lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20151022155705.546514436@goodmis.org>
Date:	Thu, 22 Oct 2015 11:57:05 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	linux-kernel@...r.kernel.org
Cc:	Ingo Molnar <mingo@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Subject: [RFC][PATCH 0/4] tracing: Add set_event_pid to filter on pids for events

Currently the only way to filter pids for events is to add it to the
filter file in the tracefs directory. Something like:

  echo 'common_pid == 2123 || common_pid == 4211' > filter

The problem with this is that there's a very limited size that the
filter can accept. Thus, trying to trace all processes of hackbench
is not going to cut it.

I've added a new file called set_event_pid which when not empty will
filter the events if the event is for one of the listed pids.
It adds special hooks for sched_switch and sched_wakeup to handle
next_pid and pid fields respectively.

I have code that will extend this to also dynamically add the children
on these pids to the filter on fork. But that's still being worked on.

The filtering is done by a flag being set at sched_switch time,
by hooking into the sched_switch tracepoint. When a process is scheduled in,
it is checked against the list of pids in the set_event_pid file (bsearch)
and if the files is not empty and the pid does not exist, a flag is
set to ignore tracing the current task. Then all other tracepoints only
need to check the flag to see if it should be ignored. This only affects
events within a specific tracing instance. perf and other tracing instances
will not be affected by another instance filtering.

The first thing that needed to be done was to add a priority to callbacks
of tracepoints. The hook added to sched_switch that determines the
if the task should be filtered or not must execute before any other
callbacks for that tracepoint. Otherwise filtering the sched_switch
tracepoint itself would not work.

The list of pids is allocated by pages. When changing (adding, removing
or clearing pids) the file special care must be used, as there are
no locks held when reading the list at sched switch. Normal RCU handling
is used (synchronize_sched) as all callbacks from tracepoints are
called with rcu_read_lock_sched() held.

This will allow for much better task filtering in the future.

Enjoy,

-- Steve



This series can be found at:

  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
ftrace/event-pid-filter

Head SHA1: d4f2f260e337242f8a5773f48b98463b95def9a9


Steven Rostedt (Red Hat) (4):
      tracepoint: Give priority to probes of tracepoints
      tracing: Add set_event_pid directory for future use
      tracing: Implement event pid filtering
      tracing: Check all tasks on each CPU when filtering pids

----
 include/linux/trace_events.h |   7 +
 include/linux/tracepoint.h   |  13 ++
 kernel/trace/trace.h         |   9 +
 kernel/trace/trace_events.c  | 451 +++++++++++++++++++++++++++++++++++++++++++
 kernel/tracepoint.c          |  61 ++++--
 5 files changed, 530 insertions(+), 11 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ