lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060914174306.GA18890@elte.hu>
Date:	Thu, 14 Sep 2006 19:43:06 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	"Martin J. Bligh" <mbligh@...igh.org>
Cc:	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>,
	linux-kernel@...r.kernel.org,
	Christoph Hellwig <hch@...radead.org>,
	Andrew Morton <akpm@...l.org>, Ingo Molnar <mingo@...hat.com>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Thomas Gleixner <tglx@...utronix.de>,
	Tom Zanussi <zanussi@...ibm.com>, ltt-dev@...fik.org,
	Michel Dagenais <michel.dagenais@...ymtl.ca>
Subject: Re: [PATCH 0/11] LTTng-core (basic tracing infrastructure) 0.5.108


* Martin J. Bligh <mbligh@...igh.org> wrote:

> >>Comments and reviews are very welcome.
> >
> > i have one very fundamental question: why should we do this 
> > source-intrusive method of adding tracepoints instead of the 
> > dynamic, unintrusive (and thus zero-overhead) KProbes+SystemTap 
> > method?
> 
> Because:
> 
> 1. Kprobes are more overhead when they *are* being used.

minimally so - at least on i386 and x86_64. In that sense tracing is a 
_slowpath_, and it _will_ slow things down if done excessively. I dont 
care about the tracepoint being slower by a few instructions as long as 
it has _zero effect_ on normal code, be that source code or binary code.

> 2. You can get zero overhead by CONFIG'ing things out.

but that's not how a fair chunk of people want to use tracing. People 
(enterprise customers trying to figure out performance problems, 
engineers trying to debug things on a live, production system) want to 
be able to insert a tracepoint anywhere and anytime - and also they want 
to have zero overhead from tracing if no tracepoints are used on a 
system.

> 3. (most importantly) it's a bitch to maintain tracepoints out
>    of-tree on a rapidly moving kernel

wrong: the original demo tracepoints that came with SystemTap still work 
on the current kernel, because the 'coupling' is loose: based on 
function names.

Static tracepoints on the other hand, if added via an external patch, do 
depend on the target function not moving around and the context of the 
tracepoint not being changed. (and static tracepoints if in the source 
all the time are a constant hindrance to development and code 
readability.)

and of course the big advantage of dynamic probing is its flexibility: 
you can add add-hoc tracepoints to thousands of functions, instead of 
having to maintain hundreds (or thousands) of static tracepoints all the 
time. (and if we wont end up with hundreds/thousands of static 
tracepoints then it wont be usable enough as a generic solution.)

> 4. I believe kprobes still doesn't have full access to local 
> variables.

wrong: with SystemTap you can probe local variables too (via 
jprobes/kretprobes, all in the upstream kernel already).

> Now (3) is possibly solvable by putting the points in as no-ops 
> (either insert a few nops or just a marker entry in the symbol 
> table?), but full dynamic just isn't sustainable. [...]

i'm not sure i follow. Could you explain where SystemTap has this 
difficulty?

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ