| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jun 2023 15:44:48 +0200
From: Jiri Olsa <olsajiri@...il.com>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Yonghong Song <yhs@...a.com>, Jiri Olsa <olsajiri@...il.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Andrii Nakryiko <andrii@...nel.org>,
lkml <linux-kernel@...r.kernel.org>,
linux-trace-kernel@...r.kernel.org, bpf@...r.kernel.org,
Andrii Nakryiko <andrii.nakryiko@...il.com>,
Jackie Liu <liu.yun@...ux.dev>
Subject: Re: [PATCHv2] ftrace: Show all functions with addresses in
available_filter_functions_addrs
On Tue, Jun 13, 2023 at 09:36:06AM -0400, Steven Rostedt wrote:
> On Mon, 12 Jun 2023 22:04:28 -0700
> Yonghong Song <yhs@...a.com> wrote:
>
> > Thanks for explanation! It would be great if we can put more details in
> > this email into the commit message!
>
> I agree.
>
> This is the patch I just pulled into my queue:
great, thanks
jirka
>
> From: Jiri Olsa <jolsa@...nel.org>
> Date: Sun, 11 Jun 2023 15:00:29 +0200
> Subject: [PATCH] ftrace: Show all functions with addresses in
> available_filter_functions_addrs
>
> Adding new available_filter_functions_addrs file that shows all available
> functions (same as available_filter_functions) together with addresses,
> like:
>
> # cat available_filter_functions_addrs | head
> ffffffff81000770 __traceiter_initcall_level
> ffffffff810007c0 __traceiter_initcall_start
> ffffffff81000810 __traceiter_initcall_finish
> ffffffff81000860 trace_initcall_finish_cb
> ...
>
> Note displayed address is the patch-site address and can differ from
> /proc/kallsyms address.
>
> It's useful to have address avilable for traceable symbols, so we don't
> need to allways cross check kallsyms with available_filter_functions
> (or the other way around) and have all the data in single file.
>
> For backwards compatibility reasons we can't change the existing
> available_filter_functions file output, but we need to add new file.
>
> The problem is that we need to do 2 passes:
>
> - through available_filter_functions and find out if the function is traceable
> - through /proc/kallsyms to get the address for traceable function
>
> Having available_filter_functions symbols together with addresses allow
> us to skip the kallsyms step and we are ok with the address in
> available_filter_functions_addr not being the function entry, because
> kprobe_multi uses fprobe and that handles both entry and patch-site
> address properly.
>
> We have 2 interfaces how to create kprobe_multi link:
>
> a) passing symbols to kernel
>
> 1) user gathers symbols and need to ensure that they are
> trace-able -> pass through available_filter_functions file
>
> 2) kernel takes those symbols and translates them to addresses
> through kallsyms api
>
> 3) addresses are passed to fprobe/ftrace through:
>
> register_fprobe_ips
> -> ftrace_set_filter_ips
>
> b) passing addresses to kernel
>
> 1) user gathers symbols and needs to ensure that they are
> trace-able -> pass through available_filter_functions file
>
> 2) user takes those symbols and translates them to addresses
> through /proc/kallsyms
>
> 3) addresses are passed to the kernel and kernel calls:
>
> register_fprobe_ips
> -> ftrace_set_filter_ips
>
> The new available_filter_functions_addrs file helps us with option b),
> because we can make 'b 1' and 'b 2' in one step - while filtering traceable
> functions, we get the address directly.
>
> Link: https://lore.kernel.org/linux-trace-kernel/20230611130029.1202298-1-jolsa@kernel.org
>
> Cc: Masami Hiramatsu <mhiramat@...nel.org>
> Cc: Mark Rutland <mark.rutland@....com>
> Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>
> Cc: Jackie Liu <liu.yun@...ux.dev>
> Suggested-by: Steven Rostedt (Google) <rostedt@...dmis.org>
> Suggested-by: Andrii Nakryiko <andrii@...nel.org>
> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> Signed-off-by: Steven Rostedt (Google) <rostedt@...dmis.org>
> ---
> Documentation/trace/ftrace.rst | 6 ++++++
> include/linux/ftrace.h | 1 +
> kernel/trace/ftrace.c | 37 ++++++++++++++++++++++++++++++++++
> 3 files changed, 44 insertions(+)
>
> diff --git a/Documentation/trace/ftrace.rst b/Documentation/trace/ftrace.rst
> index df2d3e57a83f..b7308ab10c0e 100644
> --- a/Documentation/trace/ftrace.rst
> +++ b/Documentation/trace/ftrace.rst
> @@ -324,6 +324,12 @@ of ftrace. Here is a list of some of the key files:
> "set_graph_function", or "set_graph_notrace".
> (See the section "dynamic ftrace" below for more details.)
>
> + available_filter_functions_addrs:
> +
> + Similar to available_filter_functions, but with address displayed
> + for each function. The displayed address is the patch-site address
> + and can differ from /proc/kallsyms address.
> +
> dyn_ftrace_total_info:
>
> This file is for debugging purposes. The number of functions that
> diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
> index 49f279f4c3a1..8e59bd954153 100644
> --- a/include/linux/ftrace.h
> +++ b/include/linux/ftrace.h
> @@ -633,6 +633,7 @@ enum {
> FTRACE_ITER_MOD = (1 << 5),
> FTRACE_ITER_ENABLED = (1 << 6),
> FTRACE_ITER_TOUCHED = (1 << 7),
> + FTRACE_ITER_ADDRS = (1 << 8),
> };
>
> void arch_ftrace_update_code(int command);
> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
> index 764668467155..b24c573934af 100644
> --- a/kernel/trace/ftrace.c
> +++ b/kernel/trace/ftrace.c
> @@ -3861,6 +3861,9 @@ static int t_show(struct seq_file *m, void *v)
> if (!rec)
> return 0;
>
> + if (iter->flags & FTRACE_ITER_ADDRS)
> + seq_printf(m, "%lx ", rec->ip);
> +
> if (print_rec(m, rec->ip)) {
> /* This should only happen when a rec is disabled */
> WARN_ON_ONCE(!(rec->flags & FTRACE_FL_DISABLED));
> @@ -3996,6 +3999,30 @@ ftrace_touched_open(struct inode *inode, struct file *file)
> return 0;
> }
>
> +static int
> +ftrace_avail_addrs_open(struct inode *inode, struct file *file)
> +{
> + struct ftrace_iterator *iter;
> + int ret;
> +
> + ret = security_locked_down(LOCKDOWN_TRACEFS);
> + if (ret)
> + return ret;
> +
> + if (unlikely(ftrace_disabled))
> + return -ENODEV;
> +
> + iter = __seq_open_private(file, &show_ftrace_seq_ops, sizeof(*iter));
> + if (!iter)
> + return -ENOMEM;
> +
> + iter->pg = ftrace_pages_start;
> + iter->flags = FTRACE_ITER_ADDRS;
> + iter->ops = &global_ops;
> +
> + return 0;
> +}
> +
> /**
> * ftrace_regex_open - initialize function tracer filter files
> * @ops: The ftrace_ops that hold the hash filters
> @@ -5916,6 +5943,13 @@ static const struct file_operations ftrace_touched_fops = {
> .release = seq_release_private,
> };
>
> +static const struct file_operations ftrace_avail_addrs_fops = {
> + .open = ftrace_avail_addrs_open,
> + .read = seq_read,
> + .llseek = seq_lseek,
> + .release = seq_release_private,
> +};
> +
> static const struct file_operations ftrace_filter_fops = {
> .open = ftrace_filter_open,
> .read = seq_read,
> @@ -6377,6 +6411,9 @@ static __init int ftrace_init_dyn_tracefs(struct dentry *d_tracer)
> trace_create_file("available_filter_functions", TRACE_MODE_READ,
> d_tracer, NULL, &ftrace_avail_fops);
>
> + trace_create_file("available_filter_functions_addrs", TRACE_MODE_READ,
> + d_tracer, NULL, &ftrace_avail_addrs_fops);
> +
> trace_create_file("enabled_functions", TRACE_MODE_READ,
> d_tracer, NULL, &ftrace_enabled_fops);
>
> --
> 2.39.2
>
Powered by blists - more mailing lists