lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 27 Jan 2009 12:08:04 -0800
From:	"Kok, Auke" <auke-jan.h.kok@...el.com>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
CC:	powertop ml <power@...host.org>,
	Arjan van de Ven <arjan@...ux.intel.com>,
	Ingo Molnar <mingo@...e.hu>, srostedt@...hat.com
Subject: [PATCH] tracer for sys_open() - sreadahead


This tracer monitors regular file open() syscalls. This is a fast
and low-overhead alternative to strace, and does not allow or
require to be attached to every process.

The tracer only logs succesfull calls, as those are the only ones we
are currently interested in, and we can determine the absolute path
of these files as we log.

Signed-off-by: Auke Kok <auke-jan.h.kok@...el.com>


diff --git a/fs/open.c b/fs/open.c
index a3a78ce..8cf2a6b 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -30,6 +30,10 @@
 #include <linux/audit.h>
 #include <linux/falloc.h>

+#include <trace/fs.h>
+
+DEFINE_TRACE(do_sys_open);
+
 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
 {
        int retval = -ENODEV;
@@ -1040,6 +1044,7 @@ long do_sys_open(int dfd, const char __user *filename, int
flags, int mode)
                                fsnotify_open(f->f_path.dentry);
                                fd_install(fd, f);
                        }
+                       trace_do_sys_open(f, flags, mode, fd);
                }
                putname(tmp);
        }
diff --git a/include/trace/fs.h b/include/trace/fs.h
new file mode 100644
index 0000000..870eec2
--- /dev/null
+++ b/include/trace/fs.h
@@ -0,0 +1,11 @@
+#ifndef _TRACE_FS_H
+#define _TRACE_FS_H
+
+#include <linux/fs.h>
+#include <linux/tracepoint.h>
+
+DECLARE_TRACE(do_sys_open,
+       TPPROTO(struct file *filp, int flags, int mode, long fd),
+               TPARGS(filp, flags, mode, fd));
+
+#endif
diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig
index e2a4ff6..0400815 100644
--- a/kernel/trace/Kconfig
+++ b/kernel/trace/Kconfig
@@ -149,6 +149,15 @@ config CONTEXT_SWITCH_TRACER
          This tracer gets called from the context switch and records
          all switching of tasks.

+config OPEN_CLOSE_TRACER
+       bool "Trace open() calls"
+       depends on DEBUG_KERNEL
+       select TRACING
+       select MARKERS
+       help
+         This tracer records open() syscalls. These calls are made when
+         files are accessed on disk.
+
 config BOOT_TRACER
        bool "Trace boot initcalls"
        depends on DEBUG_KERNEL
diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile
index 349d5a9..25cec6c 100644
--- a/kernel/trace/Makefile
+++ b/kernel/trace/Makefile
@@ -20,6 +20,7 @@ obj-$(CONFIG_RING_BUFFER) += ring_buffer.o

 obj-$(CONFIG_TRACING) += trace.o
 obj-$(CONFIG_CONTEXT_SWITCH_TRACER) += trace_sched_switch.o
+obj-$(CONFIG_OPEN_CLOSE_TRACER) += trace_open_close.o
 obj-$(CONFIG_SYSPROF_TRACER) += trace_sysprof.o
 obj-$(CONFIG_FUNCTION_TRACER) += trace_functions.o
 obj-$(CONFIG_IRQSOFF_TRACER) += trace_irqsoff.o
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 4d3d381..24c17d2 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -30,6 +30,7 @@ enum trace_type {
        TRACE_USER_STACK,
        TRACE_HW_BRANCHES,
        TRACE_POWER,
+       TRACE_OPEN,

        __TRACE_LAST_TYPE
 };
diff --git a/kernel/trace/trace_open_close.c b/kernel/trace/trace_open_close.c
new file mode 100644
index 0000000..4250efc
--- /dev/null
+++ b/kernel/trace/trace_open_close.c
@@ -0,0 +1,148 @@
+/*
+ * trace open calls
+ * Copyright (C) 2009 Intel Corporation
+ *
+ * Based extensively on trace_sched_switch.c
+ * Copyright (C) 2007 Steven Rostedt <srostedt@...hat.com>
+ *
+ */
+
+#include <linux/module.h>
+#include <linux/fs.h>
+#include <linux/debugfs.h>
+#include <linux/kallsyms.h>
+#include <linux/uaccess.h>
+#include <linux/ftrace.h>
+#include <trace/fs.h>
+
+#include "trace.h"
+
+
+static struct trace_array      *ctx_trace;
+static int __read_mostly       open_trace_enabled;
+static atomic_t                        open_ref;
+
+static void probe_do_sys_open(struct file *filp, int flags, int mode, long fd)
+{
+       char *buf;
+       char *fname;
+
+       if (!atomic_read(&open_ref))
+               return;
+
+       if (!open_trace_enabled)
+               return;
+
+       buf = kzalloc(PAGE_SIZE, GFP_KERNEL);
+       if (!buf)
+               return;
+       fname = d_path(&filp->f_path, buf, PAGE_SIZE);
+
+       if (IS_ERR(fname))
+               goto out;
+
+       ftrace_printk("%s: open(\"%s\", %d, %d) = %ld\n",
+               current->comm, fname, flags, mode, fd);
+out:
+       kfree(buf);
+}
+
+static void open_trace_reset(struct trace_array *tr)
+{
+       tr->time_start = ftrace_now(tr->cpu);
+       tracing_reset_online_cpus(tr);
+}
+
+static int open_trace_register(void)
+{
+       int ret;
+
+       ret = register_trace_do_sys_open(probe_do_sys_open);
+       if (ret) {
+               pr_info("open trace: Could not activate tracepoint"
+                       " probe to do_open\n");
+       }
+
+       return ret;
+}
+
+static void open_trace_unregister(void)
+{
+       unregister_trace_do_sys_open(probe_do_sys_open);
+}
+
+static void open_trace_start(void)
+{
+       long ref;
+
+       ref = atomic_inc_return(&open_ref);
+       if (ref == 1)
+               open_trace_register();
+}
+
+static void open_trace_stop(void)
+{
+       long ref;
+
+       ref = atomic_dec_and_test(&open_ref);
+       if (ref)
+               open_trace_unregister();
+}
+
+void open_trace_start_cmdline_record(void)
+{
+       open_trace_start();
+}
+
+void open_trace_stop_cmdline_record(void)
+{
+       open_trace_stop();
+}
+
+static void open_start_trace(struct trace_array *tr)
+{
+       open_trace_reset(tr);
+       open_trace_start_cmdline_record();
+       open_trace_enabled = 1;
+}
+
+static void open_stop_trace(struct trace_array *tr)
+{
+       open_trace_enabled = 0;
+       open_trace_stop_cmdline_record();
+}
+
+static int open_trace_init(struct trace_array *tr)
+{
+       ctx_trace = tr;
+
+       open_start_trace(tr);
+       return 0;
+}
+
+static void reset_open_trace(struct trace_array *tr)
+{
+       open_stop_trace(tr);
+}
+
+static struct tracer open_trace __read_mostly =
+{
+       .name           = "open",
+       .init           = open_trace_init,
+       .reset          = reset_open_trace,
+};
+
+__init static int init_open_trace(void)
+{
+       int ret = 0;
+
+       if (atomic_read(&open_ref))
+               ret = open_trace_register();
+       if (ret) {
+               pr_info("error registering open trace\n");
+               return ret;
+       }
+       return register_tracer(&open_trace);
+}
+device_initcall(init_open_trace);
+
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ