Re: [RFC PATCH] cmdline: Hide "debug" from /proc/cmdline

From: Linus Torvalds
Date: Wed Apr 02 2014 - 19:53:25 EST

On Wed, Apr 2, 2014 at 4:47 PM, Jiri Kosina <jkosina@xxxxxxx> wrote:
> Which doesn't really protect you from tasks that do open()/write()/close()
> cycle for /dev/kmsg write every 2ms though.

I don't think we should try to protect against wilful bad behavior
unless that is shown to be necessary. Yeah, if it turns out that
systemd really does that just to mess with us, we'd need to extend it,
but in the absence of proof to the contrary, maybe this simple
attached patch works?

TOTALLY UNTESTED. But it really isn't complex.

The complexity is likely to be about setting the actual default
values. So consider this a RFC and a "does this fix the problem that
Borislav reported?" test-patch.


kernel/printk/printk.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 4dae9cbe9259..7e4a0412d9ff 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -410,6 +410,7 @@ struct devkmsg_user {
u64 seq;
u32 idx;
enum log_flags prev;
+ struct ratelimit_state rs;
struct mutex lock;
char buf[8192];
@@ -483,6 +484,8 @@ static ssize_t devkmsg_read(struct file *file, char __user *buf,

if (!user)
return -EBADF;
+ if (!___ratelimit(&user->rs, current->comm))
+ return 0;

ret = mutex_lock_interruptible(&user->lock);
if (ret)
@@ -671,6 +674,9 @@ static int devkmsg_open(struct inode *inode, struct file *file)
if (!user)
return -ENOMEM;

+ /* Configurable? */