lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 11 May 2009 18:16:59 -0400
From:	Jason Baron <jbaron@...hat.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Tom Zanussi <tzanussi@...il.com>, linux-kernel@...r.kernel.org,
	fweisbec@...il.com, laijs@...fujitsu.com, rostedt@...dmis.org,
	peterz@...radead.org, mathieu.desnoyers@...ymtl.ca,
	jiayingz@...gle.com, mbligh@...gle.com, roland@...hat.com,
	fche@...hat.com
Subject: Re: [RFC] convert ftrace syscall tracer to TRACE_EVENT()

On Sat, May 09, 2009 at 10:37:37AM +0200, Ingo Molnar wrote:
> I'm not sure about the implementation as you've posted it though:
> 
> Firstly, it adds two new tracepoints to every system call. That is 
> unnecessary - we already have the TIF flag based callbacks, and we 
> can use the existing syscall attributes table to get to tracepoints 
> - without slow down (or impacting) the fast path in any way.
> 
> Secondly, we should reuse the information we get in SYSCALL_DEFINE, 
> to construct the TRACE_EVENT tracepoints directly - without having 
> to list all syscalls again in a separate file.
> 
> 	Ingo

ok, i've been playing around with this a bit...by adding a few macros to
include/trace/syscalls.h (conceptually in addition to the previous patch i
posted), I can address #1. For example, for getpid() I did:

+#define MAX_SYS_ARGS 10
+
+#define create_syscall_case_args0(sysnr, regs, sysname) \
+	case sysnr:					\
+		trace_sysenter_##sysname();		\
+		break;					
+
+#define create_syscall_case_args1(sysnr, regs, sysname) \
+	case sysnr:					\
+		syscall_get_arguments(current, regs, 0, 1, sys_args); \
+		trace_sysenter_#sysname((meta->types[0])sys_args[0]); \
+		break;
+
+#define define_syscall_tracepoints()				\
+	DEFINE_TRACE(sysenter_getpid);
+
+#define wrapper_syscall_tracepoints_enter(regs) 		\
+do {								\
+	int syscall_nr;						\
+	long sys_args[MAX_SYS_ARGS];				\
+	struct syscall_metadata *meta;				\
+								\
+	syscall_nr = syscall_get_nr(current, regs);		\
+	meta = syscall_nr_to_meta(syscall_nr);			\
+	switch (syscall_nr) {					\
+		create_syscall_case_args0(__NR_getpid, regs, getpid);\
+	}							\
+} while (0)


This should extend to the rest of the syscalls.

Then, in arch/x86/kernel/ptrace.c, i just add:

 	if (unlikely(test_thread_flag(TIF_SYSCALL_FTRACE)))
-		ftrace_syscall_enter(regs);
+		wrapper_syscall_tracepoints_enter(regs);


Regarding issue #2, the '__SYSCALL_DEFINEx()' macros are expanding in
the context of the various .c source files that define the system calls.
Thus, I'm not sure how we are going to reference them in
arch/x86/kernel/ptrace.c. Also, by not defining the tracepoints in a .h
file, modules and other code that want to make use of these tracepoints
are going to have a harder time. Further, there has been mention in this
thread of exceptions that some of the syscalls are going to create. I
think it would be easier to follow the exceptions if they are contained
in 1 file, rather than scattered around the code.

thanks,

-Jason




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ