lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 8 Feb 2018 20:10:03 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Namhyung Kim <namhyung@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Tom Zanussi <tom.zanussi@...ux.intel.com>,
        linux-rt-users@...r.kernel.org, linux-trace-users@...r.kernel.org,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Clark Williams <williams@...hat.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Daniel Bristot de Oliveira <bristot@...hat.com>,
        Juri Lelli <juri.lelli@...hat.com>,
        Jonathan Corbet <corbet@....net>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        kernel-team@....com
Subject: Re: [PATCH 12/18] tracing: Add accessing direct address from
 function based events

On Fri, 9 Feb 2018 09:34:36 +0900
Namhyung Kim <namhyung@...nel.org> wrote:

> > +Direct memory access
> > +====================
> > +
> > +Function arguments are not the only thing that can be recorded from a function
> > +based event. Memory addresses can also be examined. If there's a global variable
> > +that you want to monitor via an interrupt, you can put in the address directly.
> > +
> > +  # grep total_forks /proc/kallsyms
> > +ffffffff82354c18 B total_forks
> > +
> > +  # echo 'do_IRQ(int total_forks=0xffffffff82354c18)' > function_events  
> 
> Couldn't we use the symbol name directly?  Maybe it needs a syntax to
> indicate global variable.  Like this?
> 
>   # echo 'do_IRQ(int $total_forks)' > function_events

Or perhaps use "@"?

But that's a good idea and not hard to implement.


> >  	case FUNC_STATE_TYPE:
> > -		if (!isalpha(token[0]) || token[0] == '_')
> > -			break;
> >  		if (WARN_ON(!fevent->last_arg))
> >  			break;
> > -		fevent->last_arg->name = kstrdup(token, GFP_KERNEL);
> > -		if (!fevent->last_arg->name)
> > +		if (update_arg_name(fevent, token) < 0)
> > +			break;
> > +		if (strncmp(token, "0x", 2) == 0)
> > +			goto equal;  
> 
> Not sure it's needed here.  IIUC it should see '=' first and you used
> the same token with arg->name.  Hmm.. do you want support accessing to
> an unnamed address directly like below?
> 
>   # echo 'do_IRQ(int 0xffffffff82354c18)' > function_events 

Yes this works, and was the original way. Someone at DevConf.cz
(Arnaldo maybe, can't remember) recommended giving a name and then we
came up with the "=" sign to use.

> 
> > +		if (!isalpha(token[0]) && token[0] != '_')
> >  			break;  
> 
> Maybe you want to check it before the update_arg_name().

Hmm, perhaps, I guess I should see what the error messages shows.

Thanks!

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ