lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20090509162209.217414024@polymtl.ca>
Date:	Sat, 09 May 2009 12:22:09 -0400
From:	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>
To:	akpm@...ux-foundation.org, Ingo Molnar <mingo@...e.hu>,
	linux-kernel@...r.kernel.org, "Frank Ch. Eigler" <fche@...hat.com>,
	Jason Baron <jbaron@...hat.com>,
	Tom Zanussi <tzanussi@...il.com>, fweisbec@...il.com,
	laijs@...fujitsu.com, rostedt@...dmis.org, peterz@...radead.org,
	jiayingz@...gle.com, roland@...hat.com, mbligh@...gle.com
Subject: [RFC patch 00/20] Kernel tracing thread flag

This is the generalisation of the TIF_SYSCALL_FTRACE thread flag for :

- multiple tracers (even accessible from modules)
- multiple architectures

It includes :

- Addition of the TIF_KERNEL_TRACE for all Linux architectures.
- Modification of some architecture entry*.S files to ensure that the thread
  flag is re-read upon syscall exit to ensure that syscall exit is traced.
  Basically, what I try to achieve here is to make sure that given the following
  sequence will get its syscall exit event traced :

- Thread preempted in a system call
- Activation of all TIF_KERNEL_TRACE thread flags
- ...enough time passes to expect that all tracing sites are activated...
- syscall exit -> expected to be traced

But if the thread flags used at syscall exit are the same that has been read at
syscall entry, the event will be skipped. This does not permit reaching a known
"quiescent state" where we know that all tracing sites are activated.

Note that having non-perfectly matched syscall trace entry/exit may have
implications wrt getname/putname refcounting for instance, and could cause
problems if getname/putname was used in the syscall entry/exit pairs. We will
have to deal with this somehow when we face this problem. Keeping a per-thread
flag saying that a matching syscall_entry tracing has been executed could fix
this problem. We could even re-use TIF_SYSCALL_FTRACE for this specific purpose.

Mathieu

-- 
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ