This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi - On Mon, Oct 09, 2006 at 07:38:35PM -0400, Lorenzo Cavallaro wrote: > [...] [forwarding to mailing list, please excuse less than usual trimming] > I'm an italian PhD student in Computer Science at Universita` degli Studi > di Milano, Italy. Welcome. > I just recently came accross System Tap and I think it's an amazing > framework (along with Kprobe, of course), even if I didn't have the > opportunity to try it out yet. > > I would like to ask you few questions about Model-Specific Register, if > you don't mind... [...] Sorry, I'm not very familiar with them. > Beside that, I would like to measure (count) the number of branches (call, > jmp, jcc, loop) executed so far by a given process while it's executing in > user space. Do you think MSR (in particular) branch_retired register could > be useful for what I'm trying to do? Certainly. Systemtap proper does not expose those registers yet, but using e.g. inline C code, it should be able to pull out such information. > Moreover, I would like to save this register (or a combo of > registers) into the process task_struct since I would like to > keep this counter accross processes' context switch [...] Check out the perfmon2 patches for the kernel. Among other things, they do this sort of context switch tracking. (An aside for systemtap developers: Now that I think about it though, systemtap might be able to emulate this part of perfmon2 also, by hooking context switching events, and saving/restoring data within per-task systemtap arrays. I wonder how far we might be able to go emulating perfmon2's kernel-side code using a clever set of probes!) > As a complication, I would like to instrument at run-time a > process behavior by means of ptrace system call, so I think some > modification to that part of kernel code have to be done as well > [...] ptrace is a way of performing low-level manipulation of a user-space program's code/data from another user-space program. Why do you suspect kernel patches are needed? > Btw, there's a paper by Dunlap et al. titled ``ReVirt: Enabling Intrusion > Analysis through Virtual-Machine Logging and Reply'' that makes use of > branch_retired for somehow getting something similar to what I'd like to > have... [...] http://www.eecs.umich.edu/~kingst/revirt.pdf Interesting paper, dealing with use of virtualization for security/checkpoint domain containment. - FChE
Attachment:
pgp00000.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |