lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 05 May 2015 15:31:29 -0700
From:	Alexei Starovoitov <ast@...mgrid.com>
To:	He Kuang <hekuang@...wei.com>, davem@...emloft.net,
	acme@...nel.org, mingo@...hat.com, a.p.zijlstra@...llo.nl,
	masami.hiramatsu.pt@...achi.com, jolsa@...nel.org
CC:	wangnan0@...wei.com, linux-kernel@...r.kernel.org, pi3orama@....com
Subject: Re: [RFC PATCH 0/6] perf bpf: Probing with local variable

On 5/5/15 3:10 AM, He Kuang wrote:
> This patch set is based on https://lkml.org/lkml/2015/4/30/264
>
> By using bpf 'config' section like this:
>
>    char _config2[] SEC("config") = "generic_perform_write=generic_perform_write+122 file->f_mapping->a_ops bytes offset";
>    SEC("generic_perform_write")
>    int NODE_generic_perform_write (struct pt_regs *ctx, void *a_ops, void *bytes, void* offset) {
>            char fmt[] = "NODE_generic_perform_write, a_ops=%p, bytes=%p, offset=%p\n";
>            bpf_trace_printk(fmt, sizeof(fmt), a_ops, bytes, offset);
>            return 1;
>    }
>
> In this example, 'bytes' and 'offset' are local variables, a_ops is in
> the structure field of file parameter, and we probe in the body of the
> generic_perform_write() function.
>
> Perf can fetch and convert all the arguments and then we translate them
> into bpf bytecode as a prologue before calling bpf body functions. In
> the prologue, we fetch arguments from bpf context register and place
> them according to bpf calling conventions so the body function can
> access them as formal parameters.

great idea! Like it a lot.
Looking at current implementation I think the limit is <=3 arguments,
which I think is perfectly fine for now. Just worth mentioning in
the doc.

Two high level comments:
- can you collapse SEC("config") with SEC("func_name") ?
It seems that "func_name" is only used as reference inside "config".
I understand that you're proposing one "config" section where multiple
descriptions are strcat together, but why? Something like:
SEC("kprobe/generic_perform_write+122(file->f_mapping->a_ops, bytes, 
offset)")
int func(...) { ... }
should be enough and more concise.

- please support it without debug info when kprobe is placed at the top
of the function. Like:
SEC("kprobe/generic_perform_write(void*, void*, long long)")
even without debug info it will copy ctx->di into r2, ctx->si into r3
and ctx->dx into r4.
Not everyone has access to debug info when writing programs.
Your prologue generator removes headache of figuring out cpu calling
convention and can even work for 32-bit architectures.
Also I think it belongs in tools/lib/bpf/ together with section walking
and loading bits. As we discussed in the other thread it makes to create
a proper library out of samples/bpf/libbpf*, bpf_load* and use it
everywhere. Once it's there I'd like to rewrite samples/bpf/*_kern.c
using this simplified access to function arguments.

Other comments per patch...


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ