lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Jun 2015 14:15:05 +0000
From:	Wang Nan <wangnan0@...wei.com>
To:	<acme@...nel.org>, <ast@...mgrid.com>, <brendan.d.gregg@...il.com>,
	<daniel@...earbox.net>, <namhyung@...nel.org>,
	<masami.hiramatsu.pt@...achi.com>, <paulus@...ba.org>,
	<a.p.zijlstra@...llo.nl>, <mingo@...hat.com>, <jolsa@...nel.org>,
	<dsahern@...il.com>
CC:	<linux-kernel@...r.kernel.org>, <lizefan@...wei.com>,
	<hekuang@...wei.com>, <xiakaixu@...wei.com>, <pi3orama@....com>
Subject: [RFC PATCH v9 00/50] perf tools: filtering events using eBPF programs

This is the 9th version which tries to introduce eBPF programs to perf.

This patchset combined with 2 patchset I posted:

 1. V8 of 'perf tools: filtering events using eBPF programs';

 2. 'tracing, perf tools: Attach BPF program on uprobe events'

And patch 'tracing, perf: Implement BPF programs attached to uprobes' is
promoted to 1/50 since it belongs to kernel.

As Alexei's suggestion, I squashed some patches together in order to
make patchset simpler. The affected patches including:

 Patch 19/50: merged with 'bpf tools: Load instructions buffer using load_program()';
 Patch 35/50: merged with 'perf tools: Generate prologue for BPF programs'.

In this version I corrected many coding style problems found by
checkpatch.pl. Most of them are minor change except patch 45/50, which
checkpatch doesn't allow me to use goto statement in a macro, so I have
to redesign error processing when prologue too long.

Other changes including:

 1. Correct compiling problem when CONFIG_BPF_PROLOGUE not set;

 2. Config options for each BPF program is changed to 'key=value' from
    'key:value';

 3. Improve error message when config string error (Patch 50/50).

The 50 patches can be divided into following groups:

 1. Patch 1/50 belog to kernel, which has been accepted by Alexei.

 2. Patch 2/50 - 38/50 add basic BPF support to perf, which is from my
    v7 patch, only style correction and patch squashing is take place
    in this version.

 3. Patch 39/50 - 48/50 add BPF prologue support which allow BPF programs
    to read kernel data.

 4. Patch 49/50 - 50/50 are perf side code which allow attach BPF programs
    on uprobe event.

To demonstrate the feature of the new patchset, I attach a sample eBPF
program below. This program can be used to analysis some fprintf,
tracing the userspace call and related kernel actions. Note that in
kernal event selector, we are allowed to use glob matching to match vfs_write
and vfs_writev together. For both of them we are allowed to check a internal
field of 'struct file'.

 SEC(
 "target=/lib64/libc.so.6\n"
 "libcprintf=_IO_vfprintf_internal"
 )
 int libcprintf(void *ctx)
 {
 	char fmt[] = "libc printf\n";
 	bpf_trace_printk(fmt, sizeof(fmt));
 	return 1;
 }
 
 SEC("syswrite=vfs_write* file->f_mode")
 int vfswrite(void *ctx, int err, unsigned long f_mode)
 {
 	char fmt[] = "vfs_write, f_mode=%lx\n";
 	bpf_trace_printk(fmt, sizeof(fmt), f_mode);
 
 	if (f_mode & FMODE_READ)
 		return 1;
 	return 0;
 }
 
 char _license[] SEC("license") = "GPL";
 /* 4.1.0 */
 u32 _version SEC("version") = 0x40100;

He Kuang (3):
  perf tools: Move linux/filter.h to tools/include
  perf tools: Introduce arch_get_reg_info() for x86
  perf record: Support custom vmlinux path

Wang Nan (47):
  tracing, perf: Implement BPF programs attached to uprobes
  tools build: Add feature check for eBPF API
  bpf tools: Introduce 'bpf' library to tools
  bpf tools: Allow caller to set printing function
  bpf tools: Open eBPF object file and do basic validation
  bpf tools: Read eBPF object from buffer
  bpf tools: Check endianness and make libbpf fail early
  bpf tools: Iterate over ELF sections to collect information
  bpf tools: Collect version and license from ELF sections
  bpf tools: Collect map definitions from 'maps' section
  bpf tools: Collect symbol table from SHT_SYMTAB section
  bpf tools: Collect eBPF programs from their own sections
  bpf tools: Collect relocation sections from SHT_REL sections
  bpf tools: Record map accessing instructions for each program
  bpf tools: Add bpf.c/h for common bpf operations
  bpf tools: Create eBPF maps defined in an object file
  bpf tools: Relocate eBPF programs
  bpf tools: Introduce bpf_load_program() to bpf.c
  bpf tools: Load eBPF programs in object files into kernel
  bpf tools: Introduce accessors for struct bpf_program
  bpf tools: Introduce accessors for struct bpf_object
  bpf tools: Link all bpf objects onto a list
  perf tools: Make perf depend on libbpf
  perf tools: Introduce llvm config options
  perf tools: Call clang to compile C source to object code
  perf tests: Add LLVM test for eBPF on-the-fly compiling
  perf tools: Auto detecting kernel build directory
  perf tools: Auto detecting kernel include options
  perf record: Enable passing bpf object file to --event
  perf record: Compile scriptlets if pass '.c' to --event
  perf tools: Parse probe points of eBPF programs during preparation
  perf probe: Attach trace_probe_event with perf_probe_event
  perf record: Probe at kprobe points
  perf record: Load all eBPF object into kernel
  perf tools: Add bpf_fd field to evsel and config it
  perf tools: Attach eBPF program to perf event
  perf tools: Suppress probing messages when probing by BPF loading
  perf record: Add clang options for compiling BPF scripts
  bpf tools: Load a program with different instance using preprocessor
  perf tools: Fix probe-event.h include
  perf probe: Reset tev->args and tev->nargs when failure
  perf tools: Add BPF_PROLOGUE config options for further patches
  perf tools: Add prologue for BPF programs for fetching arguments
  perf tools: Generate prologue for BPF programs
  perf tools: Use same BPF program if arguments are identical
  perf probe: Init symbol as kprobe if any event is kprobe
  perf tools: Support attach BPF program on uprobe events

 include/linux/ftrace_event.h          |    5 +
 kernel/events/core.c                  |    4 +-
 kernel/trace/trace_uprobe.c           |    5 +
 tools/build/Makefile.feature          |    6 +-
 tools/build/feature/Makefile          |    6 +-
 tools/build/feature/test-bpf.c        |   18 +
 tools/include/linux/filter.h          |  237 +++++++
 tools/lib/bpf/.gitignore              |    2 +
 tools/lib/bpf/Build                   |    1 +
 tools/lib/bpf/Makefile                |  195 ++++++
 tools/lib/bpf/bpf.c                   |   85 +++
 tools/lib/bpf/bpf.h                   |   23 +
 tools/lib/bpf/libbpf.c                | 1174 +++++++++++++++++++++++++++++++++
 tools/lib/bpf/libbpf.h                |  107 +++
 tools/perf/MANIFEST                   |    4 +
 tools/perf/Makefile.perf              |   19 +-
 tools/perf/arch/x86/Makefile          |    1 +
 tools/perf/arch/x86/util/Build        |    2 +
 tools/perf/arch/x86/util/dwarf-regs.c |  104 ++-
 tools/perf/builtin-probe.c            |    4 +-
 tools/perf/builtin-record.c           |   47 +-
 tools/perf/config/Makefile            |   31 +-
 tools/perf/tests/Build                |    1 +
 tools/perf/tests/builtin-test.c       |    4 +
 tools/perf/tests/llvm.c               |   85 +++
 tools/perf/tests/make                 |    4 +-
 tools/perf/tests/tests.h              |    1 +
 tools/perf/util/Build                 |    3 +
 tools/perf/util/bpf-loader.c          |  631 ++++++++++++++++++
 tools/perf/util/bpf-loader.h          |   46 ++
 tools/perf/util/bpf-prologue.c        |  442 +++++++++++++
 tools/perf/util/bpf-prologue.h        |   34 +
 tools/perf/util/config.c              |    4 +
 tools/perf/util/debug.c               |    5 +
 tools/perf/util/debug.h               |    1 +
 tools/perf/util/evlist.c              |   41 ++
 tools/perf/util/evlist.h              |    1 +
 tools/perf/util/evsel.c               |   17 +
 tools/perf/util/evsel.h               |    1 +
 tools/perf/util/include/dwarf-regs.h  |    7 +
 tools/perf/util/llvm-utils.c          |  370 +++++++++++
 tools/perf/util/llvm-utils.h          |   39 ++
 tools/perf/util/parse-events.c        |   16 +
 tools/perf/util/parse-events.h        |    2 +
 tools/perf/util/parse-events.l        |    6 +
 tools/perf/util/parse-events.y        |   29 +-
 tools/perf/util/probe-event.c         |   97 +--
 tools/perf/util/probe-event.h         |    8 +-
 tools/perf/util/probe-finder.c        |    4 +
 49 files changed, 3900 insertions(+), 79 deletions(-)
 create mode 100644 tools/build/feature/test-bpf.c
 create mode 100644 tools/include/linux/filter.h
 create mode 100644 tools/lib/bpf/.gitignore
 create mode 100644 tools/lib/bpf/Build
 create mode 100644 tools/lib/bpf/Makefile
 create mode 100644 tools/lib/bpf/bpf.c
 create mode 100644 tools/lib/bpf/bpf.h
 create mode 100644 tools/lib/bpf/libbpf.c
 create mode 100644 tools/lib/bpf/libbpf.h
 create mode 100644 tools/perf/tests/llvm.c
 create mode 100644 tools/perf/util/bpf-loader.c
 create mode 100644 tools/perf/util/bpf-loader.h
 create mode 100644 tools/perf/util/bpf-prologue.c
 create mode 100644 tools/perf/util/bpf-prologue.h
 create mode 100644 tools/perf/util/llvm-utils.c
 create mode 100644 tools/perf/util/llvm-utils.h

-- 
1.8.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ