| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Apr 2010 09:50:32 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Mathieu Desnoyers <compudj@...stal.dyndns.org>
Cc: linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu>,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Frederic Weisbecker <fweisbec@...il.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Lai Jiangshan <laijs@...fujitsu.com>,
Li Zefan <lizf@...fujitsu.com>,
Masami Hiramatsu <mhiramat@...hat.com>,
Christoph Hellwig <hch@....de>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Tom Zanussi <tzanussi@...il.com>
Subject: Re: [PATCH 05/10][RFC] tracing: Move fields from event to class
structure
On Thu, 2010-04-29 at 09:32 -0400, Mathieu Desnoyers wrote:
> OK, just to make sure I understand what we currently have and how I
> could deal with it:
>
> Let's say syscall_entry has ID 17 in the event header. Let's suppose its
> first field is the system call number (an unsigned short). This system
> call number will determine the following binary format (how many fields
> recorded in the event) and the metadata telling how to print these
> fields as well.
>
> So for a syscall_entry event, we could have metadata describing it
> (I'm doing an ad-hoc metadata format here, don't mind about the exact
> formulation for now). The first field value would determine the type
> cast of the following fields:
>
> event {
> name: syscall_entry;
> id: 17;
> field {
> name: syscall_id;
> type: unsigned short;
> typecast: syscall_entry_params;
> }
> typecast {
> name: syscall_entry_params;
> map {
> value: 0; /* sys_read on x86_64 */
> field {
> type: unsigned int;
> name: fd;
> }
> field {
> type: char __user *;
> name: buf;
> }
> field {
> type: size_t;
> name: count;
> }
> }
> map {
> value: 1; /* sys_write on x86_64 */
> ....
> }
> and so on for all other ......
> }
>
> Does that look correct ? Maybe I'm just re-doing something already
> existing, so I prefer to ask first.
I'm a little confused by your example, but perhaps you are describing
what we already have.
All syscall_entrys have the same class, and all syscall_exits have their
own too.
What each syscall has separate is a meta-data, which is unique to
syscalls, and normal TRACE_EVENT()s do not have them. It is put in the
call->private field.
So what we have is:
struct ftrace_event_class event_class_syscall_enter;
This handles the printing of most of the data. What it does not cover is
how to print the parameters of the syscall itself. The meta-data is
created per syscall that specifies the syscalls parameters.
And the same metadata is used by both the syscall enter and exit events.
The meta data is described in include/trace/syscalls.h
struct syscall_metadata {
cost char *name;
int syscall_nr;
int nb_args;
const char **types;
const char **args;
struct ftrace_event_call *enter_event;
struct ftrace_event_call *exit_event;
};
Here the description is how to print the syscall parameters.
I don't see how we can group it any better, without manually doing it.
Hope this explains things better.
-- Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists