lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260105142939.2655342-1-atomlin@atomlin.com>
Date: Mon,  5 Jan 2026 09:29:37 -0500
From: Aaron Tomlin <atomlin@...mlin.com>
To: rostedt@...dmis.org,
	mhiramat@...nel.org,
	mark.rutland@....com,
	mathieu.desnoyers@...icios.com,
	corbet@....net
Cc: neelx@...e.com,
	sean@...e.io,
	linux-kernel@...r.kernel.org,
	linux-trace-kernel@...r.kernel.org,
	linux-doc@...r.kernel.org
Subject: [v2 PATCH 0/2] tracing: Expose global views of active filters and triggers

Hi Steve,

Currently, auditing active Ftrace event filters or triggers requires userspace
to recursively traverse the "events/" directory and read the "filter" or
"trigger" file for every individual event. For monitoring tools, security
auditors, or developers debugging complex tracing setups, this O(n) traversal
is inefficient and cumbersome.

This series introduces two new files at the trace root directory to provide
a consolidated, system-wide view of active event configurations:

    1. show_event_filters: Displays all events with an active filter
    2. show_event_triggers: Displays all events with active triggers

Both files utilise the system:event [tab] config format, allowing for easy
parsing by standard tools (e.g., awk) or custom monitoring agents.

The patches leverage the existing trace_event_file iterators to ensure atomic
and efficient traversal of the event list. Scope-based RCU protection
(guard(rcu)) is used for filter string access, whilst the existing event_mutex
protection within the iterator ensures safe traversal of the event trigger
lists. For triggers, we utilise the internal cmd_ops->print() callbacks to 
guarantee that the consolidated output remains consistent with the legacy
per-event interface.


Changes since v1 [1]:
 - Clarified that all events with filters are listed, regardless of
   enablement state (Steven Rostedt)
 - Optimise filter display logic by utilising the guard(rcu) macro for cleaner 
   scope-based RCU protection and early return (Steven Rostedt)
 - Add show_event_triggers to expose event triggers alongside filters
   (Steven Rostedt)

[1]: https://lore.kernel.org/lkml/20260101233414.2476973-1-atomlin@atomlin.com/

Aaron Tomlin (2):
  tracing: Add show_event_filters to expose active event filters
  tracing: Add show_event_triggers to expose active event triggers

 Documentation/trace/ftrace.rst |  16 +++++
 kernel/trace/trace_events.c    | 122 +++++++++++++++++++++++++++++++++
 2 files changed, 138 insertions(+)

-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ