| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250129091741.15f0b3238b67d7f55696de12@kernel.org> Date: Wed, 29 Jan 2025 09:17:41 +0900 From: Masami Hiramatsu (Google) <mhiramat@...nel.org> To: Steven Rostedt <rostedt@...dmis.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, "Masami Hiramatsu (Google)" <mhiramat@...nel.org>, Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>, Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez <da.gomez@...sung.com>, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, linux-modules@...r.kernel.org Subject: Re: [RFC PATCH 0/3] tracing: Introduce relative stacktrace On Tue, 28 Jan 2025 11:27:33 -0500 Steven Rostedt <rostedt@...dmis.org> wrote: > On Tue, 28 Jan 2025 10:46:21 -0500 > Mathieu Desnoyers <mathieu.desnoyers@...icios.com> wrote: > > > This does not handle the situation where a module is already loaded > > before tracing starts. In LTTng we have a statedump facility for this, > > where we can iterate on all modules at trace start and dump the relevant > > information. > > > > You may want to consider a similar approach for other tracers. > > Last night Masami and I were talking about this. The idea I was thinking of > was to simply have a module load notifier that would add modules to an > array. It would only keep track of loaded modules, and when the trace hit, > if the address was outside of core text, it would search the array for the > module, and use that. When a module is removed, it would also be removed > from the array. We currently do not support tracing module removal (if the > module is traced, the buffers are cleared when the module is removed). Actually, we already have similar info in /proc/modules. Of course it is not persistent. > If it is a module address, set the MSB, and for 32 bit machines use the > next 7 bits as an index into the module array, and for 64 bit machines, use > the next 10 bits as an index. I thought 7 bits were not enough because some stacktrace were kept after the module was unloaded. Of course we can ignore such case (anyway current "live" stacktrace does not care such case too). > This would be exposed in the format file for > the kernel_stack_rel event, so if these numbers change, user space can cope > with it. In fact, it would need to use the format file to distinguish the > 32 bit and 64 bit values. Yeah, that can simplify the userspace. But the problem of using relative address from the module .text is that it has bigger overhead to find the module for each stacktrace entry. Thank you, > > That is, a stack trace will contain addresses that are core kernel simply > subtracted from ".text", and the modules address would have the MSB set, > the next bits would be an index into that array that holds the module > information, and the address would be the address minus the module address > where it was loaded. > > This way we do not need to save the information from any events. Also, for > the persistent ring buffer, this array could live in that memory, so that > it will be available on the next boot. > > -- Steve > -- Masami Hiramatsu (Google) <mhiramat@...nel.org>
Powered by blists - more mailing lists