Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3777764rdh; Fri, 29 Sep 2023 01:51:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEiQDAIFbMdYNT0rYU7gYZmqiHIODd6PoX1ODKITNzHgkIZ9sQLEuhS3V3Rm8GoQknorYa4 X-Received: by 2002:a17:902:f68d:b0:1c7:2763:9ef4 with SMTP id l13-20020a170902f68d00b001c727639ef4mr3497996plg.66.1695977462991; Fri, 29 Sep 2023 01:51:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695977462; cv=none; d=google.com; s=arc-20160816; b=xYBcW3mVJ+M/mPqaBeYZktgSn1OUpj6Kl0wEcPD2qOD7nuL1jhmDmPKrPVk0NKq6El vhCsBx9zE5r4n7oTu1bhqDOVe5115+m9Ja2dA0HbT6ZKyCzeoW9oq2pHRrYYKVF+5h+f KhScce6eOewcX6PnVzE9ToWDoKQOXrVH5GKcI0aM+LvwJRojoUFKydr/HM0KtYJMGllp FGPpBKIOEDlyqVNS1BYbnb4WXA25Vy1wTZwhc40hnTDkx/f/RjGonH+vy3zOiXQRD87l koVrcCFV5VKpDMSka7OzWutzey0CCjJyjnKZQsGFrMkSO+zOlZgm/qCOnKbJaYhU424H VaFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=rNSXAAGAWzfjZ8B3Y6lB+Lau8VDFKMg7uOankBJ5jh4=; fh=4dgxBmvNUc6akyXNFyh10KguSz85St4Fxf2AoO1MxrY=; b=Ls7UANaXHfUtIz0ZRl1qHbu5GblH23klMVHuRAbhxBBYVB2AMiuVSDyyV2wu5dlbLI qsuATteg+3oijxkWjqtly/5jkbmgMB5KPOWYZY3ZSfLq1rK2ObfrS4fffDnwHt9mFNXE rB4xmmkK5oWyIi99dbCxp/UeaS44O5zGoy4HhzjP0Ew5sn8JlMHgNR6IBjgeRwJXIxz+ kMyaDSDLSDw86Jb5Xu6HfJ2P+Edg+wcSzR2szCClb5Uhi9YdthAbL3xOVFF0r5KccgVT IetB6vJ4JuHuKwMrGAxW2/Xz4vNAnz0g/h+Fn/y2/7zHNLmAAlF/6PnLSqhvDZwLl7qF BtpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=eMxxIvxP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id d12-20020a170902f14c00b001c732b6869csi4268854plb.63.2023.09.29.01.51.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 01:51:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=eMxxIvxP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 7B94A822C0F5; Thu, 28 Sep 2023 20:49:27 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232585AbjI2DtN (ORCPT + 99 others); Thu, 28 Sep 2023 23:49:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232631AbjI2DtJ (ORCPT ); Thu, 28 Sep 2023 23:49:09 -0400 Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A6371B1 for ; Thu, 28 Sep 2023 20:49:05 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id af79cd13be357-77575233633so256259585a.0 for ; Thu, 28 Sep 2023 20:49:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1695959344; x=1696564144; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=rNSXAAGAWzfjZ8B3Y6lB+Lau8VDFKMg7uOankBJ5jh4=; b=eMxxIvxPl6uH0l2l1PuCY71Kpxo+7eZOgbGmVcl/vLk4upVmAdTmMocgMENFRCO3d2 LJxV21UaVHaHo+/RpvwPsOiiegxxd7I3nNykDQbCfQzEBu/pEKyRr350hIiiVl8AlLLW qHotkpPRFBLJ9zYeyGnyAbSMFCw0IkRooy0YQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695959344; x=1696564144; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=rNSXAAGAWzfjZ8B3Y6lB+Lau8VDFKMg7uOankBJ5jh4=; b=RKKErRh07J2xe85qSV/JQqmZKcyvHItrkw3sNjpfGbgYgykVXYadUXTjQ4iJSYtEO7 HhVBWxAO6S16KIgFV/PGb+qMpdYvGsPpQvM5FrpbnLuZ3dnOMh0kRBBmFoMjgC6ujdBc 9ZpsZRcP5+AzIWYe205tRTPK6cWMYwhhdKwJsavsH4+iKi0e7pKNd3jZM5M7nD0LS3vm 4aUOAdmZN/bcMEe0N/2lttU5u8TxEkXMgsaj7KcuVwfct3dNJNggLDrGm/gTR7reU3H9 l7uLNDB1Nl7TKRzMZ8FzYpqJGOt68XLfk+pqKbjfA9E3uuuQt/GDQ9yTUYPNiW0w7jtk gOSg== X-Gm-Message-State: AOJu0YwruBYiz3B8dW9ZZ2T0CmFaAOjXHfupc2Hk9HapiefHOJ1H2k2B z9oKSsv7hLxIjw/6x4J0k+Q8IA== X-Received: by 2002:a05:620a:12f1:b0:774:13e:71cd with SMTP id f17-20020a05620a12f100b00774013e71cdmr2766118qkl.56.1695959344459; Thu, 28 Sep 2023 20:49:04 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id b20-20020aa78114000000b006930db1e6d1sm5622071pfi.203.2023.09.28.20.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Sep 2023 20:49:03 -0700 (PDT) Date: Thu, 28 Sep 2023 20:49:02 -0700 From: Kees Cook To: Yuanhe Shu Cc: gregkh@linuxfoundation.org, jirislaby@kernel.org, tony.luck@intel.com, gpiccoli@igalia.com, shuah@kernel.org, linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH 0/5] pstore: add tty frontend and multi-backend Message-ID: <202309282030.8CE179EBB@keescook> References: <20230928024244.257687-1-xiangzao@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230928024244.257687-1-xiangzao@linux.alibaba.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 28 Sep 2023 20:49:27 -0700 (PDT) On Thu, Sep 28, 2023 at 10:42:39AM +0800, Yuanhe Shu wrote: > In public cloud scenario, if kdump service works abnormally, > users cannot get vmcore. Without vmcore, user has no idea why the > kernel crashed. Meanwhile, there is no additional information > to find the reason why the kdump service is abnormal. > > One way is to obtain console messages through VNC. The drawback > is that VNC is real-time, if user missed the timing to get the VNC > output, the crash needs to be retriggered. > > Another way is to enable the console frontend of pstore and record the > console messages to the pstore backend. On the one hand, the console > logs only contain kernel printk logs and does not cover > user-mode print logs. Although we can redirect user-mode logs to the > pmsg frontend provided by pstore, user-mode information related to > booting and kdump service vary from systemd, kdump.sh, and so on which > makes redirection troublesome. So we added a tty frontend and save all > logs of tty driver to the pstore backend. This is a clever solution! > Another problem is that currently pstore only supports a single backend. > For debugging kdump problems, we hope to save the console logs and tty > logs to the ramoops backend of pstore, as it will not be lost after > rebooting. If the user has enabled another backend, the ramoops backend > will not be registered. To this end, we add the multi-backend function > to support simultaneous registration of multiple backends. Ah very cool; I really like this idea. I'd wanted to do it for a while just to make testing easier, but I hadn't had time to attempt it. > Based on the above changes, we can enable pstore in the crashdump kernel > and save the console logs and tty logs to the ramoops backend of pstore. > After rebooting, we can view the relevant logs by mounting the pstore > file system. So, before I do a line-at-a-time review of this code, I'd like to address some design issues first. I really don't want to make behavioral differences when we don't have to: - The multi-backend will enable _all possible_ backends, and that's a big change that will do weird things for some pstore users. I would prefer a pstore option to opt-in to enabling all backends. Perhaps have "pstore.backend=" be parsed with commas, so a list of backends can be provided, or "all" for the "all backends" behavior. - Moving the pstorefs files into a subdirectory will break userspace immediately (e.g. systemd-pstore expects very specifically named files). Using subdirectories seems like a good idea, but perhaps we need hardlinks into the root pstorefs for the "first" backend, or some other creative solution here. Then some technical thoughts about the TTY frontend's behavior: - That 2 pstore records are created for every line of TTY output feels kind of inefficient, though I don't have a better idea. This is really only doable as you have it because the ramoops and zone backends treat the single prz as a circular buffer. I wonder about supporting this on other backends like EFI, but perhaps it's just not going to happen. - I'd like to check with the TTY folks to see if this is the "right" place to hook to get a copy of what's being written. Thanks and let me know what you think! -Kees -- Kees Cook