lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Oct 2021 18:23:34 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Masami Hiramatsu <mhiramat@...nel.org>
Cc:     Jiri Olsa <jolsa@...hat.com>,
        Alan Maguire <alan.maguire@...cle.com>,
        Sven Schnelle <svens@...ux.ibm.com>, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] tracing: BTF testing for kprobe-events

On Thu, 23 Sep 2021 21:39:43 +0900
Masami Hiramatsu <mhiramat@...nel.org> wrote:

> Hi Steve,
> 

Hi Masami,

Sorry for the late reply, but Plumbers followed by OSS put me way behind,
and I just got to this email :-/

> Here I share my testing patch of the BTF for kprobe events.
> Currently this only allow user to specify '$$args' for
> tracing all arguments of the function. This is only
> avaialbe if
> - the probe point is on the function entry
> - the kernel is compiled with BTF (CONFIG_DEBUG_INFO_BTF)
> - the kernel is enables BPF (CONFIG_BPF_SYSCALL)
> 
> And Special thanks to Sven! Most of BTF handling part of
> this patch comes from his patch [1]
> 
> [1] https://stackframe.org/0001-ftrace-arg-hack.patch

Which is newer than this patch because he sent a v2, and that's a couple
patches down in my queue. I'll be looking at that one shortly as well.

> 
> What I thought while coding this were;
> - kernel/bpf/btf.c can be moved under lib/ so that
>   the other subsystems can reuse it, independent
>   from BPF. (Also, this should depends on CONFIG_DEBUG_INFO_BTF)

Makes sense.

> - some more utility functions can be exposed.
>   e.g. I copied btf_type_int() from btf.c

Agreed.

> - If there are more comments for the BTF APIs, it will
>   be more useful...
> - Overall, the BTF is easy to understand for who
>   already understand DWARF. Great work!

Great to hear.

> - I think I need 'ptr' and 'bool' types for fetcharg types.
> 
> Anyway, this is just for testing. I have to add some
> more cleanup, features and documentations, etc.

This is awesome, and something to look at for a generic ftrace args point
of view too.

One issue is how do we handle multiple register values? Like a u64 type on
32 bit?  As $arg1 is just a register that is in $arg1, for a u64 parameter
on 32 bit, that is usually handled with two registers.

Have thoughts on that?

I'll play with your patch today.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ