| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2009 17:23:32 -0400 From: Theodore Tso <tytso@....edu> To: Josh Stone <jistone@...hat.com> Cc: Christoph Hellwig <hch@...radead.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] ext4: Add a stub for mpage_da_data in the trace header On Wed, Sep 30, 2009 at 12:45:23PM -0700, Josh Stone wrote: > If you just want the data in the trace buffer, then SystemTap is not the > tool for you. By all means, just write yourself a perl script or > something that parses the trace buffer however you like. > > On the other hand, stap is useful to do some processing/inspection > *live*, at the moment the event happens. For that, we register our own > tracepoint handler that can do something different than ftrace. So there are two things I would point out here. First of all, now that ftrace has the ability to do basic filtering, just about the only thing SystemTap can do which is unique is either complex filtering, summary statistics, or some kind of correlation between multiple events (within the limits of restricted memory allocation limits of SystemTap). So I'm not sure it's such a great idea to cede a large bit of functionality to as being something that SystemTap will never accomplish --- especially when it's far more convenient and stable to depend on fixed trace points than setting arbitrary dynamic trace points in the middle of source files which will break all the time when distro's release new kernels, etc. Secondly, while I'm not so sure it's that big of a restriction to have Systemtap pull events out of the trace buffer, if you must capture the event right as it happens, it should be possible set a kprobe in the ftrace subsystem, and then pull out the data of the event from the trace buffer. Keep in mind that one of the advantage DTrace has over SystemTap is that it can use pre-defined events in the kernel, and not have to keep userspace macro files in sync with a changing kernel source base. It seems counterproductive to throw away the opportunity of being able to read the tracepoint event data, since it would give SystemTap a lot more power. As people start creating more and more tracepoints, being able to tap into them without needing to download (or build) symbol tables would be a huge advantage. > FWIW, Fedora rawhide's x86_64 kernel-debuginfo is a ~140MB package, > which installs to ~1.1GB, so that situation is not quite so bad. The > compile time is of course still a beast. > > However, SystemTap does *not* require the kernel debuginfo for using > tracepoints, even when reading parameters. It should work in the > complete absence of CONFIG_DEBUGINFO, so if you find otherwise, please > let me know and I will fix it. Well, how is it going to do that if you don't have access to the structure definition? This is why fetching the information from the ring buffer is much more powerful. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists