| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250128112733.37d7c771@gandalf.local.home> Date: Tue, 28 Jan 2025 11:27:33 -0500 From: Steven Rostedt <rostedt@...dmis.org> To: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> Cc: "Masami Hiramatsu (Google)" <mhiramat@...nel.org>, Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>, Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez <da.gomez@...sung.com>, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, linux-modules@...r.kernel.org Subject: Re: [RFC PATCH 0/3] tracing: Introduce relative stacktrace On Tue, 28 Jan 2025 10:46:21 -0500 Mathieu Desnoyers <mathieu.desnoyers@...icios.com> wrote: > This does not handle the situation where a module is already loaded > before tracing starts. In LTTng we have a statedump facility for this, > where we can iterate on all modules at trace start and dump the relevant > information. > > You may want to consider a similar approach for other tracers. Last night Masami and I were talking about this. The idea I was thinking of was to simply have a module load notifier that would add modules to an array. It would only keep track of loaded modules, and when the trace hit, if the address was outside of core text, it would search the array for the module, and use that. When a module is removed, it would also be removed from the array. We currently do not support tracing module removal (if the module is traced, the buffers are cleared when the module is removed). If it is a module address, set the MSB, and for 32 bit machines use the next 7 bits as an index into the module array, and for 64 bit machines, use the next 10 bits as an index. This would be exposed in the format file for the kernel_stack_rel event, so if these numbers change, user space can cope with it. In fact, it would need to use the format file to distinguish the 32 bit and 64 bit values. That is, a stack trace will contain addresses that are core kernel simply subtracted from ".text", and the modules address would have the MSB set, the next bits would be an index into that array that holds the module information, and the address would be the address minus the module address where it was loaded. This way we do not need to save the information from any events. Also, for the persistent ring buffer, this array could live in that memory, so that it will be available on the next boot. -- Steve
Powered by blists - more mailing lists