| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <168699521817.528797.13179901018528120324.stgit@mhiramat.roam.corp.google.com>
Date: Sat, 17 Jun 2023 18:46:58 +0900
From: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>
To: linux-trace-kernel@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
mhiramat@...nel.org, Martin KaFai Lau <martin.lau@...ux.dev>,
bpf@...r.kernel.org
Subject: [PATCH 0/5] tracing: Improbe BTF support on probe events
Hi,
Here is a seires of patches to improve the BTF support on probe events.
In the previous series, I introduced BTF based function argument support.
This series focuses on accessing data structure fields and string type
checking. Here is the list of the patches.
- [1/5] Add data field access support from BTF args.
- [2/5] Add data field access support from retval.
- [3/5] "string" type checks the BTF type and add dereference
automatically.
- [4/5] Update testcases
- [5/5] Update documents
With this series, you can trace information from function entry/exit and
tracepoints. For example, you can get information about data structures
that are not exposed to user space (via traceevent), or find out what
the data in the data structure pointed by the return value of a function
was.
This was previously possible with the `perf probe` command, but with BTF
you can do it with just tracefs. (Of course `perf probe` is still useful
for debugging kernel with tracing function body or where any tracepoint
is not provided.)
Example:
# echo 'f getname_flags%return retval->name:string' > dynamic_events
# echo 1 > events/fprobes/getname_flags__exit/enable
# ls > /dev/null
# head -n 40 trace | tail
ls-87 [000] ...1. 8067.616101: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./function_profile_enabled"
ls-87 [000] ...1. 8067.616108: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./trace_stat"
ls-87 [000] ...1. 8067.616115: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./set_graph_notrace"
ls-87 [000] ...1. 8067.616122: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./set_graph_function"
ls-87 [000] ...1. 8067.616129: getname_flags__exit: (vfs_fstatat+0x3c/0x70 <- getname_flags) arg1="./set_ftrace_notrace"
This series can be applied on top of "probes/core" branch of the
linux-trace.git.
You can also get this series from:
git://git.kernel.org/pub/scm/linux/kernel/git/mhiramat/linux.git topic/fprobe-event-ext
Thank you,
---
Masami Hiramatsu (Google) (5):
tracing/probes: Support BTF based data structure field access
tracing/probes: Support BTF field access from retval
tracing/probes: Add string type check with BTF
selftests/ftrace: Add BTF fields access testcases
Documentation: tracing: Update fprobe event example with BTF field
Documentation/trace/fprobetrace.rst | 50 ++-
kernel/trace/trace_probe.c | 347 ++++++++++++++++++--
kernel/trace/trace_probe.h | 19 +
.../ftrace/test.d/dynevent/add_remove_btfarg.tc | 11 +
.../ftrace/test.d/dynevent/fprobe_syntax_errors.tc | 4
5 files changed, 376 insertions(+), 55 deletions(-)
--
Masami Hiramatsu (Google) <mhiramat@...nel.org>
Powered by blists - more mailing lists