mean that minimum_console_loglevel will be used only when anyone tries to change the global or per-console loglevel. It would make sense to return -EINVAL when anyone wants to set loglevel below the minimum value via sysctl or sysfs interface. I suggested to just crop the value yesterday. It is what the syslog sycall does. But I think that it is actually quite ugly and we could do better in the new (more modern) interface. Best Regards, Petr