lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Dec 2013 20:49:53 -0800 From: Alexei Starovoitov <ast@...mgrid.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: Ingo Molnar <mingo@...nel.org>, Andi Kleen <andi@...stfloor.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Tom Zanussi <tom.zanussi@...ux.intel.com>, Jovi Zhangwei <jovi.zhangwei@...il.com>, Eric Dumazet <edumazet@...gle.com>, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH tip 0/5] tracing filters with BPF On Thu, Dec 5, 2013 at 3:37 PM, Steven Rostedt <rostedt@...dmis.org> wrote: > On Thu, 5 Dec 2013 14:36:58 -0800 > Alexei Starovoitov <ast@...mgrid.com> wrote: > >> On Thu, Dec 5, 2013 at 5:46 AM, Steven Rostedt <rostedt@...dmis.org> wrote: >> > >> > I know that it would be great to have the bpf filter run before >> > recording of the tracepoint, but as that becomes quite awkward for a >> > user interface, because it requires intimate knowledge of the kernel >> > source, this speed up on the filter itself may be worth while to have >> > it happen after the recording of the buffer. When it happens after the >> > record, then the bpf has direct access to the event entry and its >> > fields as described by the trace event format files. >> >> I don't understand that 'awkward' part yet. What do you mean by 'knowledge of >> the kernel'? By accessing pt_regs structure? Something else ? >> Can we try fixing the interface first before compromising on performance? > > Let me ask you this. If you do not have the source of the kernel on > hand, can you use BPF to filter the sched_switch tracepoint on prev pid? > > The current filter interface allows you to filter with just what the > running kernel provides. No need for debug info from the vmlinux or > anything else. Understood and agreed. For the users that are satisfied with amount of info that single trace_event provides (like sched_switch) there is probably little reason to do complex filtering. Either they're fine with all the events or will just filter based on pid only. > I'm fine if it becomes a requirement to have a vmlinux built with > DEBUG_INFO to use BPF and have a tool like perf to translate the > filters. But it that must not replace what the current filters do now. > That is, it can be an add on, but not a replacement. Of course. tracing filters via bpf is an additional tool for kernel debugging. bpf by itself has use cases beyond tracing. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists