| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 Aug 2006 12:35:38 +0100 From: Christoph Hellwig <hch@...radead.org> To: David Smith <dsmith@...hat.com> Cc: Christoph Hellwig <hch@...radead.org>, linux-kernel@...r.kernel.org, rusty@...tcorp.com.au, prasanna@...ibm.com, ananth@...ibm.com, anil.s.keshavamurthy@...el.com, davem@...emloft.net Subject: Re: [PATCH] module interface improvement for kprobes On Fri, Aug 04, 2006 at 01:30:39PM -0500, David Smith wrote: > Why shouldn't I put a probe into a module other than at a symbol I can > find with kallsyms? For example, I'm interested when a particular > module hits an error condition that occurs. I don't want to probe how > many times the function gets called - just when the error condition > occurs. How do you find that offset? You'll probably mention the S-Word but we really want something that works with the latest kernel, not just the vendor trees. > With the existing interface, if I use kallsysms to find the value of a > symbol, the module can be unloaded between the time I use kallsyms and > register the kprobe. The patch I included fixes that race condition by > incrementing the module reference count. Yes, and that's a good thing. But the interface for doing it is wrong. You don't really want the users to do all that by itself. For the typical case of putting a probe at the usual points you want an interface that puts in the probe given a name and does the right thing for you. For example the interface I proposed in my last mail. Adding another field to struct kprobe to specify an offset into the symbol would be the logical extension of that. > Your example works for a very small number of symbols, but with a large > number it could take a long time to register the kprobes. Plus, that > would need to be done every time the kprobe was registered. With my > patch, the symbol lookup can be done once, then all those symbols can be > turned into offsets from the base address of the module. Registering a kprobe is everything but a fastpath, and you definitly should not have a lot of probes anyway. It's far more worthwhile to have a sane interface that the user can't get wrong then a small speedup in something that's not a fastpath. I think Rusty even has a paper or talk about why this is absolutely nessecary :) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists