lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5716E3E8.7000609@redhat.com>
Date:	Tue, 19 Apr 2016 23:05:28 -0300
From:	Daniel Bristot de Oliveira <bristot@...hat.com>
To:	Steven Rostedt <rostedt@...dmis.org>, linux-kernel@...r.kernel.org
Cc:	Ingo Molnar <mingo@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Jiri Olsa <jolsa@...nel.org>,
	Masami Hiramatsu <mhiramat@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	linux-trace-users@...r.kernel.org
Subject: Re: [RFC][PATCH 0/4] tracing: Add event-fork to trace tasks children


On 04/19/2016 11:34 AM, Steven Rostedt wrote:
> This code adds the event-fork option that, when set, will have tasks
> with their PIDs in set_event_pid add their children PIDs when they
> fork. It will also remove their PID from the file on exit.

That is a nice feature! I tested it and it works. But, look this...

Set the event-fork, the current shell pid, and enable the trace:

[root@f23 tracing]# echo event-fork > trace_options 
[root@f23 tracing]# echo $$ > set_ftrace_pid 
[root@f23 tracing]# echo function > current_tracer 

to exercise the feature, start the httpd...

[root@f23 tracing]# httpd

[root@f23 tracing]# cat trace | awk '{print $1}' | sort | uniq
awk-2209
bash-2162
bash-2208
httpd-2196
httpd-2197
httpd-2199
httpd-2200
httpd-2201
httpd-2202
httpd-2203
httpd-2204
httpd-2205
httpd-2206
httpd-2207
sort-2210
uniq-2211

Awesome :-) it works!

But, the set_ftrace_pid only shows the pid of the shell. I thought
it would print all child's pid.

[root@f23 tracing]# cat set_ftrace_pid 
2162

Now, lets finish the session:

[root@f23 tracing]# echo 0 > tracing_on
[root@f23 tracing]# echo nop > current_tracer 
[root@f23 tracing]# echo > trace
[root@f23 tracing]# echo > set_ftrace_pid
[root@f23 tracing]# echo noevent-fork > trace_options

and start a simple trace again, filtering the watchdog/0 thread:

[root@f23 tracing]# echo 14 > set_ftrace_pid
[root@f23 tracing]# echo function > current_tracer
[root@f23 tracing]# echo 1 > tracing_on

(this is a trick to make httpd work)
[root@f23 tracing]# kill -1 2197

voilĂ !

[root@f23 tracing]# cat trace | awk '{print $1}' | sort | uniq
httpd-2197
httpd-2501
httpd-2503
httpd-2506
httpd-2507
httpd-2526
httpd-2527
httpd-2528
httpd-2529
httpd-2530
httpd-2531
httpd-2532
httpd-2533
httpd-2534
httpd-2535
watchdog/0-14

The httpd stills being filtered, and I did not find a way to remove
them. Although I see that they will be removed when they exit, I
think it would be nice to remove them when cleaning
set_ftrace_pid.

Am I missing something?

-- Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ