lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1249563574.32113.358.camel@twins>
Date:	Thu, 06 Aug 2009 14:59:34 +0200
From:	Peter Zijlstra <a.p.zijlstra@...llo.nl>
To:	"Frank Ch. Eigler" <fche@...hat.com>
Cc:	Pekka Enberg <penberg@...helsinki.fi>, Ingo Molnar <mingo@...e.hu>,
	acme <acme@...hat.com>, Steven Rostedt <rostedt@...dmis.org>,
	Frédéric Weisbecker <fweisbec@...il.com>,
	Eduard-Gabriel Munteanu <eduard.munteanu@...ux360.ro>,
	roland <roland@...hat.com>,
	Christoph Hellwig <hch@...radead.org>,
	Masami Hiramatsu <mhiramat@...hat.com>,
	Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>,
	linux-kernel@...r.kernel.org
Subject: Re: malloc() tracing in perf?

On Thu, 2009-08-06 at 07:55 -0400, Frank Ch. Eigler wrote:
> Hi -
> 
> On Thu, Aug 06, 2009 at 01:28:14PM +0200, Peter Zijlstra wrote:
> > [...]
> > > That work is ongoing, and being discussed on utrace-devel@...hat.com,
> > > since it is a prerequisite. 
> > 
> > Still hiding the discussion and the design never helped anybody.
> 
> I guess "hiding" is a matter of opinion.

Yeah in plain sight where nobody looks, really I thought the idea was to
get utrace upstream, this means posting to linux-kernel. Going on LKML
posts I'd say the utrace project was dead. Same goes for uprobe.

I've told this before and I'll say it again, post to LKML.

> > > While these deliberations are ongoing, you can use systemtap.  Probing
> > > random places in userspace is about as casual as probing the kernel:
> > 
> > Right, but that still doesn't tell us anything on how you're doing that,
> > does it?
> 
> Since you asked...  the probe process("/lib64/libc.so.6") points
> systemtap to a shared library file, whose symbol table & debug data
> gives us information about what functions & parameters are available.
> Among other things, we record a shared-library base-relative address
> for the function.
> 
> At run time, we monitor the entire system (or just a given process if
> -x PID/-c CMD was specified) to see when that shared library gets
> loaded.  (This in turn is done with a utrace-based hook of the mmap
> syscall - see "task_finder" in our sources). 

Does this also iterate the already existing tasks to find if it was
already mmap()ed?

> This overview skims over issues related to return probes, tracing
> buffer manipulations, and much other stuff.

Right, so you basically read the (dwarf2) debug info for a particular
lib/symbol and generate a kernel module that knows about that and then
insert that into the kernel to act as a uprobe handler?

Uprobe will then do the code rewrite on mmap() time to insert a trap
much like kprobe does? What if its a JITed code section and the JIT
rewrites it? Will uprobes detect that?

> All the code for this is hidden in plain sight in every systemtap
> release, so please feel free to refer to that and/or ask more detailed
> questions.

I thought the goal was to get stuff upstream, but if you want to
continue living in la-la land and not bother with upstream Linux then so
be it I guess :-(

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ