| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Jan 2009 22:28:02 +0100
From: Frederic Weisbecker <fweisbec@...il.com>
To: Ingo Molnar <mingo@...e.hu>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [PATCH] tracing/function-graph-tracer: tracing only syscalls
mode
On Fri, Jan 02, 2009 at 08:40:14PM +0100, Ingo Molnar wrote:
>
> * Frederic Weisbecker <fweisbec@...il.com> wrote:
>
> > Impact: make more easy the syscalls tracing
> >
> > This patch extends to syscalls the features which let one to trace
> > only one ore more function (and those they call).
> > This way we can get rid of the workqueues, kernel threads, softirqs from
> > ksoftirqd and only have the syscall path on the trace.
> >
> > Note that hardirq that interrupt the syscalls are still traced. But we could
> > add an option to disable the interrupt tracing as well in the future.
> >
> > To use this new feature:
> >
> > echo function_graph > /debugfs/tracing/current_tracer
> > echo syscalls > /debugfs/tracing/set_graph_function
>
> nice. I think a key item is missing though:
>
> > @@ -1397,6 +1398,9 @@ asmregparm long syscall_trace_enter(struct pt_regs *regs)
> > {
> > long ret = 0;
> >
> > + /* Tell the function graph tracer we are entering a system call */
> > + ftrace_graph_syscall_enter();
>
> We could actually trace the _syscalls_ themselves, a'la strace:
"a la" ? Oh pretty, those two words have been picked from french to english
language :-)
I didn't know.
Yes, these parameters displaying a la strace are in my projects, as well as
the return value of the syscalls (and other functions later).
> munmap(0xb7ff3000, 4096) = 0
>
> So instead of the current ftrace output:
>
> 0) cc1-30212 | | sys32_mmap2() {
> 0) cc1-30212 | | down_write() {
> 0) cc1-30212 | 0.272 us | _spin_lock_irq();
> 0) cc1-30212 | 0.969 us | }
> 0) cc1-30212 | | do_mmap_pgoff() {
>
> We could get something like:
>
> 0) cc1-30212 | | sys32_mmap2(0xb7ff3000, 4096) {
> 0) cc1-30212 | | down_write() {
> 0) cc1-30212 | 0.272 us | _spin_lock_irq();
> 0) cc1-30212 | 0.969 us | }
> 0) cc1-30212 | | do_mmap_pgoff() {
> [...]
> 0) cc1-30212 | + 22.537 us | } = 0
>
>
> Or maybe as separate trace entries:
>
> 0) cc1-30212 | |> sys32_mmap2 [0xb7ff3000, 4096]
> 0) cc1-30212 | | sys32_mmap2 {
> 0) cc1-30212 | | down_write() {
> 0) cc1-30212 | 0.272 us | _spin_lock_irq();
> 0) cc1-30212 | 0.969 us | }
> 0) cc1-30212 | | do_mmap_pgoff() {
> [...]
> 0) cc1-30212 | + 22.537 us | }
> 0) cc1-30212 | |< sys32_mmap2 => 0
>
> For that we'd have to pass in something like the syscall function address
> (sys_call_table[regs->ax]), and the up to 6 parameters
> [regs->bx,cx,dx,si,di,bp].
>
> (and initially we could just print all of them i guess, instead of a
> variable-width thing)
>
> We wouldnt do smart decoding of syscall arguments normally - just print
> the raw arguments with no decoding. (like strace -e raw=all)
>
> How does this sound?
That sounds good. I just need a new entry type for this. I can pass all these
registers on insertion and filter them by syscall number on output stage.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists