Re: option KDTRACE_HOOKS non-optional after r357912?

From: Stefan Eßer <se_at_freebsd.org>
Date: Sat, 15 Feb 2020 15:40:35 +0100
Am 15.02.20 um 14:47 schrieb Mateusz Guzik:
> On 2/15/20, Stefan Eßer <st.esser_at_yahoo.de> wrote:
>> Hi Mateusz,
>>
>> your optimization of systrace checks has made KDTRACE_HOOKS mandatory,
>> since there are unprotected assignments to systrace_enabled (which is
>> defined as constant 0 in kernels without KDTRACE_HOOKS due to your
>> change):
>>
>> /sys/cddl/dev/systrace/systrace.c:322:20: error: expression is not
>> assignable
>>                 systrace_enabled = true;
>>                 ~~~~~~~~~~~~~~~~ ^
>> /sys/cddl/dev/systrace/systrace.c:334:20: error: expression is not
>> assignable
>>                 systrace_enabled = false;
>>                 ~~~~~~~~~~~~~~~~ ^
>> 2 errors generated.
>> *** [systrace.o] Error code 1
>>
>> The easy work-around is of course to add KDTRACE_HOOKS to the stripped
>> down kernel configuration. But I think there should be stab functions
>> in systrace.c to cover the case that this option is not active.
>>
>> Or is the overhead and other impact of KDTRACE_HOOKS considered to be
>> so insignificant that it should be included in every kernel?
> 
> Well tinderbox built for me.

Yes, no surprise, KDTRACE_HOOKS is defined in all the GENERIC kernels.

> Note that the module strongly depends on KDTRACE_HOOKS to work in the
> first place -- even prior to my patch support in the syscall path was gated by
> this define. In other words, the module should not be being built if the option
> is not enabled. Thus if anything the change adds an unintended improvement
> of catching the lack of dependency checking here. I may take a closer look
> later but preferably someone familiar with the build system would take
> care of it.

If KDTRACE_HOOKS is meant to be kept optional, the hooks should not be
compiled in and the functions to enable that feature should return
failure, IMHO.

It is obviously not useful to load a module that depends on an optional
feature, if that feature has been disabled. And I do not do this.

I just want to build a stripped down kernel, but have not restricted the
modules that get built. I just do not load those that I do not need.

But the current situation makes buildkernel fail (unless KDTRACE_HOOKS
is defined or the systrace module explicitly disabled), and that is at
least a violation of POLA.

> It comes with some overhead of course since there is no hot patching, but
> it is unlikely you will be able to measure it because of other factors

Yes, but in a stripped down production kernel where these hooks will
never be legitimately used, they do not only add overhead but also
attack surface, and so I do not want to include them.

Regards, STefan
Received on Sat Feb 15 2020 - 13:40:39 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:23 UTC