lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080923012039.GA24937@Krystal>
Date:	Mon, 22 Sep 2008 21:20:39 -0400
From:	Mathieu Desnoyers <compudj@...stal.dyndns.org>
To:	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
Cc:	Paul Mundt <lethal@...ux-sh.org>, linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Frank Ch. Eigler" <fche@...hat.com>,
	Roland McGrath <roland@...hat.com>
Subject: Re: [PATCH] [RFC] tracehook: Hook in syscall tracing markers.

* KOSAKI Motohiro (kosaki.motohiro@...fujitsu.com) wrote:
> Hi Paul,
> 
> > At kernel summit, the idea that syscall tracing was generally desirable
> > for tracing was mentioned several times, as was the argument that kernel
> > developers aren't placing markers in meaningful locations. This is a
> > simple patch to try and do that for the syscall case.
> > 
> > Presently LTTng attempts to litter these trace markers all over the
> > architecture code, primarily to get around the fact that there was no
> > generic way to get at this information before. Now that platforms are
> > starting to do their syscall entry/exit notifiers through tracehook and
> > we have the asm/syscall.h interface, all of this information can be
> > generically abstracted.
> > 
> > Signed-off-by: Paul Mundt <lethal@...ux-sh.org>
> > 
> 
> I think marriage between tracehook and generic marker is very good idea. 
> at least, instruction pointer and return value are definitly useful.
> 
> but...
> Have you seen Mathieu's tracepoint patch?
> I recommend to use tracepoint insted use marker directly.
> 

Yep, tracepoints would be better suited for this. They can be found in
-tip or in -lttng trees.

Does tracehook have any infrastructure that would give us the system
calls parameters (with correct typing ?) :-) Or could they evolve into
this ?

Mathieu

> 
> > ---
> > 
> >  include/linux/tracehook.h |    7 +++++++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h
> > index 6186a78..481ff45 100644
> > --- a/include/linux/tracehook.h
> > +++ b/include/linux/tracehook.h
> > @@ -49,6 +49,9 @@
> >  #include <linux/sched.h>
> >  #include <linux/ptrace.h>
> >  #include <linux/security.h>
> > +#include <linux/marker.h>
> > +#include <asm/syscall.h>
> > +
> >  struct linux_binprm;
> >  
> >  /**
> > @@ -112,6 +115,8 @@ static inline __must_check int tracehook_report_syscall_entry(
> >  	struct pt_regs *regs)
> >  {
> >  	ptrace_report_syscall(regs);
> > +	trace_mark(kernel_arch_syscall_entry, "syscall_id %ld ip #p%ld",
> > +		   syscall_get_nr(NULL, regs), instruction_pointer(regs));
> >  	return 0;
> >  }
> >  
> > @@ -135,6 +140,8 @@ static inline __must_check int tracehook_report_syscall_entry(
> >  static inline void tracehook_report_syscall_exit(struct pt_regs *regs, int step)
> >  {
> >  	ptrace_report_syscall(regs);
> > +	trace_mark(kernel_arch_syscall_exit, "ret %ld",
> > +		   syscall_get_return_value(NULL, regs));
> >  }
> 
> 

-- 
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ