| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Sep 2010 11:37:59 +0900 (JST)
From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
To: Eric B Munson <emunson@...bm.net>
Cc: kosaki.motohiro@...fujitsu.com, akpm@...ux-foundation.org,
mingo@...hat.com, hugh.dickins@...cali.co.uk, riel@...hat.com,
peterz@...radead.org, anton@...ba.org, hch@...radead.org,
linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH 1/2] Add trace points to mmap, munmap, and brk
> On Tue, 27 Jul 2010, KOSAKI Motohiro wrote:
>
> > > On Wed, 21 Jul 2010, KOSAKI Motohiro wrote:
> > >
> > > > > This patch adds trace points to mmap, munmap, and brk that will report
> > > > > relevant addresses and sizes before each function exits successfully.
> > > > >
> > > > > Signed-off-by: Eric B Munson <emunson@...bm.net>
> > > >
> > > > I don't think this is good idea. if you need syscall result, you should
> > > > use syscall tracer. IOW, This tracepoint bring zero information.
> > > >
> > > > Please see perf_event_mmap() usage. Our kernel manage adress space by
> > > > vm_area_struct. we need to trace it if we need to know what kernel does.
> > > >
> > > > Thanks.
> > >
> > > The syscall tracer does not give you the address and size of the mmaped areas
> > > so this does provide information above simply tracing the enter/exit points
> > > for each call.
> >
> > Why don't you fix this?
> >
> >
>
> Sorry for the long delay,
no problem.
> the enter/exit routines are not compatible with the
> information that these new trace points provides. When tracing mmap, for
> instance, the addr and len arguments can be altered by the function. If you
> use the enter/exit trace points you would not see this as the arguments are
> sampled at function entrance and not given again on exit.
Current output is here. It has rich output than yours. Also you can bind enter and exit output by pid.
less-2130 [001] 3779.915324: sys_mmap(addr: 0, len: 1000, prot: 3, flags: 22, fd: ffffffff, off: 0)
less-2130 [001] 3779.915331: sys_mmap -> 0x7fee22b17000
less-2130 [001] 3779.915350: sys_mmap(addr: 38e8c00000, len: 3788a8, prot: 5, flags: 802, fd: 3, off: 0)
less-2130 [001] 3779.915357: sys_mmap -> 0x38e8c00000
less-2130 [001] 3779.915368: sys_mmap(addr: 38e8f6f000, len: 5000, prot: 3, flags: 812, fd: 3, off: 16f000)
less-2130 [001] 3779.915380: sys_mmap -> 0x38e8f6f000
less-2130 [001] 3779.915411: sys_mmap(addr: 38e8f74000, len: 48a8, prot: 3, flags: 32, fd: ffffffff, off: 0)
less-2130 [001] 3779.915421: sys_mmap -> 0x38e8f74000
less-2130 [001] 3779.915464: sys_mmap(addr: 0, len: 1000, prot: 3, flags: 22, fd: ffffffff, off: 0)
less-2130 [001] 3779.915468: sys_mmap -> 0x7fee22b16000
> Also, the new
> trace points are only hit on function success, the exit trace point happens
> any time you leave the system call.
Special purpose filtering is no good design. That makes narrowing the feature usefulness.
It should be done on userland.
> I will send out a new series after a rebase.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists