lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 21 Oct 2021 09:36:32 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Huan Xie <xiehuan09@...il.com>
Cc:     Steven Rostedt <rostedt@...dmis.org>, mingo@...hat.com,
        chenhuacai@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] trace: Add trace any kernel object

On Thu, 21 Oct 2021 00:04:40 +0800
Huan Xie <xiehuan09@...il.com> wrote:

> > > > For example:
> > > >
> > > > For the function bio_add_page, we can trace the first argument:
> > > >
> > > > int bio_add_page(struct bio *bio, struct page *page,
> > > >                             unsigned int len, unsigned int offset)
> > > >
> > > >     #cd /sys/kernel/debug/tracing
> > > >     #echo 1 > ./trace_object
> >
> > Hmm, so what happen if there are several events in parallel?
> >
> > > >     #echo 'p bio_add_page arg1=$arg1' > kprobe_events
> > > >     #echo 1 > ./events/kprobes/p_bio_add_page_0/enable
> >
> > what about adding a "objfilter" trigger action to update the object
> > list? e.g.
> >
> > echo objfilter:add:arg1:1 if comm == "sync" >> ./events/kprobes/p_bio_add_page_0/trigger
> >
> > This will "add the value of 'arg1' to objfilter 1 time if the process
> > name is sync".
> 
> Thanks. The trigger seems to work in combination with kprobe/uprobe/eprobe.
> 
> I have been trying to implement this feature in recent days, But my
> code does not look very elegant at the moment :-)

No problem! I can help you to brush up the coding :)

> It seems the result of 'cat  trace' should also need to be filtered,
> Because it will output the functions we don’t want to care about.

It actually depends on what object user wants to trace. e.g. network
packet trace will not be affected by 'cat trace'.
Anyway, we have "options/pause-on-trace" to stop tracing while
reading trace file. So user can choose it stop it or not. :)

> 
> I didn't expect this idea to be a relatively large project. :-)
> 

Because you have an exciting idea :)

Thank you,

-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ