| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Mar 2017 21:50:29 +0530
From: "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH v4 2/3] perf: kretprobes: offset from reloc_sym if kernel
supports it
On 2017/03/04 01:34PM, Masami Hiramatsu wrote:
> On Sat, 4 Mar 2017 11:35:51 +0900
> Masami Hiramatsu <mhiramat@...nel.org> wrote:
>
> > On Sat, 4 Mar 2017 09:49:11 +0900
> > Masami Hiramatsu <mhiramat@...nel.org> wrote:
> >
> > > On Thu, 2 Mar 2017 23:25:06 +0530
> > > "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com> wrote:
> > >
> > > > We indicate support for accepting sym+offset with kretprobes through a
> > > > line in ftrace README. Parse the same to identify support and choose the
> > > > appropriate format for kprobe_events.
> > >
> > > Could you give us an example of this change here? :)
> > > for example, comment of commit 613f050d68a8 .
> > >
> > > I think the code is OK, but we need actual example of result.
> >
> > Hi Naveen,
> >
> > I've tried following commands
> >
> > $ grep "[Tt] user_read$" /proc/kallsyms
> > 0000000000000000 T user_read
> > 0000000000000000 t user_read
> > $ sudo ./perf probe -D user_read%return
> > r:probe/user_read _text+3539616
> > r:probe/user_read_1 _text+3653408
> >
> > OK, looks good. However, when I set the retprobes, I got an error.
> >
> > $ sudo ./perf probe -a user_read%return
> > Failed to write event: Invalid argument
> > Error: Failed to add events.
> >
> > And kernel rejected that.
> >
> > $ dmesg -k | tail -n 1
> > [ 850.315068] Given offset is not valid for return probe.
> >
> > Hmm, curious..
>
> Ah, I see.
>
> static int create_trace_kprobe(int argc, char **argv)
> ...
> } else {
> /* a symbol specified */
> symbol = argv[1];
> /* TODO: support .init module functions */
> ret = traceprobe_split_symbol_offset(symbol, &offset);
> if (ret) {
> pr_info("Failed to parse symbol.\n");
> return ret;
> }
> if (offset && is_return &&
> !arch_function_offset_within_entry(offset)) {
> pr_info("Given offset is not valid for return probe.\n");
> return -EINVAL;
> }
> }
>
> So, actually, traceprobe_split_symbol_offset() just split out symbol
> and offset from symbol string (e.g. "_text+3539616").
> So, you should use kallsyms_lookup_size_offset() here again to check
> offset.
Ah, nice catch! I should have tested Steven's patch...
>
> Please try attached patch (I've already tested on x86-64).
>
> $ sudo ./perf probe -a user_read%return
> Added new events:
> probe:user_read (on user_read%return)
> probe:user_read_1 (on user_read%return)
>
> You can now use it in all perf tools, such as:
>
> perf record -e probe:user_read_1 -aR sleep 1
>
> $ sudo ./perf probe -l
> probe:user_read (on user_read%return@...urity/keys/user_defined.c)
> probe:user_read_1 (on user_read%return@...inux/ss/policydb.c)
> $ sudo cat /sys/kernel/debug/kprobes/list
> ffffffff9637bf70 r user_read+0x0 [DISABLED][FTRACE]
> ffffffff963602f0 r user_read+0x0 [DISABLED][FTRACE]
Thanks, I will test this.
- Naveen
Powered by blists - more mailing lists