| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250829194246.744c760b@gandalf.local.home>
Date: Fri, 29 Aug 2025 19:42:46 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>, Steven Rostedt
<rostedt@...nel.org>, linux-kernel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org, bpf@...r.kernel.org, x86@...nel.org,
Masami Hiramatsu <mhiramat@...nel.org>, Mathieu Desnoyers
<mathieu.desnoyers@...icios.com>, Josh Poimboeuf <jpoimboe@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...nel.org>, Jiri
Olsa <jolsa@...nel.org>, Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
Andrii Nakryiko <andrii@...nel.org>, Indu Bhagat <indu.bhagat@...cle.com>,
"Jose E. Marchesi" <jemarch@....org>, Beau Belgrave
<beaub@...ux.microsoft.com>, Jens Remus <jremus@...ux.ibm.com>, Andrew
Morton <akpm@...ux-foundation.org>, Florian Weimer <fweimer@...hat.com>,
Sam James <sam@...too.org>, Kees Cook <kees@...nel.org>, "Carlos O'Donell"
<codonell@...hat.com>
Subject: Re: [PATCH v6 5/6] tracing: Show inode and device major:minor in
deferred user space stacktrace
On Fri, 29 Aug 2025 19:09:35 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:
> > NOTHING like that. You don't look at the hash. You don't "register"
> > it. You don't touch it in any way. You literally just use it as a
> > value, and user space will figure it out later. At event parsing time.
>
> I guess this is where I'm stuck. How does user space know what those hash
> values mean? Where does it get the information from?
This is why I had the stored hash items in a "file_cache". It was the way
to know that a new vma is being used and needs an event to show it.
>
> That is, this would likely be useful:
>
> vma = NULL;
> foreach addr in callchain
> if (!vma || addr not in range of vma)
> vma = vma_lookup(addr);
You already stated that the vma_lookup() and the hash algorithm is very
expensive, but they need to be done anyway. A simple hash lookup is quick
and would be lost in the noise.
vma = NULL;
hash = 0;
foreach addr in callchain
if (!vma || addr not in range of vma) {
vma = vma_lookup(addr);
hash = get_hash(vma);
}
callchain[i] = addr - offset;
hash[i] = hash;
I had that get_hash(vma) have something like:
u32 get_hash(vma) {
unsigned long ptr = (unsigned long)vma->vm_file;
u32 hash;
/* Remove alignment */
ptr >>= 3;
hash = siphash_1u32((u32)ptr, &key);
if (lookup_hash(hash))
return hash; // already saved
// The above is the most common case and is quick.
// Especially compared to vma_lookup() and the hash algorithm
/* Slow but only happens when a new vma is discovered */
trigger_event_that_maps_hash_to_file_data(hash, vma);
/* Doesn't happen again for this hash value */
save_hash(hash);
This is also where I would have a callback from munmap() to remove the
vmas from this hash table because they are no longer around. And if a new
vma came around with the same vm_file address, it would not be found in the
hash table and would trigger the print again with the hash and the new file
it represents.
This "garbage" was how I implemented the way to let user space know what
the meaning of the hash values are.
Otherwise, we need something else to expose to user space what those hashes
mean. And that's where I don't know what you are expecting.
-- Steve
Powered by blists - more mailing lists