| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Oct 2015 11:57:05 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: linux-kernel@...r.kernel.org
Cc: Ingo Molnar <mingo@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Subject: [RFC][PATCH 0/4] tracing: Add set_event_pid to filter on pids for events
Currently the only way to filter pids for events is to add it to the
filter file in the tracefs directory. Something like:
echo 'common_pid == 2123 || common_pid == 4211' > filter
The problem with this is that there's a very limited size that the
filter can accept. Thus, trying to trace all processes of hackbench
is not going to cut it.
I've added a new file called set_event_pid which when not empty will
filter the events if the event is for one of the listed pids.
It adds special hooks for sched_switch and sched_wakeup to handle
next_pid and pid fields respectively.
I have code that will extend this to also dynamically add the children
on these pids to the filter on fork. But that's still being worked on.
The filtering is done by a flag being set at sched_switch time,
by hooking into the sched_switch tracepoint. When a process is scheduled in,
it is checked against the list of pids in the set_event_pid file (bsearch)
and if the files is not empty and the pid does not exist, a flag is
set to ignore tracing the current task. Then all other tracepoints only
need to check the flag to see if it should be ignored. This only affects
events within a specific tracing instance. perf and other tracing instances
will not be affected by another instance filtering.
The first thing that needed to be done was to add a priority to callbacks
of tracepoints. The hook added to sched_switch that determines the
if the task should be filtered or not must execute before any other
callbacks for that tracepoint. Otherwise filtering the sched_switch
tracepoint itself would not work.
The list of pids is allocated by pages. When changing (adding, removing
or clearing pids) the file special care must be used, as there are
no locks held when reading the list at sched switch. Normal RCU handling
is used (synchronize_sched) as all callbacks from tracepoints are
called with rcu_read_lock_sched() held.
This will allow for much better task filtering in the future.
Enjoy,
-- Steve
This series can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
ftrace/event-pid-filter
Head SHA1: d4f2f260e337242f8a5773f48b98463b95def9a9
Steven Rostedt (Red Hat) (4):
tracepoint: Give priority to probes of tracepoints
tracing: Add set_event_pid directory for future use
tracing: Implement event pid filtering
tracing: Check all tasks on each CPU when filtering pids
----
include/linux/trace_events.h | 7 +
include/linux/tracepoint.h | 13 ++
kernel/trace/trace.h | 9 +
kernel/trace/trace_events.c | 451 +++++++++++++++++++++++++++++++++++++++++++
kernel/tracepoint.c | 61 ++++--
5 files changed, 530 insertions(+), 11 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists