lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABPqkBTOAmfCckW0L7eTyoLVtdJpiwW8PdXJ5K+Ny+mQNtyUnQ@mail.gmail.com>
Date:	Thu, 7 Jan 2016 14:00:11 -0800
From:	Stephane Eranian <eranian@...gle.com>
To:	Andi Kleen <ak@...ux.intel.com>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Jiri Olsa <jolsa@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...nel.org>,
	Adrian Hunter <adrian.hunter@...el.com>
Subject: Re: [RFC] perf record: missing buildid for callstack modules

On Thu, Jan 7, 2016 at 1:57 PM, Andi Kleen <ak@...ux.intel.com> wrote:
> On Thu, Jan 07, 2016 at 01:56:14PM -0800, Stephane Eranian wrote:
>> Hi,
>>
>> Whenever you do:
>>
>>     $ perf record -g -a sleep 10
>>
>> Perf will collect the callstack for each sample. At the end of the
>> run, perf record
>> adds the buildid for all dso with at least one sample. But when it does this, it
>> only looks at the sampled IP and ignore the modules traversed by the callstack.
>> That means that, it is not possible to uniquely identify the modules executed,
>> unless they had at least one IP sample captured. But this is not
>> always the case.
>>
>> How about providing an option to perf record to force collecting
>> buildid for all IPs
>> captured in the callstack? I understand that would cost more at the end of the
>> collection, but this would be beneficial to several monitoring scenarios.
>
> If you do that I would rather collect buildid for everything that is synthesized
> (everything in /proc)
>
But that would be much more than whatever would be captured with hits in
callstacks.

A valid scenario here is sampling on tracepoints (which are kernel only events)
but you want to know where the syscall originated from or which user code was
interrupted.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ