lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue,  3 Aug 2021 22:23:13 +0100
From:   Alan Maguire <alan.maguire@...cle.com>
To:     ast@...nel.org, daniel@...earbox.net, andrii@...nel.org
Cc:     kafai@...com, songliubraving@...com, yhs@...com,
        john.fastabend@...il.com, kpsingh@...nel.org,
        quentin@...valent.com, toke@...hat.com, bpf@...r.kernel.org,
        netdev@...r.kernel.org, Alan Maguire <alan.maguire@...cle.com>
Subject: [PATCH bpf-next 0/3] tools: ksnoop: tracing kernel function entry/return with argument/return value display

Recent functionality added to libbpf [1] enables typed display of kernel
data structures; here that functionality is exploited to provide a
simple example of how a tracer can support deep argument/return value
inspection.  The intent is to provide a demonstration of these features
to help facilitate tracer adoption, while also providing a tool which
can be useful for kernel debugging.

Changes since RFC [2]:

- In the RFC version, kernel data structures were string-ified in
  BPF program context vi bpf_snprintf_btf(); Alexei pointed out that
  it would be better to dump memory to userspace and let the
  interpretation happen there.  btf_dump__dump_type_data() in libbpf
  now supports this (Alexei, patch 1)
- Added the "stack mode" specification where we trace a specific set
  of functions being called in order (though not necessarily directly).
  This mode of tracing is useful when debugging issues with a specific
  stack signature.

[1] https://lore.kernel.org/bpf/1626362126-27775-1-git-send-email-alan.maguire@oracle.com/
[2] https://lore.kernel.org/bpf/1609773991-10509-1-git-send-email-alan.maguire@oracle.com/

Alan Maguire (3):
  tools: ksnoop: kernel argument/return value tracing/display using BTF
  tools: ksnoop: document ksnoop tracing of entry/return with value
    display
  tools: ksnoop: add .gitignore

 tools/bpf/Makefile                        |  20 +-
 tools/bpf/ksnoop/.gitignore               |   1 +
 tools/bpf/ksnoop/Documentation/Makefile   |  58 ++
 tools/bpf/ksnoop/Documentation/ksnoop.rst | 173 ++++++
 tools/bpf/ksnoop/Makefile                 | 107 ++++
 tools/bpf/ksnoop/ksnoop.bpf.c             | 391 +++++++++++++
 tools/bpf/ksnoop/ksnoop.c                 | 890 ++++++++++++++++++++++++++++++
 tools/bpf/ksnoop/ksnoop.h                 | 103 ++++
 8 files changed, 1738 insertions(+), 5 deletions(-)
 create mode 100644 tools/bpf/ksnoop/.gitignore
 create mode 100644 tools/bpf/ksnoop/Documentation/Makefile
 create mode 100644 tools/bpf/ksnoop/Documentation/ksnoop.rst
 create mode 100644 tools/bpf/ksnoop/Makefile
 create mode 100644 tools/bpf/ksnoop/ksnoop.bpf.c
 create mode 100644 tools/bpf/ksnoop/ksnoop.c
 create mode 100644 tools/bpf/ksnoop/ksnoop.h

-- 
1.8.3.1

Powered by blists - more mailing lists