lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 20 Mar 2009 10:11:25 +0530
From:	Ananth N Mavinakayanahalli <ananth@...ibm.com>
To:	Masami Hiramatsu <mhiramat@...hat.com>
Cc:	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...e.hu>,
	Steven Rostedt <rostedt@...dmis.org>,
	systemtap-ml <systemtap@...rces.redhat.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC][PATCH -tip 7/9] tracing: kprobe-tracer plugin supports
	arguments

On Thu, Mar 19, 2009 at 11:40:17PM -0400, Masami Hiramatsu wrote:
> Frederic Weisbecker wrote:
> >> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> >> index 33bb355..e801e8c 100644
> >> --- a/kernel/trace/trace_kprobe.c
> >> +++ b/kernel/trace/trace_kprobe.c
> >> @@ -27,15 +27,124 @@
> >>  #include <linux/types.h>
> >>  #include <linux/string.h>
> >>  #include <linux/ctype.h>
> >> +#include <linux/ptrace.h>
> >>
> >>  #include <linux/ftrace.h>
> >>  #include "trace.h"
> >>
> >> +/* TODO: Move these functions to arch/XXX/include/asm/ptrace.h */
> >> +#define STACK_MASK (THREAD_SIZE - 1)
> >> +#define valid_stack_addr(regs, addr) \
> >> +	(((addr) & ~STACK_MASK) == (kernel_trap_sp(regs) & ~STACK_MASK))
> >> +
> >> +#if defined(__i386__)
> >> +#define MAX_REG_NUM 15
> >> +#elif defined(__x86_64__)
> >> +#define MAX_REG_NUM 21
> >> +#else
> >> +#define MAX_REG_NUM (sizeof(struct pt_regs)/sizeof(unsigned long))
> >> +#endif
> >> +
> >> +static unsigned long fetch_register(struct pt_regs *regs, void *num)
> >> +{
> >> +	if (unlikely((unsigned)num > MAX_REG_NUM))
> >> +		return 0;
> >> +	return *((unsigned long *)regs + (unsigned)num);
> >> +}
> >> +
> >> +static unsigned long fetch_stack(struct pt_regs *regs, void *num)
> >> +{
> >> +	unsigned long *addr = (unsigned long *)kernel_trap_sp(regs);
> >> +	addr += (unsigned)num;
> >> +	if (valid_stack_addr(regs, (unsigned long)addr))
> >> +		return *addr;
> >> +	else
> >> +		return 0;
> >> +}
> >> +
> >> +static unsigned long fetch_memory(struct pt_regs *regs, void *addr)
> >> +{
> >> +	unsigned long retval;
> >> +	probe_kernel_address(addr, retval);
> >> +	return retval;
> >> +}
> > 
> > 
> > It will return a random value.
> 
> ah, thanks. I'll check the retval of probe_kernel_address().
> 
> >> +
> >> +#if defined(__i386__)
> >> +#define REGPARMS 3
> >> +static unsigned long fetch_argument(struct pt_regs *regs, void *data)
> >> +{
> >> +	unsigned long n = (unsigned long)data;
> >> +	if (n > REGPARMS) {
> >> +		/*
> >> +		 * The typical case: arg n is on the stack.
> >> +		 * stack[0] = return address
> >> +		 */
> >> +		return fetch_stack(regs, (void *)(n - REGPARMS));
> >> +	} else {
> >> +		switch (n) {
> >> +		case 1: return regs->ax;
> >> +		case 2: return regs->dx;
> >> +		case 3: return regs->cx;
> >> +		}
> >> +		return 0;
> >> +	}
> >> +}
> >> +#elif define(__x86_64__)
> >> +#define REGPARMS 6
> > 
> > 
> > These helpers could be defined in the appropriate arch directory.
> > They may even be reused by further debugging engines.
> 
> Agreed. Since we don't have any those infrastructure (arch/*/lib/debug.c ?)
> yet, I just put it in trace_kprobe.c.

A better option could be to generalize syscall_get_arguments() to work
for functions other than just syscalls where pt_regs are available.

Ananth
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists