lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 2 Jul 2015 13:50:40 +0000
From:	He Kuang <hekuang@...wei.com>
To:	<rostedt@...dmis.org>, <ast@...mgrid.com>,
	<masami.hiramatsu.pt@...achi.com>, <acme@...nel.org>,
	<a.p.zijlstra@...llo.nl>, <mingo@...hat.com>,
	<namhyung@...nel.org>, <jolsa@...nel.org>
CC:	<wangnan0@...wei.com>, <linux-kernel@...r.kernel.org>,
	<hekuang@...wei.com>
Subject: [RFC PATCH v2 1/4] bpf: Put perf_events check ahead of bpf prog

When we add a kprobe point and record events by perf, the execution path
of all threads on each cpu will enter this point, but perf may only
record events on a particular thread or cpu at this kprobe point, a
check on call->perf_events list filters out the threads which perf is
not recording.

Currently, bpf_prog will be entered at the beginning of
kprobe_perf_func() before the above check, which makes bpf_prog be
executed in every threads including determined not to be recorded
threads. A simple test can demonstrate this:

'bpf_prog_on_write.o' contains a bpf prog which outputs to trace buffer
when it is entered. Run a background thread 'another-dd' and 'dd'
simultaneously, but only record 'dd' thread by perf. The result shows
all threads trigger bpf_prog.

  $ another-dd if=/dev/zero of=test1 bs=4k count=1000000
  $ perf record -v --event bpf_prog_on_write.o -- dd if=/dev/zero of=test2 bs=4k count=3
  $ cat /sys/kernel/debug/tracing/trace
  another-dd-1007  [000] d...   120.225835: : generic_perform_write: tgid=1007, pid=1007
  another-dd-1007  [000] d...   120.227123: : generic_perform_write: tgid=1007, pid=1007
  [repeat many times...]
  another-dd-1007  [000] d...   120.412395: : generic_perform_write: tgid=1007, pid=1007
  another-dd-1007  [000] d...   120.412524: : generic_perform_write: tgid=1007, pid=1007
          dd-1009  [000] d...   120.413080: : generic_perform_write: tgid=1009, pid=1009
          dd-1009  [000] d...   120.414846: : generic_perform_write: tgid=1009, pid=1009
          dd-1009  [000] d...   120.415013: : generic_perform_write: tgid=1009, pid=1009
  another-dd-1007  [000] d...   120.416128: : generic_perform_write: tgid=1007, pid=1007
  another-dd-1007  [000] d...   120.416295: : generic_perform_write: tgid=1007, pid=1007

This patch moves the check on perf_events list ahead and skip running
bpf_prog on threads perf not care.

After this patch:

  $ another-dd if=/dev/zero of=test1 bs=4k count=1000000
  $ perf record -v --event bpf_prog_on_write.o -- dd if=/dev/zero of=test2 bs=4k count=3
  $ cat /sys/kernel/debug/tracing/trace
  dd-994   [000] d...    46.386754: : generic_perform_write: tgid=994, pid=994
  dd-994   [000] d...    46.389167: : generic_perform_write: tgid=994, pid=994
  dd-994   [000] d...    46.389551: : generic_perform_write: tgid=994, pid=994

Signed-off-by: He Kuang <hekuang@...wei.com>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
---
 kernel/trace/trace_kprobe.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
index d0ce590..5600df8 100644
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -1141,13 +1141,13 @@ kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs)
 	int size, __size, dsize;
 	int rctx;
 
-	if (prog && !trace_call_bpf(prog, regs))
-		return;
-
 	head = this_cpu_ptr(call->perf_events);
 	if (hlist_empty(head))
 		return;
 
+	if (prog && !trace_call_bpf(prog, regs))
+		return;
+
 	dsize = __get_data_size(&tk->tp, regs);
 	__size = sizeof(*entry) + tk->tp.size + dsize;
 	size = ALIGN(__size + sizeof(u32), sizeof(u64));
@@ -1176,13 +1176,13 @@ kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
 	int size, __size, dsize;
 	int rctx;
 
-	if (prog && !trace_call_bpf(prog, regs))
-		return;
-
 	head = this_cpu_ptr(call->perf_events);
 	if (hlist_empty(head))
 		return;
 
+	if (prog && !trace_call_bpf(prog, regs))
+		return;
+
 	dsize = __get_data_size(&tk->tp, regs);
 	__size = sizeof(*entry) + tk->tp.size + dsize;
 	size = ALIGN(__size + sizeof(u32), sizeof(u64));
-- 
1.8.5.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ