Details
-
Bug
-
Resolution: Fixed
-
Major
-
Lustre 2.10.1
-
None
-
3
-
9223372036854775807
Description
We change the permissions of /sys/kernel/debug to 755. But it kept revering to 700.
Using systemtap script
#!/usr/bin/env stap probe kernel.function("debug_mount") { printf("mounting ") printf("pid %i %s %s %s \n", pid(),execname(), cmdline_str(), caller()) print_backtrace() } probe kernel.function("debugfs_remount") { printf("remounting ") printf("pid %i %s %s %s \n", pid(),execname(), cmdline_str(), caller()) print_backtrace() }
I tracked this down to l_getidentity. Specificly cfs_get_param_paths keeps remounting /sys/kernel/debug.
# mount -o remount,mode=755 /sys/kernel/debug debugfs on /sys/kernel/debug type debugfs (rw,relatime,mode=755)
Here is the output from the systemtap
nbp1-mds ~ # stap -v debug_mount.stp Pass 1: parsed user script and 468 library scripts using 122940virt/39548res/3192shr/36448data kb, in 340usr/20sys/351real ms. Pass 2: analyzed script: 2 probes, 22 functions, 5 embeds, 0 globals using 161632virt/79356res/4388shr/75140data kb, in 580usr/80sys/665real ms. Pass 3: translated to C into "/tmp/stapYTzkIl/stap_6d34b35e04d11e38ae0c8b364ac253de_10487_src.c" using 162160virt/80148res/4692shr/75668data kb, in 340usr/10sys/353real ms. Pass 4: compiled C into "stap_6d34b35e04d11e38ae0c8b364ac253de_10487.ko" in 5660usr/860sys/5857real ms. Pass 5: starting run. mounting pid 9739 l_getidentity "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" mount_fs 0xffffffff811fec69 0xffffffff81289120 : debug_mount+0x0/0x20 [kernel] 0xffffffff811fec69 : mount_fs+0x39/0x1b0 [kernel] 0xffffffff8121b5c7 : vfs_kern_mount+0x67/0x110 [kernel] 0xffffffff8121dad3 : do_mount+0x233/0xaf0 [kernel] 0xffffffff8121e716 : SyS_mount+0x96/0xf0 [kernel] 0xffffffff81695b89 : system_call_fastpath+0x16/0x1b [kernel] remounting pid 9739 l_getidentity "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" do_remount_sb 0xffffffff811fe7c2 0xffffffff81289330 : debugfs_remount+0x0/0x50 [kernel] 0xffffffff811fe7c2 : do_remount_sb+0x72/0x200 [kernel] 0xffffffff811feb07 : mount_single+0x57/0xc0 [kernel] 0xffffffff81289138 : debug_mount+0x18/0x20 [kernel] 0xffffffff811fec69 : mount_fs+0x39/0x1b0 [kernel] 0xffffffff8121b5c7 : vfs_kern_mount+0x67/0x110 [kernel] 0xffffffff8121dad3 : do_mount+0x233/0xaf0 [kernel] 0xffffffff8121e716 : SyS_mount+0x96/0xf0 [kernel] 0xffffffff81695b89 : system_call_fastpath+0x16/0x1b [kernel] mounting pid 9779 l_getidentity "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" mount_fs 0xffffffff811fec69 0xffffffff81289120 : debug_mount+0x0/0x20 [kernel] 0xffffffff811fec69 : mount_fs+0x39/0x1b0 [kernel] 0xffffffff8121b5c7 : vfs_kern_mount+0x67/0x110 [kernel] 0xffffffff8121dad3 : do_mount+0x233/0xaf0 [kernel] 0xffffffff8121e716 : SyS_mount+0x96/0xf0 [kernel] 0xffffffff81695b89 : system_call_fastpath+0x16/0x1b [kernel] remounting pid 9779 l_getidentity "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" do_remount_sb 0xffffffff811fe7c2 0xffffffff81289330 : debugfs_remount+0x0/0x50 [kernel] 0xffffffff811fe7c2 : do_remount_sb+0x72/0x200 [kernel] 0xffffffff811feb07 : mount_single+0x57/0xc0 [kernel] 0xffffffff81289138 : debug_mount+0x18/0x20 [kernel] 0xffffffff811fec69 : mount_fs+0x39/0x1b0 [kernel] 0xffffffff8121b5c7 : vfs_kern_mount+0x67/0x110 [kernel] 0xffffffff8121dad3 : do_mount+0x233/0xaf0 [kernel] 0xffffffff8121e716 : SyS_mount+0x96/0xf0 [kernel] 0xffffffff81695b89 : system_call_fastpath+0x16/0x1b [kernel]
Attachments
Activity
Minh Diep (minh.diep@intel.com) uploaded a new patch: https://review.whamcloud.com/30900
Subject: LU-10444 utils: Don't remount debugfs every time
Project: fs/lustre-release
Branch: b2_10
Current Patch Set: 1
Commit: 4a567792a13668d1872481c36f365912253f751e
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/30675/
Subject: LU-10444 utils: Don't remount debugfs every time
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 767f03b161ae44bd9d33dae7e03e71e73852813f
I don't think it is ok to allow read access only to specific files. That means the monitoring tools need to run as root, which some sites would prefer to avoid. Also, some lfs commands may need to be able to read the /proc files as well. I don't think there is a security issue for reading most of the files, but we used to have individual permissions for each file and that would need to be reviewed.
Can post which lustre proc files you monitor. I'm working on a patch to restore lctl device_list as non-root.
Correct the only reason we needed to change permissions was the device file, because our tools broke when it was moved. For now I wrote a work around to scan the /proc/fs/lustre and build the device list.
I think the patch here does the job by persevering existing mount options.
Typically our monitoring tools run as non-root so having read access to /proc/ is critical
-Mahmoud
John L. Hammond (john.hammond@intel.com) merged in patch https://review.whamcloud.com/30900/
Subject:
LU-10444utils: Don't remount debugfs every timeProject: fs/lustre-release
Branch: b2_10
Current Patch Set:
Commit: 82bf22a4200ba657465302daf6a77b9ebd6b7853