lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 16 Dec 2013 13:31:59 +0900
From:	Namhyung Kim <>
To:	Steven Rostedt <>,
	Oleg Nesterov <>
Cc:	Masami Hiramatsu <>,
	Srikar Dronamraju <>,
	Hyeoncheol Lee <>,
	"zhangwei(Jovi)" <>,
	Arnaldo Carvalho de Melo <>,
	Hemant Kumar <>,
	LKML <>,
	Namhyung Kim <>
Subject: [PATCHSET 00/17] tracing/uprobes: Add support for more fetch methods (v9)


This patchset implements memory (address), stack[N], deference,
bitfield, retval (it needs uretprobe tho) and file_offset fetch
methods for uprobes.  It's based on the previous work [1] done by
Hyeoncheol Lee.

Now kprobes and uprobes have their own fetch_type_tables and, in turn,
memory and stack access methods.  The symbol and file_offset fetch
methods are only available to kprobes and uprobes, respectively.
Other fetch methods are shared.

For the file_offset method, it translates the offset argument to a
virtual address in a process.  To do that, it calculates base mapping
address using probe address (utask->vaddr) and probe offset
(tu->offset) and then adds the argument offset.  Those info are
carried via utask and a new fetch parameter.

The syntax is '@...fset' where offset are relative address to the base
address.  For shared libraries, it'd be simply the st_value of symbol
in ELF format.  But for executable, it needs to subtract base load
address (e.g. 0x40000 for x86_64) from the symbol value.  Please see
previous discussion for an example [2] - Note that the syntax changed
to '@+' from plain '@'.  The plain '@...r' syntax is used for
accessing absolute memory address if you already know the exact address.

Many thanks to Oleg who provides valuable feedbacks and suggestions.

The patch 1-2 are bug fixes and can be applied independently.
The patch 16 is a preparation for patch 17 which implements the
file_offset fetch method.

 * v9 changes:
  - [ku]probes_fetch_type_table have NULL terminator (Masami)
  - make symbol fetch methods static inline for !CONFIG_KPROBE_EVENT (Masami)
  - add more Ack's from Masami

 * v8 changes:
  - rename tk, tu and tp more consistently (Srikar)
  - change prefix format specifier: %#x -> 0x%x (Masami)
  - convert file_offset_param to uprobe_dispatch_data (Oleg)
  - add more Ack's from Srikar and Masami

 * v7 changes:
  - restructure patches not to break build with !CONFIG_[KU]PROBE_EVENT
  - print 0x prefix for unsigned types
  - add @+file_offset fetch method (Oleg)
  - get rid of uprobe_buffer_mutex (Oleg)
  - pass 'is_return' to uprobes argument parser


A simple example:

  # cat foo.c
  int glob = -1;
  char str[] = "hello uprobe.";

  struct foo {
    unsigned int unused: 2;
    unsigned int foo: 20;
    unsigned int bar: 10;
  } foo = {
    .foo = 5,

  int main(int argc, char *argv[])
    long local = 0x1234;

    return 127;

  # gcc -o foo -g foo.c

  # objdump -d foo | grep -A9 -F '<main>'
  00000000004004b0 <main>:
    4004b0:	55                   	push   %rbp
    4004b1:	48 89 e5             	mov    %rsp,%rbp
    4004b4:	89 7d ec             	mov    %edi,-0x14(%rbp)
    4004b7:	48 89 75 e0          	mov    %rsi,-0x20(%rbp)
    4004bb:	48 c7 45 f8 34 12 00 	movq   $0x1234,-0x8(%rbp)
    4004c2:	00 
    4004c3:	b8 7f 00 00 00       	mov    $0x7f,%eax
    4004c8:	5d                   	pop    %rbp
    4004c9:	c3                   	retq   

  # nm foo | grep -e glob$ -e str -e foo
  00000000006008bc D foo
  00000000006008a8 D glob
  00000000006008ac D str

  # perf probe -x /home/namhyung/tmp/foo -a 'foo=main+0x13 glob=@...008a8:s32 \
  > str=@...2008ac:string bit=@...2008bc:b10@...2 argc=%di:s32 local=-0x8(%bp)'
  Added new event:
    probe_foo:foo      (on 0x4c3 with glob=@...008a8:s32 str=@...2008ac:string 
                           bit=@...2008bc:b10@...2 argc=%di:s32 local=-0x8(%bp))

  You can now use it in all perf tools, such as:

          perf record -e probe_foo:foo -aR sleep 1

  # perf record -e probe_foo:foo ./foo
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.001 MB (~33 samples) ]

  # perf script | grep -v ^#
               foo  2008 [002  2199.867154: probe_foo:foo (4004c3)
                   glob=-1 str="hello uprobe." bit=0x5 argc=1 local=0x1234

This patchset is based on the current for-next branch of the Steven
Rostedt's linux-trace tree.  I also put this on my 'uprobe/fetch-v9'
branch in my tree:


Any comments are welcome, thanks.

Cc: Masami Hiramatsu <>
Cc: Srikar Dronamraju <>
Cc: Oleg Nesterov <>
Cc: zhangwei(Jovi) <>
Cc: Arnaldo Carvalho de Melo <>
Cc: Hemant Kumar <>

Hyeoncheol Lee (1):
  tracing/probes: Add fetch{,_size} member into deref fetch method

Namhyung Kim (15):
  tracing/uprobes: Fix documentation of uprobe registration syntax
  tracing/probes: Fix basic print type functions
  tracing/kprobes: Factor out struct trace_probe
  tracing/uprobes: Convert to struct trace_probe
  tracing/kprobes: Move common functions to trace_probe.h
  tracing/probes: Integrate duplicate set_print_fmt()
  tracing/probes: Move fetch function helpers to trace_probe.h
  tracing/probes: Split [ku]probes_fetch_type_table
  tracing/probes: Implement 'stack' fetch method for uprobes
  tracing/probes: Move 'symbol' fetch method to kprobes
  tracing/probes: Implement 'memory' fetch method for uprobes
  tracing/uprobes: Pass 'is_return' to traceprobe_parse_probe_arg()
  tracing/uprobes: Fetch args before reserving a ring buffer
  tracing/uprobes: Add support for full argument access methods
  tracing/uprobes: Add @+file_offset fetch method

Oleg Nesterov (1):
  uprobes: Allocate ->utask before handler_chain() for tracing handlers

 Documentation/trace/uprobetracer.txt |  36 +-
 kernel/events/uprobes.c              |   4 +
 kernel/trace/trace_kprobe.c          | 812 +++++++++++++++++++----------------
 kernel/trace/trace_probe.c           | 440 +++++++------------
 kernel/trace/trace_probe.h           | 216 ++++++++++
 kernel/trace/trace_uprobe.c          | 495 +++++++++++++++------
 6 files changed, 1208 insertions(+), 795 deletions(-)


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists