| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a7a171c4-7feb-4f26-a832-18d38a3ee973@efficios.com> Date: Tue, 28 Jan 2025 10:46:21 -0500 From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> To: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>, Steven Rostedt <rostedt@...dmis.org> Cc: Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>, Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez <da.gomez@...sung.com>, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, linux-modules@...r.kernel.org Subject: Re: [RFC PATCH 0/3] tracing: Introduce relative stacktrace On 2025-01-28 10:36, Masami Hiramatsu (Google) wrote: > Hi, > > This introduces relative stacktrace, which records stacktrace entry as > the offset from _stext instead of raw address. User can enable this > format by setting options/relative-stacktrace. > > Basically, this does not change anything for users who are using ftrace > with 'trace' text-formatted interface. This changes how each stacktrace > entry address is stored, so users who is using 'trace_pipe_raw' needs > to change how to decode the stacktrace. > > Currently, the stacktrace is stored as raw kernel address. Thus, for > decoding the binary trace data, we need to refer the kallsyms. But this > is not useful on the platform which prohibits to access /proc/kallsyms > for security reason. Since KASLR will change the kernel text address, > we can not decode symbols without kallsyms in userspace. > > On the other hand, if we record the stacktrace entries in the offset > from _stext, we can use System.map file to decode it. This is also good > for the stacktrace in the persistent ring buffer, because we don't need > to save the kallsyms before crash anymore. > > The problem is to decode the address in the modules because it will be > loaded in the different place. To solve this issue, I also introduced > 'module_text_offsets' event, which records module's text and init_text > info as the offset from _stext when loading it. User can store this > event in the (another) persistent ring buffer for decoding. This does not handle the situation where a module is already loaded before tracing starts. In LTTng we have a statedump facility for this, where we can iterate on all modules at trace start and dump the relevant information. You may want to consider a similar approach for other tracers. Thanks, Mathieu > > Thank you, > > --- > > Masami Hiramatsu (Google) (3): > tracing: Record stacktrace as the offset from _stext > tracing: Introduce "rel_stack" option > modules: tracing: Add module_text_offsets event > > > include/trace/events/module.h | 40 ++++++++++++++++++++++++++++++++++++++++ > kernel/module/main.c | 1 + > kernel/trace/trace.c | 11 ++++++++++- > kernel/trace/trace.h | 2 ++ > kernel/trace/trace_entries.h | 22 ++++++++++++++++++++++ > kernel/trace/trace_output.c | 35 +++++++++++++++++++++++++++++++---- > 6 files changed, 106 insertions(+), 5 deletions(-) > > -- > Signature -- Mathieu Desnoyers EfficiOS Inc. https://www.efficios.com
Powered by blists - more mailing lists