RE: [RFC] Tracepoint proposal

[Takashi Nishiie]

Hi

Hiramatsu wrote:
>One reason why we need markers or other in-the-middle-of-function 
>trace point is that some events happen inside functions, not it's 
>interface.

  Each kernel sub-system seems to have its own way of dealing with 
debugging statements. Some of these methods include 'dprintk', 
'pr_debug', 'dev_debug', 'DEBUGP'. I think that these functions are
the tracepoints that has been availably mounted without setting up 
the tool set of the outside. I think whether mounting that unites 
these functions can be done if kernel marker and tracepoint are used.


  By the way, isn't there problem on security?
  What kprobe, jprobe, and kernel marker, etc. offer looks like what 
the framework of Linux Security Module had offered before. Gotten 
kprobe, jprobe, and kernel marker, etc. should not be exported to the 
userland for security because it becomes the hotbed of rootkits. Users
such as kprobe, jprobe, and kernel marker should not be Loadable Kernel
Module. I think that there are some solutions in LTTng about this 
security problem. However, will the environment to be able to operate
SystemTap be really secure?
　At least, kernel commandline option to invalidate all of kprobe, 
jprobe, and kernel marker, etc. because of the batch might be 
necessary.

Thank you,

--
Takashi Nishiie



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/