lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060805113538.GA21135@infradead.org>
Date:	Sat, 5 Aug 2006 12:35:38 +0100
From:	Christoph Hellwig <hch@...radead.org>
To:	David Smith <dsmith@...hat.com>
Cc:	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org, rusty@...tcorp.com.au,
	prasanna@...ibm.com, ananth@...ibm.com,
	anil.s.keshavamurthy@...el.com, davem@...emloft.net
Subject: Re: [PATCH] module interface improvement for kprobes

On Fri, Aug 04, 2006 at 01:30:39PM -0500, David Smith wrote:
> Why shouldn't I put a probe into a module other than at a symbol I can
> find with kallsyms?  For example, I'm interested when a particular
> module hits an error condition that occurs.  I don't want to probe how
> many times the function gets called - just when the error condition
> occurs.

How do you find that offset?  You'll probably mention the S-Word but
we really want something that works with the latest kernel, not just
the vendor trees.

> With the existing interface, if I use kallsysms to find the value of a
> symbol, the module can be unloaded between the time I use kallsyms and
> register the kprobe.  The patch I included fixes that race condition by
> incrementing the module reference count.

Yes, and that's a good thing.  But the interface for doing it is wrong.
You don't really want the users to do all that by itself.  For the typical
case of putting a probe at the usual points you want an interface that
puts in the probe given a name and does the right thing for you.  For example
the interface I proposed in my last mail.  Adding another field to struct
kprobe to specify an offset into the symbol would be the logical extension
of that.

> Your example works for a very small number of symbols, but with a large
> number it could take a long time to register the kprobes.  Plus, that
> would need to be done every time the kprobe was registered.  With my
> patch, the symbol lookup can be done once, then all those symbols can be
> turned into offsets from the base address of the module.

Registering a kprobe is everything but a fastpath, and you definitly should
not have a lot of probes anyway.  It's far more worthwhile to have a sane
interface that the user can't get wrong then a small speedup in something
that's not a fastpath.  I think Rusty even has a paper or talk about why
this is absolutely nessecary :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ