| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 May 2015 14:52:04 -0700
From: Brendan Gregg <brendan.d.gregg@...il.com>
To: Wang Nan <wangnan0@...wei.com>
Cc: Alexei Starovoitov <ast@...mgrid.com>,
"David S. Miller" <davem@...emloft.net>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
mingo@...hat.com, Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
Jiri Olsa <jolsa@...nel.org>, lizefan@...nel.org,
LKML <linux-kernel@...r.kernel.org>, pi3orama@....com,
hekuang@...wei.com
Subject: Re: [RFC PATCH 00/22] perf tools: introduce 'perf bpf' command to
load eBPF programs.
On Thu, Apr 30, 2015 at 3:52 AM, Wang Nan <wangnan0@...wei.com> wrote:
[...]
> An example is pasted at the bottom of this cover letter. In that
> example, mybpfprog is configured by string in config section, and will
> be probed at __alloc_pages_nodemask. sample_bpf.o is generated using:
>
> $ $CLANG -I/usr/src/kernel/include -I/usr/src/kernel/usr/include -D__KERNEL__ \
> -Wno-unused-value -Wno-pointer-sign \
> -O2 -emit-llvm -c sample_bpf.c -o -| $LLC -march=bpf -filetype=obj -o \
> sample_bpf.o
>
> And can be loaded using:
>
> $ perf bpf sample_bpf.o
[...]
> -------- EXAMPL --------
> ----- sample_bpf.c -----
> #include <uapi/linux/bpf.h>
> #include <linux/version.h>
> #include <uapi/linux/ptrace.h>
>
> #define SEC(NAME) __attribute__((section(NAME), used))
>
> static int (*bpf_map_delete_elem)(void *map, void *key) =
> (void *) BPF_FUNC_map_delete_elem;
> static int (*bpf_trace_printk)(const char *fmt, int fmt_size, ...) =
> (void *) BPF_FUNC_trace_printk;
>
> struct bpf_map_def {
> unsigned int type;
> unsigned int key_size;
> unsigned int value_size;
> unsigned int max_entries;
> };
>
> struct pair {
> u64 val;
> u64 ip;
> };
>
> struct bpf_map_def SEC("maps") my_map = {
> .type = BPF_MAP_TYPE_HASH,
> .key_size = sizeof(long),
> .value_size = sizeof(struct pair),
> .max_entries = 1000000,
> };
>
> SEC("kprobe/kmem_cache_free")
> int bpf_prog1(struct pt_regs *ctx)
> {
> long ptr = ctx->r14;
> bpf_map_delete_elem(&my_map, &ptr);
> return 0;
> }
>
> SEC("mybpfprog")
> int bpf_prog_my(void *ctx)
> {
> char fmt[] = "Haha\n";
> bpf_trace_printk(fmt, sizeof(fmt));
> return 0;
> }
>
> char _license[] SEC("license") = "GPL";
> u32 _version SEC("version") = LINUX_VERSION_CODE;
> char _config[] SEC("config") = ""
> "mybpfprog=__alloc_pages_nodemask\n";
Was this just some random eBPF code to test the perf framework? Or was
it to do something useful with
kmem_cache_free()/__alloc_pages_nodemask() tracing as well? It looks a
bit incomplete.
If it's just random code, I'd include a comment to state that,
otherwise it's a bit confusing. A complete example might be better;
eg, something like Alexei's tracex1, for a simple example of
bpf_trace_printk(), or sockex1, for a simple map example.
Brendan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists