lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191218125941.3845add7@gandalf.local.home>
Date:   Wed, 18 Dec 2019 12:59:41 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     David Laight <David.Laight@...LAB.COM>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Sudip Mukherjee" <sudipm.mukherjee@...il.com>
Subject: Re: ftrace trace_raw_pipe format

On Wed, 18 Dec 2019 17:28:13 +0000
David Laight <David.Laight@...LAB.COM> wrote:

> From: Steven Rostedt
> > Sent: 17 December 2019 22:34
> >  
> > > I'm trying to 'grok' the trace_raw_pipe data that ftrace generates.
> > > I've some 3rd party code that post-processes it, but doesn't like wrapped traces
> > > because (I think) the traces from different cpus start at different times.
> > >
> > > I can't seem to find any documentation at all...  
> ...
> > You may want to use libtraceevent (which will, hopefully, soon
> > be in debian!). Attached is a simple program that reads the data using
> > it and prints out the format.  
> 
> The problem is that I don't want to print the trace, I want to fix
> some trace files so that another program doesn't barf at them.

It's not just for printing. It allows you to read the buffers and do
whatever you want with the data. Look at the kbuffer code. It's the way
to get the raw event data with the time stamps attached to them. The
kbuffer part (see kbuffer.h) processes the meta data in the
trace-pipe-raw file, and hands you the raw data that's there.

The libtraceevent is mainly to parse the format files of the events, to
know how to read the data (see the my_sched_switch() code of the second
version of my sample program). As the format files describe the binary
layout of the raw event data. Yes, this program prints the data, but it
could be easily modified to convert the data into a different format.

> 
> I guess I can try to reverse engineer the library code.

You shouldn't have to reverse engineer the code. If it's not what you
need, let me know exactly what you want, and we can add to it. The
reason I created libtraceevent, is to get rid of all the duplicate code
that's out there toady.

> 
> It would also be nice if there was a way that some standard program
> (like cat) could read out the trace files without blocking at the end
> when the trace is inactive.
> 

It shouldn't be hard to add a trace option to the kernel, to do that.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ