All of lore.kernel.org
 help / color / mirror / Atom feed
From: Christian Brauner <christian.brauner@ubuntu.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Hridya Valsaraju" <hridya@google.com>,
	"Arve Hjønnevåg" <arve@android.com>,
	"Todd Kjos" <tkjos@android.com>,
	"Martijn Coenen" <maco@android.com>,
	"Joel Fernandes" <joel@joelfernandes.org>,
	devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org,
	kernel-team@android.com
Subject: Re: [PATCH 1/4] binder: add a mount option to show global stats
Date: Wed, 28 Aug 2019 14:39:53 +0200	[thread overview]
Message-ID: <20190828123952.zzffvezeq4hykxej@wittgenstein> (raw)
In-Reply-To: <20190828092237.GA23192@kroah.com>

On Wed, Aug 28, 2019 at 11:22:37AM +0200, Greg Kroah-Hartman wrote:
> On Tue, Aug 27, 2019 at 01:41:49PM -0700, Hridya Valsaraju wrote:
> > Currently, all binder state and statistics live in debugfs.
> > We need this information even when debugfs is not mounted.
> > This patch adds the mount option 'stats' to enable a binderfs
> > instance to have binder debug information present in the same.
> > 'stats=global' will enable the global binder statistics. In
> > the future, 'stats=local' will enable binder statistics local
> > to the binderfs instance. The two modes 'global' and 'local'
> > will be mutually exclusive. 'stats=global' option is only available
> > for a binderfs instance mounted in the initial user namespace.
> > An attempt to use the option to mount a binderfs instance in
> > another user namespace will return an EPERM error.
> > 
> > Signed-off-by: Hridya Valsaraju <hridya@google.com>
> > ---
> >  drivers/android/binderfs.c | 47 ++++++++++++++++++++++++++++++++++++--
> >  1 file changed, 45 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
> > index cc2e71576396..d95d179aec58 100644
> > --- a/drivers/android/binderfs.c
> > +++ b/drivers/android/binderfs.c
> > @@ -51,18 +51,27 @@ static DEFINE_IDA(binderfs_minors);
> >  /**
> >   * binderfs_mount_opts - mount options for binderfs
> >   * @max: maximum number of allocatable binderfs binder devices
> > + * @stats_mode: enable binder stats in binderfs.
> >   */
> >  struct binderfs_mount_opts {
> >  	int max;
> > +	int stats_mode;
> >  };
> >  
> >  enum {
> >  	Opt_max,
> > +	Opt_stats_mode,
> >  	Opt_err
> >  };
> >  
> > +enum binderfs_stats_mode {
> > +	STATS_NONE,
> > +	STATS_GLOBAL,
> > +};
> > +
> >  static const match_table_t tokens = {
> >  	{ Opt_max, "max=%d" },
> > +	{ Opt_stats_mode, "stats=%s" },
> >  	{ Opt_err, NULL     }
> >  };
> >  
> > @@ -290,8 +299,9 @@ static void binderfs_evict_inode(struct inode *inode)
> >  static int binderfs_parse_mount_opts(char *data,
> >  				     struct binderfs_mount_opts *opts)
> >  {
> > -	char *p;
> > +	char *p, *stats;
> >  	opts->max = BINDERFS_MAX_MINOR;
> > +	opts->stats_mode = STATS_NONE;
> >  
> >  	while ((p = strsep(&data, ",")) != NULL) {
> >  		substring_t args[MAX_OPT_ARGS];
> > @@ -311,6 +321,24 @@ static int binderfs_parse_mount_opts(char *data,
> >  
> >  			opts->max = max_devices;
> >  			break;
> > +		case Opt_stats_mode:
> > +			stats = match_strdup(&args[0]);
> > +			if (!stats)
> > +				return -ENOMEM;
> > +
> > +			if (strcmp(stats, "global") != 0) {
> > +				kfree(stats);
> > +				return -EINVAL;
> > +			}
> > +
> > +			if (!capable(CAP_SYS_ADMIN)) {
> > +				kfree(stats);
> > +				return -EINVAL;
> 
> Can a non-CAP_SYS_ADMIN task even call this function?  Anyway, if it

It can. A task that has CAP_SYS_ADMIN in the userns the corresponding
binderfs mount has been created in can change the max=<nr> mount option.
Only stats=global currently requires capable(CAP_SYS_ADMIN) aka
CAP_SYS_ADMIN in the initial userns to prevent non-initial userns from
snooping at global statistics.

> can, put the check at the top of the case, and just return early before
> doing any extra work like checking values or allocating memory.
> 
> > +			}
> > +
> > +			opts->stats_mode = STATS_GLOBAL;
> > +			kfree(stats);
> > +			break;
> >  		default:
> >  			pr_err("Invalid mount options\n");
> >  			return -EINVAL;
> > @@ -322,8 +350,21 @@ static int binderfs_parse_mount_opts(char *data,
> >  
> >  static int binderfs_remount(struct super_block *sb, int *flags, char *data)
> >  {
> > +	int prev_stats_mode, ret;
> >  	struct binderfs_info *info = sb->s_fs_info;
> > -	return binderfs_parse_mount_opts(data, &info->mount_opts);
> > +
> > +	prev_stats_mode = info->mount_opts.stats_mode;
> > +	ret = binderfs_parse_mount_opts(data, &info->mount_opts);
> > +	if (ret)
> > +		return ret;
> > +
> > +	if (prev_stats_mode != info->mount_opts.stats_mode) {
> > +		pr_info("Binderfs stats mode cannot be changed during a remount\n");
> 
> pr_err()?
> 
> thanks,
> 
> greg k-h

  reply	other threads:[~2019-08-28 12:40 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-27 20:41 [PATCH 0/4] Add binder state and statistics to binderfs Hridya Valsaraju
2019-08-27 20:41 ` [PATCH 1/4] binder: add a mount option to show global stats Hridya Valsaraju
2019-08-28  9:22   ` Greg Kroah-Hartman
2019-08-28 12:39     ` Christian Brauner [this message]
2019-08-28 17:21       ` Hridya Valsaraju
2019-08-27 20:41 ` [PATCH 2/4] binder: Add stats, state and transactions files Hridya Valsaraju
2019-08-28 12:58   ` Christian Brauner
2019-08-28 20:19     ` Hridya Valsaraju
2019-08-27 20:41 ` [PATCH 3/4] binder: Make transaction_log available in binderfs Hridya Valsaraju
2019-08-28 12:59   ` Christian Brauner
2019-08-28 16:05     ` Todd Kjos
2019-08-27 20:41 ` [PATCH 4/4] binder: Add binder_proc logging to binderfs Hridya Valsaraju
2019-08-28 13:08   ` Christian Brauner
2019-08-28 16:21     ` Todd Kjos
2019-08-28 20:42       ` Hridya Valsaraju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190828123952.zzffvezeq4hykxej@wittgenstein \
    --to=christian.brauner@ubuntu.com \
    --cc=arve@android.com \
    --cc=devel@driverdev.osuosl.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=hridya@google.com \
    --cc=joel@joelfernandes.org \
    --cc=kernel-team@android.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maco@android.com \
    --cc=tkjos@android.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.