Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp994937rwd; Thu, 18 May 2023 06:44:16 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4ggC9UqtGLkZ+I5vI/9Wiephnw1ZeGLHUbDT0YESPlfjmliYx4UGQfui2j93vP6ERc02uQ X-Received: by 2002:a17:902:db0c:b0:1ae:6135:a050 with SMTP id m12-20020a170902db0c00b001ae6135a050mr3193007plx.19.1684417456168; Thu, 18 May 2023 06:44:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684417456; cv=none; d=google.com; s=arc-20160816; b=SSSfcXZTCLXGDwDXdogVylmoznBn+9DmQMXTTNjDg24d5P4TNTrSiFDnxy9yz6BL4a oKWGbWKTWiCdPn2OVfP4zCKy/ju2pPp6KdCloq2YJ/VG33KaMvMy/fHbqwc+XFMA6SEl FRxJSOBDwfvNAcMOySh4GrCGdq2Tbp5tRFt8bkAVrDpFA2HgXqdWS+IT+9pwnJCxF7n/ l3fwfNPnhwJGVyphT5wUCh4+k5Zu85TC5VcgresvWXdh4eaapTfclc493sPsCNMd+oji 4cGgPBbNT/3QNh3ufBZ3UsfnwH9OUYcld3qz+HGqYITJ87MJVI+qABhYL4lKSX4K+wJp d5QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=nHR3vwYrJlv+hBxQindrLByzBcwEbWIC4gIR7v/6/Vc=; b=IvYl8PMzbE113lhmGew2nGx28Lsx3D2sXP/OjNdbXG+G0FB4d6PiiO+zPUd0oiXV3D NGupc0Z4KDs3ZgZJsYwoRZj6e6j3UB60lW6SvZ1ULFNL4lSjIPYCpnIuzHzK3tfhtNkw 2kiZBKp39GYTSiGHgjgxsJ6Te2MMzhJC1ms9rAhUtxzDzqbm3nnO/JIjjgtDsMxvZkbr Rry0N5MmY3yZedNqv8gorwg8m8s5nAtQs75lpuVCLA5AOgu+uFqyUOVLuWBG4t/er9s1 4W5iqTkyRlz7FLLv3O7zBKovLgyYcoBzOxxk88VlEHwxk9ObFhGDF0j/in0OMzXJVHKv IdLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h20-20020a170902f7d400b0019931c82e24si1299158plw.195.2023.05.18.06.44.03; Thu, 18 May 2023 06:44:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230125AbjERNgH convert rfc822-to-8bit (ORCPT + 99 others); Thu, 18 May 2023 09:36:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58134 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229929AbjERNgF (ORCPT ); Thu, 18 May 2023 09:36:05 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57306E0; Thu, 18 May 2023 06:36:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DC35364F7E; Thu, 18 May 2023 13:36:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 39973C433EF; Thu, 18 May 2023 13:36:02 +0000 (UTC) Date: Thu, 18 May 2023 09:36:00 -0400 From: Steven Rostedt To: Alexei Starovoitov Cc: Beau Belgrave , Masami Hiramatsu , LKML , linux-trace-kernel@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , bpf , David Vernet , Linus Torvalds , Dave Thaler , Christian Brauner , Christoph Hellwig Subject: Re: [PATCH] tracing/user_events: Run BPF program if attached Message-ID: <20230518093600.3f119d68@rorschach.local.home> In-Reply-To: References: <20230509130111.62d587f1@rorschach.local.home> <20230509163050.127d5123@rorschach.local.home> <20230515165707.hv65ekwp2djkjj5i@MacBook-Pro-8.local> <20230515192407.GA85@W11-BEAU-MD.localdomain> <20230517003628.aqqlvmzffj7fzzoj@MacBook-Pro-8.local> <20230516212658.2f5cc2c6@gandalf.local.home> <20230517165028.GA71@W11-BEAU-MD.localdomain> <20230518001916.GB254@W11-BEAU-MD.localdomain> <20230518011814.GA294@W11-BEAU-MD.localdomain> <20230517220800.3d4cbad2@gandalf.local.home> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 17 May 2023 20:14:31 -0700 Alexei Starovoitov wrote: > On Wed, May 17, 2023 at 7:08 PM Steven Rostedt wrote: > > The delete IOCTL is different than reg/unreg. I don't see a problem with > > adding a CAP_SYSADMIN check on the delete IOCTL (and other delete paths) > > to prevent this. It shouldn't affect anything we are doing to add this > > and it makes it so non-admins cannot delete any events if they are given > > write access to the user_events_data file. > > sysadmin for delete is a pointless. > user_events_ioctl_reg() has the same issue. > Two different processes using you fancy TRACELOGGING_DEFINE_PROVIDER() > macro and picking the same name will race. > > TRACELOGGING_DEFINE_PROVIDER( // defines the MyProvider symbol > MyProvider, // Name of the provider symbol to define > "MyCompany_MyComponent_MyProvider", // Human-readable provider > name, no ' ' or ':' chars. > // {d5b90669-1aad-5db8-16c9-6286a7fcfe33} // Provider guid > (ignored on Linux) > (0xd5b90669,0x1aad,0x5db8,0x16,0xc9,0x62,0x86,0xa7,0xfc,0xfe,0x33)); > > I totally get it that Beau is copy pasting these ideas from windows, > but windows is likely similarly broken if it's registering names > globally. > > FD should be the isolation boundary. > fd = open("/sys/kernel/tracing/user_event") > and make sure all events are bound to that file. > when file is closed the events _should be auto deleted_. > > That's another issue I just spotted. > Looks like user_events_release() is leaking memory. > user_event_refs are just lost. > > tbh the more I look into the code the more I want to suggest to mark it > depends on BROKEN > and go back to redesign. I don't think these changes require a redesign. I do like the idea that the events live with the fd. That is, when the fd dies, so does the event. Although, we may keep it around for a bit (no new events, but being able to parse it. That is, the event itself isn't deleted until the fd is closed, and so is the tracing files being read are closed. Beau, How hard is it to give the event an owner, but not for task or user, but with the fd. That way you don't need to worry about other tasks deleting the event. And it also automatically cleans itself up. If we leave it to the sysadmin to clean up, it's going to cause leaks, because it's not something the sysadmin will want to do, as they will need to keep track of what events are created. -- Steve PS. I missed my connection due to unseasonal freezing temperatures, and my little airport didn't have a driver for the deicer, making my flight 2 hours delayed (had to wait for the sun to come up and deice the plane!). Thus, instead of enjoying myself by the pool, I'm in an airport lounge without much to do.