lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID:  <168699521817.528797.13179901018528120324.stgit@mhiramat.roam.corp.google.com>
Date:   Sat, 17 Jun 2023 18:46:58 +0900
From:   "Masami Hiramatsu (Google)" <mhiramat@...nel.org>
To:     linux-trace-kernel@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
        mhiramat@...nel.org, Martin KaFai Lau <martin.lau@...ux.dev>,
        bpf@...r.kernel.org
Subject: [PATCH 0/5] tracing: Improbe BTF support on probe events

Hi,

Here is a seires of patches to improve the BTF support on probe events.

In the previous series, I introduced BTF based function argument support.
This series focuses on accessing data structure fields and string type
checking. Here is the list of the patches.

- [1/5] Add data field access support from BTF args.
- [2/5] Add data field access support from retval.
- [3/5] "string" type checks the BTF type and add dereference
        automatically.
- [4/5] Update testcases
- [5/5] Update documents

With this series, you can trace information from function entry/exit and
tracepoints. For example, you can get information about data structures
that are not exposed to user space (via traceevent), or find out what
the data in the data structure pointed by the return value of a function
was.
This was previously possible with the `perf probe` command, but with BTF
you can do it with just tracefs. (Of course `perf probe` is still useful
for debugging kernel with tracing function body or where any tracepoint
is not provided.)

Example:

 # echo 'f getname_flags%return retval->name:string' > dynamic_events
 # echo 1 > events/fprobes/getname_flags__exit/enable
 # ls > /dev/null
 # head -n 40 trace | tail
              ls-87      [000] ...1.  8067.616101: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./function_profile_enabled"
              ls-87      [000] ...1.  8067.616108: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./trace_stat"
              ls-87      [000] ...1.  8067.616115: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./set_graph_notrace"
              ls-87      [000] ...1.  8067.616122: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./set_graph_function"
              ls-87      [000] ...1.  8067.616129: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./set_ftrace_notrace"


This series can be applied on top of "probes/core" branch of the
linux-trace.git.

You can also get this series from:

git://git.kernel.org/pub/scm/linux/kernel/git/mhiramat/linux.git topic/fprobe-event-ext


Thank you,

---

Masami Hiramatsu (Google) (5):
      tracing/probes: Support BTF based data structure field access
      tracing/probes: Support BTF field access from retval
      tracing/probes: Add string type check with BTF
      selftests/ftrace: Add BTF fields access testcases
      Documentation: tracing: Update fprobe event example with BTF field


 Documentation/trace/fprobetrace.rst                |   50 ++-
 kernel/trace/trace_probe.c                         |  347 ++++++++++++++++++--
 kernel/trace/trace_probe.h                         |   19 +
 .../ftrace/test.d/dynevent/add_remove_btfarg.tc    |   11 +
 .../ftrace/test.d/dynevent/fprobe_syntax_errors.tc |    4 
 5 files changed, 376 insertions(+), 55 deletions(-)

--
Masami Hiramatsu (Google) <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ