| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1628025796-29533-1-git-send-email-alan.maguire@oracle.com>
Date: Tue, 3 Aug 2021 22:23:13 +0100
From: Alan Maguire <alan.maguire@...cle.com>
To: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org
Cc: kafai@...com, songliubraving@...com, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org,
quentin@...valent.com, toke@...hat.com, bpf@...r.kernel.org,
netdev@...r.kernel.org, Alan Maguire <alan.maguire@...cle.com>
Subject: [PATCH bpf-next 0/3] tools: ksnoop: tracing kernel function entry/return with argument/return value display
Recent functionality added to libbpf [1] enables typed display of kernel
data structures; here that functionality is exploited to provide a
simple example of how a tracer can support deep argument/return value
inspection. The intent is to provide a demonstration of these features
to help facilitate tracer adoption, while also providing a tool which
can be useful for kernel debugging.
Changes since RFC [2]:
- In the RFC version, kernel data structures were string-ified in
BPF program context vi bpf_snprintf_btf(); Alexei pointed out that
it would be better to dump memory to userspace and let the
interpretation happen there. btf_dump__dump_type_data() in libbpf
now supports this (Alexei, patch 1)
- Added the "stack mode" specification where we trace a specific set
of functions being called in order (though not necessarily directly).
This mode of tracing is useful when debugging issues with a specific
stack signature.
[1] https://lore.kernel.org/bpf/1626362126-27775-1-git-send-email-alan.maguire@oracle.com/
[2] https://lore.kernel.org/bpf/1609773991-10509-1-git-send-email-alan.maguire@oracle.com/
Alan Maguire (3):
tools: ksnoop: kernel argument/return value tracing/display using BTF
tools: ksnoop: document ksnoop tracing of entry/return with value
display
tools: ksnoop: add .gitignore
tools/bpf/Makefile | 20 +-
tools/bpf/ksnoop/.gitignore | 1 +
tools/bpf/ksnoop/Documentation/Makefile | 58 ++
tools/bpf/ksnoop/Documentation/ksnoop.rst | 173 ++++++
tools/bpf/ksnoop/Makefile | 107 ++++
tools/bpf/ksnoop/ksnoop.bpf.c | 391 +++++++++++++
tools/bpf/ksnoop/ksnoop.c | 890 ++++++++++++++++++++++++++++++
tools/bpf/ksnoop/ksnoop.h | 103 ++++
8 files changed, 1738 insertions(+), 5 deletions(-)
create mode 100644 tools/bpf/ksnoop/.gitignore
create mode 100644 tools/bpf/ksnoop/Documentation/Makefile
create mode 100644 tools/bpf/ksnoop/Documentation/ksnoop.rst
create mode 100644 tools/bpf/ksnoop/Makefile
create mode 100644 tools/bpf/ksnoop/ksnoop.bpf.c
create mode 100644 tools/bpf/ksnoop/ksnoop.c
create mode 100644 tools/bpf/ksnoop/ksnoop.h
--
1.8.3.1
Powered by blists - more mailing lists