lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210813000659.48eafbcfeeaa30adcc8a5363@kernel.org>
Date:   Fri, 13 Aug 2021 00:06:59 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     "Tzvetomir Stoyanov (VMware)" <tz.stoyanov@...il.com>,
        linux-trace-devel@...r.kernel.org, linux-kernel@...r.kernel.org,
        tom.zanussi@...ux.intel.com
Subject: Re: [PATCH v4] [RFC] trace: Add kprobe on tracepoint

On Thu, 12 Aug 2021 09:44:39 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Thu, 12 Aug 2021 20:31:10 +0900
> Masami Hiramatsu <mhiramat@...nel.org> wrote:
> 
> > > Yes, anyway we need a way to find loops on histogram/eprobe at last.  
> > 
> > BTW, what about using similar machanism of "current_kprobe()" to detect
> > the reccursion? As an easy way, prepare a static per-cpu pointer which sets
> > the current eprobe and if the eprobe handler detects that is already set,
> > it may warn (or silently ignore) and reject it.
> > (Of course it is better to detect the loop when user sets the hist-trigger
> > by reverse link)
> 
> Thinking more about this, I believe there is a use case for synthetic
> event on a eprobe. Basically:
> 
>   normal_event -> eprobe (extracts struct data into $dat) -> onmax($dat) -> synthetic event
> 
> But I can not come up with any use case of:
> 
>   eprobe -> synthetic event -> eprobe
> 
> or
> 
>   synthetic event -> eprobe -> synthetic event
> 
> That's because once you have an eprobe, you can extract what you want,
> and once you have that synthetic event, you can get the data you want.
> 
> Maybe we should prevent the above and allow one eprobe on a synthetic
> event and one synthetic event on an eprobe.
> 
> Or just don't prevent it at all, and let the user shoot themselves in
> the foot ;-)
> 
> The more I think about this, I'm thinking we just let them shoot
> themselves if they want to.

I agree. Or, at least we can prevent the loop at runtime as I said.
BTW, does synthetic event itself detect and prevent loops? I think
the key point is always synthetic event, so if the loop detector
is implemented, it should be done on the synthetic event.

> 
> But I still agree that eprobes should not be attached to kprobes or
> uprobes directly (although they may be able to be attached to a
> synthetic event that is attached to one!)

Yes.

Thank you,


> 
> -- Steve


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ