lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210316112800.3617ffd7@gandalf.local.home>
Date:   Tue, 16 Mar 2021 11:28:00 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Mark Brown <broonie@...nel.org>
Cc:     Sangmoon Kim <sangmoon.kim@...sung.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>, jordan.lim@...sung.com,
        Ingo Molnar <mingo@...hat.com>,
        Dave Martin <Dave.Martin@....com>,
        Mark Rutland <mark.rutland@....com>,
        Dmitry Safonov <0x7f454c46@...il.com>,
        Amit Daniel Kachhap <amit.kachhap@....com>,
        Peter Collingbourne <pcc@...gle.com>,
        Gavin Shan <gshan@...hat.com>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: traps: add tracepoints for unusal exception
 cases

On Mon, 8 Mar 2021 13:31:49 +0000
Mark Brown <broonie@...nel.org> wrote:

> > @@ -832,6 +846,7 @@ void __noreturn arm64_serror_panic(struct pt_regs *regs, u32 esr)
> >  	if (regs)
> >  		__show_regs(regs);
> >  
> > +	trace_traps_serror_panic_tp(regs, esr);
> >  	nmi_panic(regs, "Asynchronous SError Interrupt");  
> 
> One of the concerns people have with adding tracepoints is that they can
> end up defining ABI so if we *are* going to add any then we need to
> think carefully about how they're defined.  As things currently stand
> they'll pass in the full pt_regs struct which includes not only what's
> defined by the hardware but also additional software defined information
> we store along with it like the stackframe which would be even more of a
> problem if it ends up getting used by someone in a way that ends up as
> ABI.  These are defined as bare tracehooks which does mitigate against
> things ending up getting used in ways that cause problems but people are
> still going to worry about things ending up getting relied on one way or
> another.
> 
> That said it's not clear to me that this will record anything beyond the
> pointer directly in the trace buffer so the value might not be useful
> for terribly long, that itself feels like it might not be as robust an
> interface as it should be.

BTW, we are working on an "event probe". That is similar to kprobe
event, but attaches to the output of an event to create another event.

Thus, if you had a trace event that was like this:

	trace_regs(pt_regs *regs);

Where you save the regs pointer for output:

	TP_STRUCT__entry(
		__field(void *, regs )
	),

	TP_fast_assign(
		__entry->regs = regs;
	)


Then you would be able to get access to all the regs for that tracepoint!

 # echo 'e:pt_regs regs ip=+8(regs):x64' > /sys/kernel/tracing/kprobe_events

Where "e:" denotes that this connects to a trace event, "pt_regs" is the
event name created under kprobes subsystem, "regs" is the trace event to
attach to, "ip=" is what will be printed, and "+8(regs):x64" is a way to
dereference the regs pointer at the time of the trace event is executed.
That is, it will dereference 8 bytes from the pointer and return a x64 hex
number.

Thus, trace events like this may be very useful in the near future.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ