@@ -84,7 +84,7 @@ config DRM_I915_ERRLOG_GEM
config DRM_I915_TRACE_GEM
bool "Insert extra ftrace output from the GEM internals"
depends on DRM_I915_DEBUG_GEM
- select TRACING
+ depends on TRACING_ALLOW_PRINTK
default n
help
Enable additional and verbose debugging output that will spam
@@ -98,7 +98,7 @@ config DRM_I915_TRACE_GEM
config DRM_I915_TRACE_GTT
bool "Insert extra ftrace output from the GTT internals"
depends on DRM_I915_DEBUG_GEM
- select TRACING
+ depends on TRACING_ALLOW_PRINTK
default n
help
Enable additional and verbose debugging output that will spam
@@ -80,6 +80,7 @@ config F2FS_IO_TRACE
bool "F2FS IO tracer"
depends on F2FS_FS
depends on FUNCTION_TRACER
+ depends on TRACING_ALLOW_PRINTK
help
F2FS IO trace is based on a function trace, which gathers process
information and block IO patterns in the filesystem level.
@@ -721,10 +721,15 @@ do { \
#define trace_printk(fmt, ...) \
do { \
char _______STR[] = __stringify((__VA_ARGS__)); \
+ \
+ static_assert( \
+ IS_ENABLED(CONFIG_TRACING_ALLOW_PRINTK),\
+ "trace_printk called, please enable CONFIG_TRACING_ALLOW_PRINTK."); \
+ \
if (sizeof(_______STR) > 3) \
do_trace_printk(fmt, ##__VA_ARGS__); \
else \
- trace_puts(fmt); \
+ do_trace_puts(fmt); \
} while (0)
#define do_trace_printk(fmt, args...) \
@@ -773,6 +778,13 @@ int __trace_printk(unsigned long ip, const char *fmt, ...);
*/
#define trace_puts(str) ({ \
+ static_assert( \
+ IS_ENABLED(CONFIG_TRACING_ALLOW_PRINTK), \
+ "trace_puts called, please enable CONFIG_TRACING_ALLOW_PRINTK."); \
+ do_trace_puts(str); \
+})
+
+#define do_trace_puts(str) ({ \
static const char *trace_printk_fmt __used \
__attribute__((section("__trace_printk_fmt"))) = \
__builtin_constant_p(str) ? str : NULL; \
@@ -794,6 +806,9 @@ extern void trace_dump_stack(int skip);
*/
#define ftrace_vprintk(fmt, vargs) \
do { \
+ static_assert( \
+ IS_ENABLED(CONFIG_TRACING_ALLOW_PRINTK), \
+ "ftrace_vprintk called, please enable CONFIG_TRACING_ALLOW_PRINTK."); \
if (__builtin_constant_p(fmt)) { \
static const char *trace_printk_fmt __used \
__attribute__((section("__trace_printk_fmt"))) = \
@@ -111,6 +111,15 @@ config GENERIC_TRACER
bool
select TRACING
+config TRACING_ALLOW_PRINTK
+ bool "Allow trace_printk"
+ default y if DEBUG_KERNEL
+ depends on TRACING
+ help
+ trace_printk is only meant as a debugging tool. If this option is
+ set to n, the kernel will generate a build-time error if trace_printk
+ is used.
+
#
# Minimum requirements an architecture has to meet for us to
# be able to offer generic tracing facilities:
@@ -686,6 +695,7 @@ config TRACEPOINT_BENCHMARK
config RING_BUFFER_BENCHMARK
tristate "Ring buffer benchmark stress tester"
depends on RING_BUFFER
+ depends on TRACING_ALLOW_PRINTK
help
This option creates a test to stress the ring buffer and benchmark it.
It creates its own ring buffer such that it will not interfere with
@@ -19,6 +19,7 @@ config SAMPLE_TRACE_EVENTS
config SAMPLE_TRACE_PRINTK
tristate "Build trace_printk module - tests various trace_printk formats"
depends on EVENT_TRACING && m
+ depends on TRACING_ALLOW_PRINTK
help
This builds a module that calls trace_printk() and can be used to
test various trace_printk() calls from a module.
@@ -26,6 +27,7 @@ config SAMPLE_TRACE_PRINTK
config SAMPLE_FTRACE_DIRECT
tristate "Build register_ftrace_direct() example"
depends on DYNAMIC_FTRACE_WITH_DIRECT_CALLS && m
+ depends on TRACING_ALLOW_PRINTK
depends on X86_64 # has x86_64 inlined asm
help
This builds an ftrace direct function example
trace_printk is meant as a debugging tool, and should not be compiled into production code without specific debug Kconfig options enabled, or source code changes, as indicated by the warning that shows up on boot if any trace_printk is called: ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** ** ** ** trace_printk() being used. Allocating extra memory. ** ** ** ** This means that this is a DEBUG kernel and it is ** ** unsafe for production use. ** If this option is set to n, the kernel will generate a build-time error if trace_printk is used. Note that the code to handle trace_printk is still present, so this does not prevent people from compiling out-of-tree kernel modules with the option set to =y, or BPF programs. Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> --- Changes since v1: - Use static_assert instead of __static_assert (Jason Gunthorpe) - Fix issues that can be detected by this patch (running some randconfig in a loop, kernel test robot, or manual inspection), by: - Making some debug config options that use trace_printk depend on the new config option. - Adding 3 patches before this one. There is a question from Alexei whether the warning is warranted, and it's possibly too strongly worded, but the fact is, we do not want trace_printk to be sprinkled in kernel code by default, unless a very specific Kconfig command is enabled (or preprocessor macro). There's at least 3 reasons that I can come up with: 1. trace_printk introduces some overhead. 2. If the kernel keeps adding always-enabled trace_printk, it will be much harder for developers to make use of trace_printk for debugging. 3. People may assume that trace_printk is for debugging only, and may accidentally output sensitive data (theoritical at this stage). drivers/gpu/drm/i915/Kconfig.debug | 4 ++-- fs/f2fs/Kconfig | 1 + include/linux/kernel.h | 17 ++++++++++++++++- kernel/trace/Kconfig | 10 ++++++++++ samples/Kconfig | 2 ++ 5 files changed, 31 insertions(+), 3 deletions(-)