lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 07 Feb 2007 10:55:23 +0530
From:	Srinivasa Ds <srinivasa@...ibm.com>
To:	Frederik Deweerdt <deweerdt@...e.fr>
CC:	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org, akpm@...l.org, torvalds@...l.org,
	jkenisto@...ibm.com, anil.s.keshavamurthy@...el.com,
	prasanna@...ibm.com, ananth@...ibm.com
Subject: Re: [RFC] [PATCH] To list all active probes in the system

Frederik Deweerdt wrote:
> Hi,
> 
> Comments below,
> 
> On Tue, Feb 06, 2007 at 08:17:06PM +0530, Srinivasa Ds wrote:
>> Srinivasa Ds wrote:
>>> Christoph Hellwig wrote:
>>>> On Tue, Feb 06, 2007 at 03:25:35PM +0530, Srinivasa Ds wrote:
>>>>> Hi folks
>>>>>
>>>>>         I have developed a patch, that lists all active probes in the
>>>>> system. I have done this through /proc interface. Currently list is
>>>>> available under /proc/kprobes/list. Any suggestions for better place and
>>>>> name??
>>>> /debug/kprobes/list? :)
>>>>
>>> Good Idea, I will update my patch to use debugfs.
>> Patch that uses debugfs.
>>
>> Signed-off-by: Srinivasa DS <srinivasa@...ibm.com>
>>
>>
>>
>>
>>
> 
>>  fs/debugfs/inode.c      |    4 ++
>>  include/linux/kprobes.h |    4 ++
>>  kernel/kprobes.c        |   92 ++++++++++++++++++++++++++++++++++++++++++++++++
>>  3 files changed, 100 insertions(+)
>>
>> Index: linux-2.6.20/fs/debugfs/inode.c
>> ===================================================================
>> --- linux-2.6.20.orig/fs/debugfs/inode.c
>> +++ linux-2.6.20/fs/debugfs/inode.c
>> @@ -25,6 +25,7 @@
>>  #include <linux/namei.h>
>>  #include <linux/debugfs.h>
>>  #include <linux/fsnotify.h>
>> +#include <linux/kprobes.h>
>>  
>>  #define DEBUGFS_MAGIC	0x64626720
>>  
>> @@ -320,6 +321,9 @@ static int __init debugfs_init(void)
>>  	retval = register_filesystem(&debug_fs_type);
>>  	if (retval)
>>  		subsystem_unregister(&debug_subsys);
>> +#ifdef CONFIG_KPROBES
>> +	debugfs_kprobe_init();
>> +#endif
> The ifdef here could be skipped if ....
>>  	return retval;
>>  }
>>  
> [... snip ...]
>> Index: linux-2.6.20/include/linux/kprobes.h
>> ===================================================================
>> --- linux-2.6.20.orig/include/linux/kprobes.h
>> +++ linux-2.6.20/include/linux/kprobes.h
>> @@ -203,6 +203,7 @@ struct kretprobe_instance *get_free_rp_i
>>  void add_rp_inst(struct kretprobe_instance *ri);
>>  void kprobe_flush_task(struct task_struct *tk);
>>  void recycle_rp_inst(struct kretprobe_instance *ri, struct hlist_head *head);
>> +void debugfs_kprobe_init(void);
>>  #else /* CONFIG_KPROBES */
>>  
>>  #define __kprobes	/**/
>> @@ -240,5 +241,8 @@ static inline void unregister_kretprobe(
>>  static inline void kprobe_flush_task(struct task_struct *tk)
>>  {
>>  }
>> +static inline void proc_kprobe_init(void)
>> +{
>> +}
> ... this was renamed to debugfs_kprobe_init() instead -which was your
> first intention I suppose ;)-
> 
> Regards,
> Frederik

Oh, Iam sorry, It should be renamed to debugfs_kprobe_init().

So finally

 My patch lists all active probes in the system by scanning through
kprobe_table[]. It takes care of aggregate handlers and prints the type
of the probe.
Letter "k" for kprobes, "j" for jprobes, "r" for kretprobes. It also
lists address of the instruction,its symbolic name(function name +
offset) and the module name. One can access this file through
/sys/kernel/debug/kprobes/list.

Output looks like this
=====================
llm40:~/a # cat /sys/kernel/debug/kprobes/list
c0169ae3  r  sys_read+0x0
c0169ae3  k  sys_read+0x0
c01694c8  k  vfs_write+0x0
c0167d20  r  sys_open+0x0
f8e658a6  k  reiserfs_delete_inode+0x0  reiserfs
c0120f4a  k  do_fork+0x0
c0120f4a  j  do_fork+0x0
c0169b4a  r  sys_write+0x0
c0169b4a  k  sys_write+0x0
c0169622  r  vfs_read+0x0
=================================


Signed-off-by: Srinivasa DS <srinivasa@...ibm.com>



View attachment "final-2.fix" of type "text/plain" (4397 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ