This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: [PATCH -tip v3 00/23] kprobes: introduce NOKPROBE_SYMBOL() and general cleaning of kprobe blacklist
- From: Josh Stone <jistone at redhat dot com>
- To: Steven Rostedt <rostedt at goodmis dot org>, "Frank Ch. Eigler" <fche at redhat dot com>
- Cc: Ingo Molnar <mingo at kernel dot org>, Masami Hiramatsu <masami dot hiramatsu dot pt at hitachi dot com>, linux-arch at vger dot kernel dot org, Ananth N Mavinakayanahalli <ananth at in dot ibm dot com>, Sandeepa Prabhu <sandeepa dot prabhu at linaro dot org>, x86 at kernel dot org, lkml <linux-kernel at vger dot kernel dot org>, virtualization at lists dot linux-foundation dot org, systemtap at sourceware dot org, "David S. Miller" <davem at davemloft dot net>
- Date: Wed, 20 Nov 2013 10:09:49 -0800
- Subject: Re: [PATCH -tip v3 00/23] kprobes: introduce NOKPROBE_SYMBOL() and general cleaning of kprobe blacklist
- Authentication-results: sourceware.org; auth=none
- References: <20131120042148 dot 15296 dot 88360 dot stgit at kbuild-fedora dot novalocal> <y0mvbznxi6k dot fsf at fche dot csb> <20131120153801 dot GA9743 at gmail dot com> <20131120173600 dot GK8993 at redhat dot com> <20131120125649 dot 40ca99c3 at gandalf dot local dot home>
On 11/20/2013 09:56 AM, Steven Rostedt wrote:
> On Wed, 20 Nov 2013 12:36:00 -0500
> "Frank Ch. Eigler" <fche@redhat.com> wrote:
>
>> Hi -
>>
>>>> Does this new blacklist cover enough that the kernel now survives a
>>>> broadly wildcarded perf-probe, e.g. over e.g. all of its kallsyms?
>>>
>>> That's generally the purpose of the annotations - if it doesn't then
>>> that's a bug.
>>
>> AFAIK, no kernel since kprobes was introduced has ever stood up to
>> that test. perf probe lacks the wildcarding powers of systemtap, so
>> one needs to resort to something like:
>>
>> # cat /proc/kallsyms | grep ' [tT] ' | while read addr type symbol; do
>> perf probe $symbol
>> done
>
> I'm curious to why one would do that. IIUC, perf now has function
> tracing support.
Then consider something like probing all inline "call" sites, which will
be sprinkled in the middle where ftrace doesn't apply.
The point is not whether there's an alternative - kprobes really ought
to be wholly safe regardless. Slow, if you did such broad probing,
sure, but still safe.
And a real use-case probably wouldn't probe *all* functions/inlines, but
it illustrates that there are at least a few in the full set that don't
behave well.