lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 3 Nov 2008 16:46:02 +0530
From:	Ananth N Mavinakayanahalli <>
To:	Ingo Molnar <>
Cc:	Steven Rostedt <>,
	Frédéric Weisbecker <>,, Jim Keniston <>
Subject: Re: [RFC][PATCH] Make ftrace able to trace function return

On Thu, Oct 30, 2008 at 08:26:21PM +0100, Ingo Molnar wrote:
> * Steven Rostedt <> wrote:
> > gcc -c -finstrument-functions traceme.c
> > This is not 5 extra bytes but 27 extra bytes for a total of 32 bytes 
> > at every function. Also note that this also adds these calls to 
> > inline functions as well. We could easly stop that by adding 
> > "notrace" to the inline define (which I've done).
> > 
> > But this would make the patching a bit more difficult (not 
> > impossible). But it will bloat the image quite a bit.
> yeah, i too knew it was expensive, but didnt realize it's this bloaty. 
> It's a non-starter really.
> How reliable can we make Frederic's trampoline approach? Especially 
> with the opt-in function filters of dyn-ftrace, there's real value in 
> the trampoline approach IMO (we could display real function cost, 
> etc.), and the runtime cost should be OK as long we dont probe a ton 
> of functions all the time. (and it's optional anyway)

Something similar to Frederic's trampoline approach is what we use for
kretprobes. Recently, it's also acquired the capability to run handlers
at function entry. See samples/kprobes/kretprobe_example.c -- it
currently can print the time spent in any user-specified kernel routine.

Of course, this approach is not cheap... since it's kprobe based, we
have two exceptions -- but it is reliable. You are limited by the number
of slots available to record return addresses for each invocation,
especially if functions are reentrant, in the hotpath and can sleep.

There were other issues encountered during its implementation (some
of them 'cos we hash instances on the task) were with routines that are
entered/exited in different task contexts, noret type functions, etc.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists