| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Jun 2024 17:50:01 -0400 From: Steven Rostedt <rostedt@...dmis.org> To: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> Cc: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>, don <zds100@...il.com>, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org Subject: Re: [PATCH v2 2/3] tracing/fprobe: Support raw tracepoint events on modules On Mon, 3 Jun 2024 15:50:55 -0400 Mathieu Desnoyers <mathieu.desnoyers@...icios.com> wrote: > Hi Masami, > > Why prevent module unload when a fprobe tracepoint is attached to a > module ? This changes the kernel's behavior significantly just for the > sake of instrumentation. > > As an alternative, LTTng-modules attach/detach to/from modules with the > coming/going notifiers, so the instrumentation gets removed when a > module is unloaded rather than preventing its unload by holding a module > reference count. I would recommend a similar approach for fprobe. I think one major difference between fprobes and LTTng module attachment, is that fprobes is an internal mechanism used by other utilities (like BPF). You could have a program loaded that expects an fprobe to succeed, and may have undefined behavior if the fprobe suddenly disappears. That is, we don't know what is depending on that fprobe to simply disable it on module unload. -- Steve
Powered by blists - more mailing lists