| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Sep 2008 12:41:43 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Martin Bligh <mbligh@...gle.com>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu>,
Thomas Gleixner <tglx@...utronix.de>,
Andrew Morton <akpm@...ux-foundation.org>,
prasad@...ux.vnet.ibm.com,
Mathieu Desnoyers <compudj@...stal.dyndns.org>,
"Frank Ch. Eigler" <fche@...hat.com>,
David Wilder <dwilder@...ibm.com>, hch@....de,
Tom Zanussi <zanussi@...cast.net>,
Steven Rostedt <srostedt@...hat.com>
Subject: Re: [RFC PATCH 1/3] Unified trace buffer
On Wed, 2008-09-24 at 14:03 -0700, Martin Bligh wrote:
> > OK, then how about this?
> >
> > Each page will start with a time stamp (I'm still aligning everything by 8
> > bytes, just because it simplifies things). Then we can have a 3 byte
> > (24 bit) counter offset? Then we can have a header that looks like:
> >
> > struct {
> > unsigned char time[3];
> > unsigned char length;
> > unsigned char buff[];
> > };
> >
> > This still allows me to have the 2048 byte size buffer.
> >
> > Or is 24 bits for time too small? The offest will be from the previous
> > entry, and not the beginning of the page.
> >
> > If one defines a fixed size entry, we could just use the full 32 bits for
> > the timestamp, since the length will be ignored in that case, and will
> > become part of the buffer.
> >
> > Hence,
> >
> > struct {
> > unsigned int time;
> > unsigned char length;
> > unsigend char buff[];
> > };
>
> How about we just steal 5 bits from the timestamp to indicate event
> lengths up to 32 bytes, and if it's 0, that means there's a length
> field following? Also that'd mean you could use a longer length field
> and get beyond 256 bytes to 4096, without impacting most events.
>
> struct {
> u32 length:5, time_delta:27;
> u16 length;
> u8 buf[];
> };
>
> struct {
> u32 length:5, time_delta:27; /* where length == 0 */
> u8 buf[];
> };
>
> Obviously we could less than 5 bits, even just 1 for a flag ...
I rather like this idea, as it gives small entries (the common case) the
least overhead but does allow for larger ones.
By also putting the time in there you can do the merge sort iterator,
Linus was right that everybody wants this anyway.
As for delta encoding the time, we could make the tick log the absolute
time packet, that's at least 100Hz and it already has to compute the
full gtod thing anyway.
I don't much like Linus' idea of bringing type information back into the
primitive header (sorry Linus ;-)). I'd much rather keep that
abstraction in the next layer.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists