trace_printk issue. Was: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF

[PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <ast@kernel.org> · 2019-08-27
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-27
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-08-27
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-27
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@amacapital.net> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Masami Hiramatsu <mhiramat@kernel.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@amacapital.net> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@amacapital.net> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@amacapital.net> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-09-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Kees Cook <hidden> · 2019-09-30
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-10-01
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-10-01
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-10-01
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-10-01
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-10-02
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-10-02
trace_printk issue. Was: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-10-03
Re: trace_printk issue. Was: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-10-03
Re: trace_printk issue. Was: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-10-04
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Masami Hiramatsu <mhiramat@kernel.org> · 2019-10-03
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-10-03
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Peter Zijlstra <peterz@infradead.org> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-28
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Andy Lutomirski <luto@kernel.org> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Alexei Starovoitov <hidden> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · Steven Rostedt <rostedt@goodmis.org> · 2019-08-29
Re: [PATCH bpf-next] bpf, capabilities: introduce CAP_BPF · kbuild test robot <hidden> · 2019-08-28

From: Alexei Starovoitov <hidden>
Date: 2019-10-03 17:20:18
Also in: bpf, linux-api, linux-security-module

On Wed, Oct 02, 2019 at 07:00:27PM -0400, Steven Rostedt wrote:

quoted

Both 'trace' and 'trace_pipe' have quirky side effects.
Like opening 'trace' file will make all parallel trace_printk() to be ignored.
While reading 'trace_pipe' file will clear it.
The point that traditional 'read' and 'write' ACLs don't map as-is
to tracefs, so I would be careful categorizing things into
confidentiality vs integrity only based on access type.

What exactly is the bpf_trace_printk() used for? I may have other ideas
that can help.

It's debugging of bpf programs. Same is what printk() is used for
by kernel developers.

How is it extracted? Just read from the trace or trace_pipe file?

yep. Just like kernel devs look at dmesg when they sprinkle printk.
btw, if you can fix 'trace' file issue that stops all trace_printk
while 'trace' file is open that would be great.
Some users have been bitten by this behavior. We even documented it.

The behavior is documented as well in the ftrace documentation. That's
why we suggest the trace_pipe redirected into a file so that you don't
lose data (unless the writer goes too fast). If you prefer a producer
consumer where you lose newer events (like perf does), you can turn off
overwrite mode, and it will drop events when the buffer is full (see
options/overwrite).

I think dropping last events is just as bad. Is there a mode to overwrite old
and keep the last N (like perf does) ?
That aside having 'trace' file open should NOT drop trace_printks.
My point that bpf_trace_printk is just as important to bpf developers as
printk to kernel developers.
Imagine kernel developer losing their printk-s only because they typed
"dmesg" in another terminal?
It's completely unexpected and breaks developer trust in debugging mechanism.
Peter Wu brought this issue to my attention in
commit 55c33dfbeb83 ("bpf: clarify when bpf_trace_printk discards lines").
And later sent similar doc fix to ftrace.rst.
To be honest if I knew of this trace_printk quirk I would not have picked it
as a debugging mechanism for bpf.
I urge you to fix it.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help