lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 15 Nov 2018 22:02:56 -0800 (PST)
From:   Kris Van Hees <kris.van.hees@...cle.com>
To:     linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: [RFC] DTrace based on eBPF and other tracing facilities

A lot of work has been done on various aspects of the tracing infrastructure
in Linux in the past years and with the further development of BPF a quite
powerful execution engine has become available as well.

One of the difficulties we have experienced in furthering DTrace on Linux is
that we have to duplicate functionality already available in the kernel
because that functionality is not easy to make use of.

In the past year or so we have been working towards changing that.  There is
no point in having multiple projects reinvent the same wheel a couple of times
over, especially when there are ways where everyone can benefit from actually
cooperating.  Our current (lofty) goal is to rework the DTrace implementation 
that we currently have to make it more modular and less self-sufficient.  We
are envisioning a future for DTrace where we can leverage its strengths in the
areas where it matters most (e.g. very efficient handling of large amounts of
kernel probes, well defined and understood D language, user familiarity with
existing providers, ...) while building on the existing tracing infrastructure
in Linux.  That also means that we can contribute better to existing pieces
in the infrastructure and work together with other tracing projects to continue
to improve tracing on Linux.

Ideally we would like to see an infrastructure where any tracers can attach
actions to any kind of probe source, and have data generated according to the
actions the tracer associated with the probe source when a specific probe
fires.  The execution of those actions would be done using BPF.

We believe that this proposal would be a benefit to all because it allows us
to pool resources in the areas that really need it.  E.g. if we all depend on
BPF as execution engine we invariably work together to make it as solid as can
be.

Obviously we cannot do this work on our own, and we cannot do it behind closed
doors.  We've created a github repository for the kernel with DTrace added in
at:

  https://github.com/ezannoni/dtrace-linux-kernel/tree/master

We also have a branch there with the most recent BPF-based work:

  https://github.com/ezannoni/dtrace-linux-kernel/tree/nix/bpf/4.19/helpers

Since most (if not all) tracing tools have similar requirements for what may
need to be done when a probe fires, we really want to join forces.

	Cheers,
	Kris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ