lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20211013215206.c7b49db96a939fc71eb988b3@kernel.org>
Date:   Wed, 13 Oct 2021 21:52:06 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Jiri Olsa <jolsa@...hat.com>,
        Alan Maguire <alan.maguire@...cle.com>,
        Sven Schnelle <svens@...ux.ibm.com>, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] tracing: BTF testing for kprobe-events

On Mon, 11 Oct 2021 18:23:34 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Thu, 23 Sep 2021 21:39:43 +0900
> Masami Hiramatsu <mhiramat@...nel.org> wrote:
> 
> > Hi Steve,
> > 
> 
> Hi Masami,
> 
> Sorry for the late reply, but Plumbers followed by OSS put me way behind,
> and I just got to this email :-/
> 
> > Here I share my testing patch of the BTF for kprobe events.
> > Currently this only allow user to specify '$$args' for
> > tracing all arguments of the function. This is only
> > avaialbe if
> > - the probe point is on the function entry
> > - the kernel is compiled with BTF (CONFIG_DEBUG_INFO_BTF)
> > - the kernel is enables BPF (CONFIG_BPF_SYSCALL)
> > 
> > And Special thanks to Sven! Most of BTF handling part of
> > this patch comes from his patch [1]
> > 
> > [1] https://stackframe.org/0001-ftrace-arg-hack.patch
> 
> Which is newer than this patch because he sent a v2, and that's a couple
> patches down in my queue. I'll be looking at that one shortly as well.

Did he send his BTF hack patch to you ?
I didn't notice that.


> > What I thought while coding this were;
> > - kernel/bpf/btf.c can be moved under lib/ so that
> >   the other subsystems can reuse it, independent
> >   from BPF. (Also, this should depends on CONFIG_DEBUG_INFO_BTF)
> 
> Makes sense.
> 
> > - some more utility functions can be exposed.
> >   e.g. I copied btf_type_int() from btf.c
> 
> Agreed.
> 
> > - If there are more comments for the BTF APIs, it will
> >   be more useful...
> > - Overall, the BTF is easy to understand for who
> >   already understand DWARF. Great work!
> 
> Great to hear.
> 
> > - I think I need 'ptr' and 'bool' types for fetcharg types.
> > 
> > Anyway, this is just for testing. I have to add some
> > more cleanup, features and documentations, etc.
> 
> This is awesome, and something to look at for a generic ftrace args point
> of view too.
> 
> One issue is how do we handle multiple register values? Like a u64 type on
> 32 bit?  As $arg1 is just a register that is in $arg1, for a u64 parameter
> on 32 bit, that is usually handled with two registers.
> 
> Have thoughts on that?

Oh, that's a good point! The probe event supports such case, since I expected
the user will use 2 arguments to record it. But indeed, using BTF means we need
such extension.
OK, let me consider how to extend fetchargs to support it.

Thank you!

> 
> I'll play with your patch today.
> 
> -- Steve


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ