[security-next,v3,04/29] LSM: Remove initcall tracing

Message ID	20180925001832.18322-5-keescook@chromium.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: James Morris <jmorris@namei.org> Cc: Kees Cook <keescook@chromium.org>, "Serge E. Hallyn" <serge@hallyn.com>, Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca>, Steven Rostedt <rostedt@goodmis.org>, linux-security-module@vger.kernel.org, Casey Schaufler <casey@schaufler-ca.com>, John Johansen <john.johansen@canonical.com>, Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>, Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>, "Schaufler, Casey" <casey.schaufler@intel.com>, Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v3 04/29] LSM: Remove initcall tracing Date: Mon, 24 Sep 2018 17:18:07 -0700 Message-Id: <20180925001832.18322-5-keescook@chromium.org> In-Reply-To: <20180925001832.18322-1-keescook@chromium.org> References: <20180925001832.18322-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk
Series	LSM: Explict LSM ordering \| expand [security-next,v3,00/29] LSM: Explict LSM ordering [security-next,v3,01/29] LSM: Correctly announce start of LSM initialization [security-next,v3,02/29] vmlinux.lds.h: Avoid copy/paste of security_init section [security-next,v3,03/29] LSM: Rename .security_initcall section to .lsm_info [security-next,v3,04/29] LSM: Remove initcall tracing [security-next,v3,05/29] LSM: Convert from initcall to struct lsm_info [security-next,v3,06/29] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA [security-next,v3,07/29] LSM: Convert security_initcall() into DEFINE_LSM() [security-next,v3,08/29] LSM: Record LSM name in struct lsm_info [security-next,v3,09/29] LSM: Provide init debugging infrastructure [security-next,v3,10/29] LSM: Don't ignore initialization failures [security-next,v3,11/29] LSM: Introduce LSM_FLAG_LEGACY_MAJOR [security-next,v3,12/29] LSM: Provide separate ordered initialization [security-next,v3,13/29] LoadPin: Rename "enable" to "enforce" [security-next,v3,14/29] LSM: Plumb visibility into optional "enabled" state [security-next,v3,15/29] LSM: Lift LSM selection out of individual LSMs [security-next,v3,16/29] LSM: Prepare for arbitrary LSM enabling [security-next,v3,17/29] LSM: Introduce CONFIG_LSM_ENABLE [security-next,v3,18/29] LSM: Introduce lsm.enable= and lsm.disable= [security-next,v3,19/29] LSM: Prepare for reorganizing "security=" logic [security-next,v3,20/29] LSM: Refactor "security=" in terms of enable/disable [security-next,v3,21/29] LSM: Build ordered list of ordered LSMs for init [security-next,v3,22/29] LSM: Introduce CONFIG_LSM_ORDER [security-next,v3,23/29] LSM: Introduce "lsm.order=" for boottime ordering [security-next,v3,24/29] LoadPin: Initialize as ordered LSM [security-next,v3,25/29] Yama: Initialize as ordered LSM [security-next,v3,26/29] LSM: Introduce enum lsm_order [security-next,v3,27/29] capability: Initialize as LSM_ORDER_FIRST [security-next,v3,28/29] LSM: Separate idea of "major" LSM from "exclusive" LSM [security-next,v3,29/29] LSM: Add all exclusive LSMs to ordered initialization

Kees Cook Sept. 25, 2018, 12:18 a.m. UTC

This partially reverts commit 58eacfffc417 ("init, tracing: instrument
security and console initcall trace events") since security init calls
are about to no longer resemble regular init calls.

Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 security/security.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

Steven Rostedt Sept. 26, 2018, 4:35 p.m. UTC | #1

On Mon, 24 Sep 2018 17:18:07 -0700
Kees Cook <keescook@chromium.org> wrote:

> This partially reverts commit 58eacfffc417 ("init, tracing: instrument
> security and console initcall trace events") since security init calls
> are about to no longer resemble regular init calls.

I'm not against the change, but how much are they going to "no longer
resemble regular init calls"?

-- Steve

> 
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca>
> Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  security/security.c | 8 +-------
>  1 file changed, 1 insertion(+), 7 deletions(-)
> 
> diff --git a/security/security.c b/security/security.c
> index 892fe6b691cf..41a5da2c7faf 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -30,8 +30,6 @@
>  #include <linux/string.h>
>  #include <net/flow.h>
>  
> -#include <trace/events/initcall.h>
> -
>  #define MAX_LSM_EVM_XATTR	2
>  
>  /* Maximum number of letters for an LSM name string */
> @@ -47,17 +45,13 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
>  
>  static void __init do_security_initcalls(void)
>  {
> -	int ret;
>  	initcall_t call;
>  	initcall_entry_t *ce;
>  
>  	ce = __start_lsm_info;
> -	trace_initcall_level("security");
>  	while (ce < __end_lsm_info) {
>  		call = initcall_from_entry(ce);
> -		trace_initcall_start(call);
> -		ret = call();
> -		trace_initcall_finish(call, ret);
> +		call();
>  		ce++;
>  	}
>  }

Kees Cook Sept. 26, 2018, 6:35 p.m. UTC | #2

On Wed, Sep 26, 2018 at 9:35 AM, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Mon, 24 Sep 2018 17:18:07 -0700
> Kees Cook <keescook@chromium.org> wrote:
>
>> This partially reverts commit 58eacfffc417 ("init, tracing: instrument
>> security and console initcall trace events") since security init calls
>> are about to no longer resemble regular init calls.
>
> I'm not against the change, but how much are they going to "no longer
> resemble regular init calls"?

My take on "regular" init calls is that they're always run, link-time
ordered, etc. The changes proposed here will make it so not all
initialization are run depending on runtime configurations, ordering
will be flexible, etc.

-Kees

Steven Rostedt Sept. 30, 2018, 11:25 p.m. UTC | #3

On Wed, 26 Sep 2018 11:35:21 -0700
Kees Cook <keescook@chromium.org> wrote:

> On Wed, Sep 26, 2018 at 9:35 AM, Steven Rostedt <rostedt@goodmis.org> wrote:
> > On Mon, 24 Sep 2018 17:18:07 -0700
> > Kees Cook <keescook@chromium.org> wrote:
> >  
> >> This partially reverts commit 58eacfffc417 ("init, tracing: instrument
> >> security and console initcall trace events") since security init calls
> >> are about to no longer resemble regular init calls.  
> >
> > I'm not against the change, but how much are they going to "no longer
> > resemble regular init calls"?  
> 
> My take on "regular" init calls is that they're always run, link-time
> ordered, etc. The changes proposed here will make it so not all
> initialization are run depending on runtime configurations, ordering
> will be flexible, etc.
>

Will it still be a good idea to have a tracepoint for those calls?
Perhaps not an  initcall tracepoint but some other kind?

-- Steve

Kees Cook Oct. 1, 2018, 1:01 a.m. UTC | #4

On Sun, Sep 30, 2018 at 4:25 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Wed, 26 Sep 2018 11:35:21 -0700
> Kees Cook <keescook@chromium.org> wrote:
>
>> On Wed, Sep 26, 2018 at 9:35 AM, Steven Rostedt <rostedt@goodmis.org> wrote:
>> > On Mon, 24 Sep 2018 17:18:07 -0700
>> > Kees Cook <keescook@chromium.org> wrote:
>> >
>> >> This partially reverts commit 58eacfffc417 ("init, tracing: instrument
>> >> security and console initcall trace events") since security init calls
>> >> are about to no longer resemble regular init calls.
>> >
>> > I'm not against the change, but how much are they going to "no longer
>> > resemble regular init calls"?
>>
>> My take on "regular" init calls is that they're always run, link-time
>> ordered, etc. The changes proposed here will make it so not all
>> initialization are run depending on runtime configurations, ordering
>> will be flexible, etc.
>>
>
> Will it still be a good idea to have a tracepoint for those calls?
> Perhaps not an  initcall tracepoint but some other kind?

I'm not opposed. It could be a follow-up patch, I assume?

-Kees

John Johansen Oct. 1, 2018, 9:07 p.m. UTC | #5

On 09/24/2018 05:18 PM, Kees Cook wrote:
> This partially reverts commit 58eacfffc417 ("init, tracing: instrument
> security and console initcall trace events") since security init calls
> are about to no longer resemble regular init calls.
> 
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca>
> Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>


Reviewed-by: John Johansen <john.johansen@canonical.com>

though I do think it would be a good idea to add a new set
of trace points, but that can come as a separate patch

> ---
>  security/security.c | 8 +-------
>  1 file changed, 1 insertion(+), 7 deletions(-)
> 
> diff --git a/security/security.c b/security/security.c
> index 892fe6b691cf..41a5da2c7faf 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -30,8 +30,6 @@
>  #include <linux/string.h>
>  #include <net/flow.h>
>  
> -#include <trace/events/initcall.h>
> -
>  #define MAX_LSM_EVM_XATTR	2
>  
>  /* Maximum number of letters for an LSM name string */
> @@ -47,17 +45,13 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
>  
>  static void __init do_security_initcalls(void)
>  {
> -	int ret;
>  	initcall_t call;
>  	initcall_entry_t *ce;
>  
>  	ce = __start_lsm_info;
> -	trace_initcall_level("security");
>  	while (ce < __end_lsm_info) {
>  		call = initcall_from_entry(ce);
> -		trace_initcall_start(call);
> -		ret = call();
> -		trace_initcall_finish(call, ret);
> +		call();
>  		ce++;
>  	}
>  }
>

Steven Rostedt Oct. 1, 2018, 9:23 p.m. UTC | #6

On Mon, 1 Oct 2018 14:07:55 -0700
John Johansen <john.johansen@canonical.com> wrote:

> On 09/24/2018 05:18 PM, Kees Cook wrote:
> > This partially reverts commit 58eacfffc417 ("init, tracing: instrument
> > security and console initcall trace events") since security init calls
> > are about to no longer resemble regular init calls.
> > 
> > Cc: James Morris <jmorris@namei.org>
> > Cc: "Serge E. Hallyn" <serge@hallyn.com>
> > Cc: Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca>
> > Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
> > Cc: linux-security-module@vger.kernel.org
> > Signed-off-by: Kees Cook <keescook@chromium.org>  
> 
> 
> Reviewed-by: John Johansen <john.johansen@canonical.com>
> 
> though I do think it would be a good idea to add a new set
> of trace points, but that can come as a separate patch
> 
>

Agreed.

-- Steve

Kees Cook Oct. 1, 2018, 10:38 p.m. UTC | #7

On Mon, Oct 1, 2018 at 2:23 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Mon, 1 Oct 2018 14:07:55 -0700
> John Johansen <john.johansen@canonical.com> wrote:
>
>> On 09/24/2018 05:18 PM, Kees Cook wrote:
>> > This partially reverts commit 58eacfffc417 ("init, tracing: instrument
>> > security and console initcall trace events") since security init calls
>> > are about to no longer resemble regular init calls.
>> >
>> > Cc: James Morris <jmorris@namei.org>
>> > Cc: "Serge E. Hallyn" <serge@hallyn.com>
>> > Cc: Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca>
>> > Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
>> > Cc: linux-security-module@vger.kernel.org
>> > Signed-off-by: Kees Cook <keescook@chromium.org>
>>
>>
>> Reviewed-by: John Johansen <john.johansen@canonical.com>
>>
>> though I do think it would be a good idea to add a new set
>> of trace points, but that can come as a separate patch
>>
>>
>
> Agreed.

BTW, how would this look? I'm not familiar with adding new tracepoints...

-Kees

[security-next,v3,04/29] LSM: Remove initcall tracing

Commit Message

Comments

Patch