| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Jan 2010 16:37:07 +0200 From: Avi Kivity <avi@...hat.com> To: Jim Keniston <jkenisto@...ibm.com> CC: Peter Zijlstra <peterz@...radead.org>, Srikar Dronamraju <srikar@...ux.vnet.ibm.com>, Ingo Molnar <mingo@...e.hu>, Arnaldo Carvalho de Melo <acme@...radead.org>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, utrace-devel <utrace-devel@...hat.com>, Frederic Weisbecker <fweisbec@...il.com>, Masami Hiramatsu <mhiramat@...hat.com>, Maneesh Soni <maneesh@...ibm.com>, Mark Wielaard <mjw@...hat.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [RFC] [PATCH 1/7] User Space Breakpoint Assistance Layer (UBP) On 01/16/2010 02:58 AM, Jim Keniston wrote: > > I hear (er, read) you. Emulation may turn out to be the answer for some > architectures. But here are some things to keep in mind about the > various approaches: > > 1. Single-stepping inline is easiest: you need to know very little about > the instruction set you're probing. But it's inadequate for > multithreaded apps. > 2. Single-stepping out of line solves the multithreading issue (as do #3 > and #4), but requires more knowledge of the instruction set. (In > particular, calls, jumps, and returns need special care; as do > rip-relative instructions in x86_64.) I count 9 architectures that > support kprobes. I think most of these do SSOL. > 3. "Boosted" probes (where an appended jump instruction removes the need > for the single-step trap on many instructions) require even more > knowledge of the instruction set, and like SSOL, require XOL slots. > Right now, as far as I know, x86 is the only architecture with boosted > kprobes. > 4. Emulation removes the need for the XOL area, but requires pretty much > total knowledge of the instruction set. It's also a performance win for > architectures that can't do #3. I see kvm implemented on 4 > architectures (ia64, powerpc, s390, x86). Coincidentally, those are the > architectures to which uprobes (old uprobes, with ubp and xol bundled > in) has already been ported (though Intel hasn't been maintaining their > ia64 port). So it sort of comes down to how objectionable the XOL vma > (or page) really is. > The kvm emulator emulates only a subset of the x86 instruction set (basically mmio instructions and commonly-used page-table manipulation instructions, as well as some privileged instructions). It would take a lot of work to expand it to be completely generic; and even then it will fail if userspace uses an instruction set extension the kernel is not aware of. To me, boosted probes with a fallback to single-stepping seems to be the better option by far. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists