| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <492E9AB2.9030202@gmail.com> Date: Thu, 27 Nov 2008 15:03:46 +0200 From: Török Edwin <edwintorok@...il.com> To: "Frank Ch. Eigler" <fche@...hat.com> CC: Peter Zijlstra <a.p.zijlstra@...llo.nl>, mingo@...e.hu, srostedt@...hat.com, sandmann@...mi.au.dk, linux-kernel@...r.kernel.org, viro@...IV.linux.org.uk Subject: Re: [PATCH 2/2] tracing: identify which executable object the userspace address belongs to On 2008-11-27 14:48, Frank Ch. Eigler wrote: > Hi - > > On Thu, Nov 27, 2008 at 11:41:45AM +0100, Peter Zijlstra wrote: > >>>> Impact: modify+improve the userstacktrace tracing visualization feature >>>> [...] >>>> You'll see stack entries like: >>>> /lib/libpthread-2.7.so[+0xd370] >>>> [...] >>>> >>> Can you suggest an actual distribution & architecture where this >>> facility may be tested/used? It appears to require frame-pointer >>> stuff that AFAIK is not generally turned on for user-space. >>> >> gentoo, just rebuild world with frame pointers ;-) >> > > Well, that only goes so far. If this feature turns out unable to work > without distributors recompiling all their stuff on, for example, x86-64, > then expectations need to be reset. My assumption is that this feature will be used to trace individual applications, and not the system as a whole. Then you only need libc to be recompiled with frame pointers on, and your own application/your own application's libraries. That is what I want to use it for, and there isn't another solution that allows me to do this. Sure I can trace userspace alone using ptrace (which has its own overhead), and the kernel alone by using ftrace, but I can't combine those traces in a meaningful manner. If/when the kernel will support dwarf unwinding, it will only need to provide an alternate implementation for save_stack_trace_user. Even without frame pointers you can at least get the return address to userspace, which may be inside your application for page faults. If I need to do system-wide tracing, I can use my 32-bit chroot [*], or boot my laptop which is 32-bit. I don't think that this feature should get rejected just because it is not easily usable from x86_64. [*] I haven't tested yet if tracing 32-bit applications from a 64-bit kernel works. It probably won't, and I'll need to use a different struct stack_frame with 32-bit addresses. Another approach I've though of would be to deliver a signal to userspace on demand, and have the signal handler do the backtrace, but that would unnecesary overhead. Best regards, --Edwin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists