Re: [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters

From: Rémi Denis-Courmont
Date: Tue Jul 18 2023 - 13:25:23 EST

Next message: Qais Yousef: "Re: [RFC PATCH] sched/fair: Fix impossible migrate_util scenario in load balance"
Previous message: Luiz Augusto von Dentz: "Re: [PATCH v2] Bluetooth: hci_event: Ignore NULL link key"
In reply to: Atish Patra: "Re: [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters"
Next in thread: Atish Patra: "Re: [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Le tiistaina 18. heinäkuuta 2023, 2.22.54 EEST Atish Patra a écrit :
> > AFAIK, if the default settings breaks user space, the patchset is
> > considered to break user space. That being the case, either this case is
> > deemed special enough that breaking user space is OK, or it is not.

> This case is a special case as the usage was incorrect in the first
> place.

I agree that it's not only insecure but also incorrect. However it mostly
works. In fact I don't disagree with the change as such, but I think that the
commit messages are misleading and confusing. For a start, in one place it
says that it is not breaking user space and in another it says basically the
opposite.

(Unfortunately, not everybody agrees with the change. I can't seem to get
FFmpeg's checkasm tool fixed:
http://ffmpeg.org/pipermail/ffmpeg-devel/2023-July/312245.html )

Also this is not the first time somebody argues that an API should be removed
because it's broken. That's not special.

> Any application that genuinely requires rdcycle can always get
> it now via the perf interface.

Sure. But the question is whether it breaks user space and if so, whether
that's acceptable. Existing apps that call RDCYCLE will now fail, presumbly
receive SIGILL(?).

> If the insecure and incorrect behavior is allowed, we suspect the user
> space behavior will never be fixed as it is hard to put a future flag
> date in these cases.

For better or worse, I can only agree there. But then adding an option to
preserve the broken behaviour is begging for people to (ab)use it, and indeed
never fix the problem, and never be able to remove the option.

> > If it is not OK, then the only way out that I can think of, consists of
> > trapping and emulating the counters, returning the same sanitised values
> > that Linux perf would return. Then you can add a kernel config option to
> > disable that trap-and-emulation code in the future.
> What do you mean by "sanitised" value ?

I mean whatever avoids creating a security issue. Presumably report the number
of cycles spent in the calling thread and in user mode since the first time
that the process called RDCYCLE?

Maybe it's not reasonable for complexity or performance reasons, but then IMO,
it deserves a little bit better explaining in the commit message.

--
雷米‧德尼-库尔蒙
http://www.remlab.net/

Next message: Qais Yousef: "Re: [RFC PATCH] sched/fair: Fix impossible migrate_util scenario in load balance"
Previous message: Luiz Augusto von Dentz: "Re: [PATCH v2] Bluetooth: hci_event: Ignore NULL link key"
In reply to: Atish Patra: "Re: [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters"
Next in thread: Atish Patra: "Re: [PATCH v4 00/10] riscv: Allow userspace to directly access perf counters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]