lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 3 Feb 2018 10:27:59 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Masami Hiramatsu <mhiramat@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Tom Zanussi <tom.zanussi@...ux.intel.com>,
        linux-rt-users@...r.kernel.org, linux-trace-users@...r.kernel.org,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Clark Williams <williams@...hat.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Daniel Bristot de Oliveira <bristot@...hat.com>,
        Juri Lelli <juri.lelli@...hat.com>,
        Jonathan Corbet <corbet@....net>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>
Subject: Re: [PATCH 00/18] [ANNOUNCE] Dynamically created function based
 events

On Sat, 3 Feb 2018 22:38:17 +0900
Masami Hiramatsu <mhiramat@...nel.org> wrote:

> This seems very similar feature of what kprobe-based event does.

It is similar, but not the same as kprobes. It only focuses on
functions and their arguments, and should not require any disassembling
(no knowledge of regs required). Any need to see anything within the
function will still require kprobe based help.

> 
> Earlier version of kprobe-based event supported Nth argument, but I decided
> to drop it because we can not ensure the "function signature" from kernel
> binary. It has been passed to "perf probe", so that we can define line-level
> granularity. 

Sure, and if we get a wrong function, which can happen, the code is set
up not to break anything. You only get garbage output.

> 
> Of course if it is easy to support "argN" again as it does if the arch's
> calling convention is clearly stated. (and now kprobe is based on ftrace
> if it is on the entry of functions)
> 
> So my question is, what is the difference of those from the user perspective?
> Only event syntax is a problem?
> I'm very confusing...

Again, this is not a kprobe replacement. It is somewhat of a syntax
issue. I want this to be very simple and not need a disassembler. For
indexing of structures one may use gdb, but that's about it. You could
get the same info from counting what's in a structure itself.

I based some of the code from kprobes too. But I wanted this to be
simpler, and as such, not as powerful as kprobes. More of a "poor mans"
kprobe ;-) Where you are limited to functions and their arguments. If
you need more power, switch to kprobes. In other words, its just an
added stepping stone.

Also, this should work without kprobe support, only ftrace, and function
args from the arch.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ