lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100903112920.B65F.A69D9226@jp.fujitsu.com>
Date:	Fri,  3 Sep 2010 11:37:59 +0900 (JST)
From:	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
To:	Eric B Munson <emunson@...bm.net>
Cc:	kosaki.motohiro@...fujitsu.com, akpm@...ux-foundation.org,
	mingo@...hat.com, hugh.dickins@...cali.co.uk, riel@...hat.com,
	peterz@...radead.org, anton@...ba.org, hch@...radead.org,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH 1/2] Add trace points to mmap, munmap, and brk

> On Tue, 27 Jul 2010, KOSAKI Motohiro wrote:
> 
> > > On Wed, 21 Jul 2010, KOSAKI Motohiro wrote:
> > > 
> > > > > This patch adds trace points to mmap, munmap, and brk that will report
> > > > > relevant addresses and sizes before each function exits successfully.
> > > > > 
> > > > > Signed-off-by: Eric B Munson <emunson@...bm.net>
> > > > 
> > > > I don't think this is good idea. if you need syscall result, you should 
> > > > use syscall tracer. IOW, This tracepoint bring zero information.
> > > > 
> > > > Please see perf_event_mmap() usage. Our kernel manage adress space by
> > > > vm_area_struct. we need to trace it if we need to know what kernel does.
> > > > 
> > > > Thanks.
> > > 
> > > The syscall tracer does not give you the address and size of the mmaped areas
> > > so this does provide information above simply tracing the enter/exit points
> > > for each call.
> > 
> > Why don't you fix this?
> > 
> > 
> 
> Sorry for the long delay, 

no problem.

> the enter/exit routines are not compatible with the
> information that these new trace points provides.  When tracing mmap, for
> instance, the addr and len arguments can be altered by the function.  If you
> use the enter/exit trace points you would not see this as the arguments are
> sampled at function entrance and not given again on exit.  

Current output is here. It has rich output than yours. Also you can bind enter and exit output by pid.


            less-2130  [001]  3779.915324: sys_mmap(addr: 0, len: 1000, prot: 3, flags: 22, fd: ffffffff, off: 0)
            less-2130  [001]  3779.915331: sys_mmap -> 0x7fee22b17000
            less-2130  [001]  3779.915350: sys_mmap(addr: 38e8c00000, len: 3788a8, prot: 5, flags: 802, fd: 3, off: 0)
            less-2130  [001]  3779.915357: sys_mmap -> 0x38e8c00000
            less-2130  [001]  3779.915368: sys_mmap(addr: 38e8f6f000, len: 5000, prot: 3, flags: 812, fd: 3, off: 16f000)
            less-2130  [001]  3779.915380: sys_mmap -> 0x38e8f6f000
            less-2130  [001]  3779.915411: sys_mmap(addr: 38e8f74000, len: 48a8, prot: 3, flags: 32, fd: ffffffff, off: 0)
            less-2130  [001]  3779.915421: sys_mmap -> 0x38e8f74000
            less-2130  [001]  3779.915464: sys_mmap(addr: 0, len: 1000, prot: 3, flags: 22, fd: ffffffff, off: 0)
            less-2130  [001]  3779.915468: sys_mmap -> 0x7fee22b16000


> Also, the new
> trace points are only hit on function success, the exit trace point happens
> any time you leave the system call.

Special purpose filtering is no good design. That makes narrowing the feature usefulness.
It should be done on userland.



> I will send out a new series after a rebase.



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ