On Thu, Sep 30, 2021 at 11:05:35AM -0700, Stephen Brennan wrote: > On 9/23/21 4:31 PM, Kees Cook wrote: > > The /proc/$pid/wchan file has been broken by default on x86_64 for 4 > > years now[1]. As this remains a potential leak of either kernel > > addresses (when symbolization fails) or limited observation of kernel > > function progress, just remove the contents for good. > > > > Unconditionally set the contents to "0" and also mark the wchan > > field in /proc/$pid/stat with 0. > > Hi all, > > It looks like there's already been pushback on this idea, but I wanted > to add another voice from a frequent user of /proc/$pid/wchan (via PS). > Much of my job involves diagnosing kernel issues and performance issues > on stable kernels, frequently on production systems where I can't do > anything too invasive. wchan is incredibly useful for these situations, > so much so that we store regular snapshots of ps output, and we expand > the size of the WCHAN column to fit more data (e.g. ps -e -o > pid,wchan=WCHAN-WIDE-COLUMN). Disabling wchan would remove a critical > tool for me and my team. Thanks for speaking up! Yes, we've moved to fixing wchan correctly as it's clear it's still very much in use. :) Current thread is here: https://lore.kernel.org/lkml/20210929220218.691419-1-keescook@xxxxxxxxxxxx/ -- Kees Cook
