From owner-freebsd-current@freebsd.org Sat Feb 15 17:45:59 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 52ECA241816 for ; Sat, 15 Feb 2020 17:45:59 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48Kd2Z6x49z4V4w; Sat, 15 Feb 2020 17:45:58 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id 01FHjhud034821 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sat, 15 Feb 2020 19:45:47 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 01FHjhud034821 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id 01FHjhuN034820; Sat, 15 Feb 2020 19:45:43 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 15 Feb 2020 19:45:43 +0200 From: Konstantin Belousov To: Stefan =?utf-8?B?RcOfZXI=?= Cc: Mateusz Guzik , freebsd-current@freebsd.org Subject: Re: option KDTRACE_HOOKS non-optional after r357912? Message-ID: <20200215174543.GU4808@kib.kiev.ua> References: <57662d12-5c9f-c947-70ca-d1032b82fb3b@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on tom.home X-Rspamd-Queue-Id: 48Kd2Z6x49z4V4w X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Feb 2020 17:45:59 -0000 On Sat, Feb 15, 2020 at 03:58:06PM +0100, Stefan Eßer wrote: > Am 15.02.20 um 15:40 schrieb Stefan Eßer: > > Am 15.02.20 um 14:47 schrieb Mateusz Guzik: > >> On 2/15/20, Stefan Eßer wrote: > >>> Hi Mateusz, > >>> > >>> your optimization of systrace checks has made KDTRACE_HOOKS mandatory, > >>> since there are unprotected assignments to systrace_enabled (which is > >>> defined as constant 0 in kernels without KDTRACE_HOOKS due to your > >>> change): > >>> > >>> /sys/cddl/dev/systrace/systrace.c:322:20: error: expression is not > >>> assignable > >>> systrace_enabled = true; > >>> ~~~~~~~~~~~~~~~~ ^ > >>> /sys/cddl/dev/systrace/systrace.c:334:20: error: expression is not > >>> assignable > >>> systrace_enabled = false; > >>> ~~~~~~~~~~~~~~~~ ^ > >>> 2 errors generated. > >>> *** [systrace.o] Error code 1 > >>> > >>> The easy work-around is of course to add KDTRACE_HOOKS to the stripped > >>> down kernel configuration. But I think there should be stab functions > >>> in systrace.c to cover the case that this option is not active. > >>> > >>> Or is the overhead and other impact of KDTRACE_HOOKS considered to be > >>> so insignificant that it should be included in every kernel? > >> > >> Well tinderbox built for me. > > > > Yes, no surprise, KDTRACE_HOOKS is defined in all the GENERIC kernels. > > > >> Note that the module strongly depends on KDTRACE_HOOKS to work in the > >> first place -- even prior to my patch support in the syscall path was gated by > >> this define. In other words, the module should not be being built if the option > >> is not enabled. Thus if anything the change adds an unintended improvement > >> of catching the lack of dependency checking here. I may take a closer look > >> later but preferably someone familiar with the build system would take > >> care of it. > > > > If KDTRACE_HOOKS is meant to be kept optional, the hooks should not be > > compiled in and the functions to enable that feature should return > > failure, IMHO. > > A clarification: The above was of course meant for the case that the > option has not been specified. It has been activated, I do not expect > the enable function to return failure ... > Try https://reviews.freebsd.org/D23699 > > It is obviously not useful to load a module that depends on an optional > > feature, if that feature has been disabled. And I do not do this. > > > > I just want to build a stripped down kernel, but have not restricted the > > modules that get built. I just do not load those that I do not need. > > > > But the current situation makes buildkernel fail (unless KDTRACE_HOOKS > > is defined or the systrace module explicitly disabled), and that is at > > least a violation of POLA. > > > >> It comes with some overhead of course since there is no hot patching, but > >> it is unlikely you will be able to measure it because of other factors > > > > Yes, but in a stripped down production kernel where these hooks will > > never be legitimately used, they do not only add overhead but also > > attack surface, and so I do not want to include them. > > > > Regards, STefan > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"