| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Feb 2011 18:35:45 +0100 From: Frederic Weisbecker <fweisbec@...il.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: Jiri Olsa <jolsa@...hat.com>, mingo@...e.hu, linux-kernel@...r.kernel.org, masami.hiramatsu.pt@...achi.com Subject: Re: [RFC 0/4] tracing,x86_64 - function/graph trace without mcount/-pg/framepointer On Thu, Feb 03, 2011 at 11:33:25AM -0500, Steven Rostedt wrote: > On Thu, 2011-02-03 at 16:42 +0100, Jiri Olsa wrote: > > hi, > > > > I recently saw the direct jump probing made for kprobes > > and tried to use it inside the trace framework. > > > > The global idea is patching the function entry with direct > > jump to the trace code, instead of using pregenerated gcc > > profile code. > > Interesting, but ideally, it would be nice if gcc provided a better > "mcount" mechanism. One that calls mcount (or whatever new name it would > have) before it does anything with the stack. > > > > > I started this just to see if it would be even possible > > to hook with new probing to the current trace code. It > > appears it's not that bad. I was able to run function > > and function_graph trace on x86_64. > > > > For details on direct jumps probe, please check: > > http://www.linuxinsight.com/ols2007-djprobe-kernel-probing-with-the-smallest-overhead.html > > > > > > I realize using this way to hook the functions has some > > drawbacks, from what I can see it's roughly: > > - no all functions could be patched > > What's the reason for not all functions? Because of those that kprobes calls, so to avoid recursion. kprobes has some recursion detection mechanism, IIRC, but until we reach that checkpoint, I think there are some functions in the path. Well, ftrace has the same problem. That's just due to the nature of function tracing. There may be some places too fragile to use kprobes there too. Ah, the whole trap path for example :-( > > - need to find a way to say which function is safe to patch > > - memory consumption for detour buffers and symbol records > > > > but seems there're some advantages as well: > > - trace code could be in a module > > What makes this allow module code? > > ftrace could do that now, but it would require a separate handler. I > would need to disable preemption before calling the module code function > handler. Kprobes takes care of handlers from modules already. I'm not sure we want that, it makes the tracing code more sensitive. Look, for example I think kprobes doesn't trace kernel faults path because module space is allocated through vmalloc (hmm, is it still the case?). > > - no profiling code is needed > > - framepointer can be disabled (framepointer is needed for > > generating profile code) > > Again ideally, gcc should fix this. As another drawback of using kprobes, there is also the overhead. I can't imagine a trap triggering for every functions. But then yeah we have the jmp optimisation. But then it needs that detour buffer that we can avoid with mcount. So like Steve I think mcount is still a better backend for function tracing. More optimized by nature, even though it indeed needs some fixes. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists