lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAJfuBxw_RKv0PJR+vQs-fbg-+hNQOx6wVm2aUm=EPPa+z9nT2w@mail.gmail.com>
Date:   Sat, 25 Nov 2023 23:44:36 -0700
From:   jim.cromie@...il.com
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     linux-kernel@...r.kernel.org, akpm@...ux-foundation.org
Subject: Re: [PATCH 2/2] kmemleak: add checksum to backtrace report

On Sat, Nov 18, 2023 at 10:36 AM Catalin Marinas
<catalin.marinas@....com> wrote:
>
> On Thu, Nov 16, 2023 at 03:43:18PM -0700, Jim Cromie wrote:
> > Change /sys/kernel/debug/kmemleak report format slightly, adding
> > "(extra info)" to the backtrace header:
> >
> > from: "  backtrace:"
> > to:   "  backtrace (crc <cksum>):"
> >
> > The <cksum> allows a user to see recurring backtraces without
> > detailed/careful reading of multiline stacks.  So after cycling
> > kmemleak-test a few times, I know some leaks are repeating.
> >
> >   bash-5.2# grep backtrace /sys/kernel/debug/kmemleak | wc
> >      62     186    1792
> >   bash-5.2# grep backtrace /sys/kernel/debug/kmemleak | sort -u | wc
> >      37     111    1067

So, speculating from here,
what else could be done with <crc: deadbeef> ?

1 - (optionally) collapsing backtraces, replacing the stack with
   "seen previously, at <mumble>"
    of some clear / succinct flavor (maybe several ?)

2 - stack specific instructions from user

echo drop/ignore/histogram/<mumble>  deadbeef \
     > /sys/kernel/debug/kmemleak

this crc-specific instruction could control the optionality of 1.
on a trace-by-trace basis even.

The "seen previously" would be an obvious place to look
for a root cause of a detected leak.
tools beyond drop/ignore/histogram/<mumble>
are worth some consideration ?

> Reviewed-by: Catalin Marinas <catalin.marinas@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ