Re: [PATCH] drivers/iommu: don't select DEBUG_FS for AMD_IOMMU_STATS

From: Joerg Roedel
Date: Tue Apr 05 2016 - 18:42:03 EST

Next message: Yury Norov: "Re: [RFC6 PATCH v6 00/21] ILP32 for ARM64 - LTP results"
Previous message: Burn Alting: "RE: EXT :Re: [RFC] Create an audit record of USB specific details"
In reply to: Steven Rostedt: "Re: [PATCH] drivers/iommu: don't select DEBUG_FS for AMD_IOMMU_STATS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 05, 2016 at 12:37:54PM -0400, Steven Rostedt wrote:
> I will argue that people have asked me to move tracing out of debugfs
> (which is why I created tracefs) because the problem with debugfs is
> that it opens up a entire system that is not well scrutinized, and
> holds lots of possible ways to crack the kernel.
>
> Disabling debugfs does help with the "security" point you mentioned
> above.

Yes, that reasoning makes more sense than "debug features are bad for
production". It should've been part of the commit message.

The AMD_IOMMU_STATS feature is on my list of things to remove anyway, it
is mostly disabled and should be done differently (via per-device sysfs
stats). So I am just going to remove it for now.

Joerg

Next message: Yury Norov: "Re: [RFC6 PATCH v6 00/21] ILP32 for ARM64 - LTP results"
Previous message: Burn Alting: "RE: EXT :Re: [RFC] Create an audit record of USB specific details"
In reply to: Steven Rostedt: "Re: [PATCH] drivers/iommu: don't select DEBUG_FS for AMD_IOMMU_STATS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]