lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <492E9AB2.9030202@gmail.com>
Date:	Thu, 27 Nov 2008 15:03:46 +0200
From:	Török Edwin <edwintorok@...il.com>
To:	"Frank Ch. Eigler" <fche@...hat.com>
CC:	Peter Zijlstra <a.p.zijlstra@...llo.nl>, mingo@...e.hu,
	srostedt@...hat.com, sandmann@...mi.au.dk,
	linux-kernel@...r.kernel.org, viro@...IV.linux.org.uk
Subject: Re: [PATCH 2/2] tracing: identify which executable object the userspace
 address belongs to

On 2008-11-27 14:48, Frank Ch. Eigler wrote:
> Hi -
>
> On Thu, Nov 27, 2008 at 11:41:45AM +0100, Peter Zijlstra wrote:
>   
>>>> Impact: modify+improve the userstacktrace tracing visualization feature
>>>> [...]
>>>> You'll see stack entries like:
>>>>    /lib/libpthread-2.7.so[+0xd370]
>>>> [...]
>>>>         
>>> Can you suggest an actual distribution & architecture where this
>>> facility may be tested/used?  It appears to require frame-pointer
>>> stuff that AFAIK is not generally turned on for user-space.
>>>       
>> gentoo, just rebuild world with frame pointers ;-)
>>     
>
> Well, that only goes so far.  If this feature turns out unable to work
> without distributors recompiling all their stuff on, for example, x86-64,
> then expectations need to be reset.

My assumption is that this feature will be used to trace individual
applications, and not the system as a whole.
Then you only need libc to be recompiled with frame pointers on, and
your own application/your own application's libraries.

That is what I want to use it for, and there isn't another solution that
allows me to do this.
Sure I can trace userspace alone using ptrace (which has its own
overhead), and the kernel alone by using ftrace, but I can't combine
those traces in a meaningful manner.
If/when the kernel will support dwarf unwinding, it will only need to
provide an alternate implementation for save_stack_trace_user.

Even without frame pointers you can at least get the return address to
userspace, which may be inside your application for page faults.

If I need to do system-wide tracing, I can use my 32-bit chroot [*], or
boot my laptop which is 32-bit.

I don't think that this feature should get rejected just because it is
not easily usable from x86_64.

[*] I haven't tested yet if tracing 32-bit applications from a 64-bit
kernel works. It probably won't, and I'll need to use a different struct
stack_frame with 32-bit addresses.

Another approach I've though of would be to deliver a signal to
userspace on demand, and have the signal handler do the backtrace, but
that would unnecesary overhead.

Best regards,
--Edwin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ