lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <y0mmzaianyl.fsf@ton.toronto.redhat.com>
Date:	05 Aug 2006 17:10:10 -0400
From:	fche@...hat.com (Frank Ch. Eigler)
To:	Christoph Hellwig <hch@...radead.org>
Cc:	David Smith <dsmith@...hat.com>, linux-kernel@...r.kernel.org,
	rusty@...tcorp.com.au, prasanna@...ibm.com, ananth@...ibm.com,
	anil.s.keshavamurthy@...el.com, davem@...emloft.net
Subject: Re: [PATCH] module interface improvement for kprobes


Christoph Hellwig <hch@...radead.org> writes:

> [...]
> > Why shouldn't I put a probe into a module other than at a symbol I can
> > find with kallsyms?  For example, I'm interested when a particular
> > module hits an error condition that occurs.  [...]
>
> How do you find that offset?  

The same way one would find an address now: by a mixture of
online/offline processing of symbol tables, debugging data, and/or
disassembly.

> You'll probably mention the S-Word but we really want something that
> works with the latest kernel, not just the vendor trees.

Why are you under the impression that systemtap doesn't work with any
particular "latest kernel"?

> [...] Adding another field to struct kprobe to specify an offset
> into the symbol would be the logical extension of that.

At the top you ask rhetorically about how an offset would be found (as
if it were difficult) ...  and here you assert that it is a logical
extension to put it into the API?  I'm confused - which is it?

> > Your example works for a very small number of symbols, but with a large
> > number it could take a long time to register the kprobes.  [...]
> Registering a kprobe is everything but a fastpath, and you definitly
> should not have a lot of probes anyway.  [...]

It is not difficult to imagine situations where one wants to have
hundreds or thousands of active probes: one is function entry/exit
tracing; another is assertion checking.  (If only there was a system
for conveniently expressing these ... oh never mind.)

The idea behind module_get_byname() was to avoid changes in kprobes
etc., and keeping in mind that the same sort of module-name lookup is
already available to userspace via sysfs.  If folks insist that
instead, kprobes be extended to do this step of the probe address
calculations internally, I guess we could use that too.  It would have
to punt if !CONFIG_KALLSYMS, which is too bad, since systemtap and
kprobes work fine without kallsyms now.

- FChE
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ