Tracing unsigned modules
Tracing unsigned modules
Posted Mar 6, 2014 14:03 UTC (Thu) by dlang (guest, #313)In reply to: Tracing unsigned modules by nevets
Parent article: Tracing unsigned modules
I agree, I just think the problem is in the tracing refusing to do what the admin asked rather than in the tainting.
The problem as I see it is that OOT means that you really don't know what it is. It may have exactly the same problems as a Forced module, but you don't know because you aren't checking (and as I understand it, _can't_ check to prove that it's correct or not for the generic case)
and this module isn't limited in what it can do, once it's loaded in kernelspace, it can go and muck with anything, anywhere in the kernel, so it can cause problems anywhere.
the kernel devs will do what they do with _any_ tainted kernel report, they will ask why it's tainted and if the problem can be reproduced without the tainting. It doesn't matter if it's tained for OOT, Forced, nvidia, or anything else.
The 'why is this tainted' question will discover what's going on with far better detail than you can ever hope to encode in an enumerated set of flags.
Posted Mar 6, 2014 17:11 UTC (Thu)
by nevets (subscriber, #11875)
[Link] (10 responses)
To put it another way, you are saying to let tracing crash like anything else could crash if a module is forced.
Hmm, you do have a point. We could just make it so that the only taint that fails to load tracepoints is the TAINT_PROPRIETARY_MODULE. And that one fails because of political reasons, not technical ones*.
* Some people may argue that the political reasons cause technical ones.
Posted Mar 6, 2014 19:58 UTC (Thu)
by johill (subscriber, #25196)
[Link]
The original discussion didn't really quite capture it all, I think there really are two aspects to this.
The first is that it's quite odd that a (seemingly valid) kernel configuration can result in every single module that you load being loaded as though it was forced, which is what the kernel does before the patch. I'm not sure why this part should be controversial since it just adds more detailed information ("tainted because of missing signature") up front.
The second aspect is about the tracing policy, which says that tracing is disabled for code that's tainted in certain ways (most ways, really, except a few). Since we start from the premise that unsigned modules aren't all that bad (otherwise we could just refuse loading them alltogether, or disallow the configuration that results in this), then to me at least it is strange to argue that tracing should be disabled for such modules.
The whole out-of-tree modules thing is actually a bit of a strawman, because the same happens for in-tree modules, but it's a case where it's even easier to end up with unsigned modules, and it's certainly not an uncommon thing to do (particularly with backports, which is something that some of us have to routinely support).
Now with the second aspect the other question is why tracing is disabled for certain taints to start with - after all we could argue that if the tracing code crashes for you when you have a tainted kernel then you're on your own. As I understand it Steven did this to not even run into the crashing situations (since tracing accesses the ringbuffer in low-level ways), but I would agree that you could argue for an override for allowing that to be overridden.
I tend to think that those aspects are quite unrelated though, and the bulk of the patch is really about the first aspect ("unsigned != forced") even if the reason for it was related to tracing.
Posted Mar 7, 2014 3:28 UTC (Fri)
by dlang (guest, #313)
[Link] (8 responses)
exactly, by forcing the module, the admin is saying that they know better than the kernel that this really is what they want to do (and sometimes they may even be right :-) so we should continue to feed the admin rope when they demand it, which is a pretty standard option in the kernel.
> Hmm, you do have a point. We could just make it so that the only taint that fails to load tracepoints is the TAINT_PROPRIETARY_MODULE. And that one fails because of political reasons, not technical ones*.
I'm not sure why we even need that?
What is it that we are trying to prevent by blocking tracing?
If we are trying to prevent crashing, we're already past that point.
If we are trying to make life harder for users of proprietary modules, I don't think there is really agreement on this.
Posted Mar 7, 2014 13:46 UTC (Fri)
by nevets (subscriber, #11875)
[Link] (7 responses)
That's just an added bonus but not the rational here.
The tracing code was written under the GPLv2. For it to work in a module, a lot of its code must be compiled in from the headers. The tracing headers are not just structures. The majority of the tracing C code is "magically" created via the tracing headers at the location of their use. If a proprietary module uses this tracing code, their is no question that this module is now a derived work of the tracing code, as the tracing code is now embedded inside the module. This is a clear straight forward infraction of the license that the code was written for.
As one of the major authors of the tracing code, I do not want my work being used by proprietary modules. Period!
Note, those are the modules that Ingo was calling "crap" and "felony law breakers".
Posted Mar 7, 2014 21:01 UTC (Fri)
by vonbrand (subscriber, #4458)
[Link] (6 responses)
Any actual courtroom precedent that #including a header file when compiling makes the binary (let alone the source) a derivative of said header file? Until that shows up, this is completely in the air. And I'd be surprised if it didn't end up as a point to be decided on the number of lines used that way compared to the whole.
Posted Mar 7, 2014 21:20 UTC (Fri)
by nevets (subscriber, #11875)
[Link]
Also, to make tracepoints work in a module, you must also have the following code in a .c file.
#define CREATE_TRACE_POINTS
This then does a lot of macro magic to produce a lot of code. This is not a simple interface as headers normally are. It is real code that is created, and we can see it in the module binary.
Posted Mar 7, 2014 21:31 UTC (Fri)
by nevets (subscriber, #11875)
[Link] (3 responses)
And I'd be surprised if that actually worked. I guess singing Happy Birthday in a full feature length movie, wouldn't cause any copyright issues. I mean, that song is just a very small part of the whole (movie).
Posted Mar 8, 2014 0:51 UTC (Sat)
by mathstuf (subscriber, #69389)
[Link] (2 responses)
[1]http://arstechnica.com/tech-policy/2014/02/happy-birthday...
Posted Mar 8, 2014 1:40 UTC (Sat)
by nevets (subscriber, #11875)
[Link] (1 responses)
Posted Mar 8, 2014 23:47 UTC (Sat)
by nix (subscriber, #2304)
[Link]
Posted Mar 13, 2014 18:19 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
If I publish an anthology of poems, for each work I "borrow" I am infringing 100% of it. The court couldn't care less that it only forms 1% (or less) of my work ...
Here we have some GPL2 code, a clearly defined work, and anything using it is using 100% of it ...
Cheers,
Tracing unsigned modules
Tracing unsigned modules
Tracing unsigned modules
Tracing unsigned modules
Tracing unsigned modules
Tracing unsigned modules
#include <trace/events/foo.h>
Tracing unsigned modules
Tracing unsigned modules
Tracing unsigned modules
Tracing unsigned modules
And I'd be surprised if it didn't end up as a point to be decided on the number of lines used that way compared to the whole.
Wol