This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
RE: [RFC] Tracepoint proposal
Hi
Hiramatsu wrote:
>One reason why we need markers or other in-the-middle-of-function
>trace point is that some events happen inside functions, not it's
>interface.
Each kernel sub-system seems to have its own way of dealing with
debugging statements. Some of these methods include 'dprintk',
'pr_debug', 'dev_debug', 'DEBUGP'. I think that these functions are
the tracepoints that has been availably mounted without setting up
the tool set of the outside. I think whether mounting that unites
these functions can be done if kernel marker and tracepoint are used.
By the way, isn't there problem on security?
What kprobe, jprobe, and kernel marker, etc. offer looks like what
the framework of Linux Security Module had offered before. Gotten
kprobe, jprobe, and kernel marker, etc. should not be exported to the
userland for security because it becomes the hotbed of rootkits. Users
such as kprobe, jprobe, and kernel marker should not be Loadable Kernel
Module. I think that there are some solutions in LTTng about this
security problem. However, will the environment to be able to operate
SystemTap be really secure?
At least, kernel commandline option to invalidate all of kprobe,
jprobe, and kernel marker, etc. because of the batch might be
necessary.
Thank you,
--
Takashi Nishiie