lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 07 Jul 2015 18:31:07 -0700
From:	Alexei Starovoitov <ast@...mgrid.com>
To:	He Kuang <hekuang@...wei.com>, rostedt@...dmis.org,
	masami.hiramatsu.pt@...achi.com, acme@...nel.org,
	a.p.zijlstra@...llo.nl, mingo@...hat.com, namhyung@...nel.org,
	jolsa@...nel.org
CC:	wangnan0@...wei.com, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v3 0/2] Make eBPF programs output data to perf event

On 7/7/15 4:43 AM, He Kuang wrote:
> Hi,
>
> The two previous versions tried to combine bpf output data with the
> sample event of the attached kprobe point, which leads to problems
> about perf_trace_buf.
>
> After discussion we found it's not necessary to combine those two
> parts of information, even we do not need the orignial kprobe output
> event at all. Based on this idea, the implementation becomes simple,
> just like what perf do with ftrace:functions, we set up a bpf ftrace
> entry for perf tools to poll and collect data on it, eBpf program use
> a helper function to submit data to ring-buffer, that's all. This
> implementation also leaves all issues such as sample-types to perf
> commandline.
>
> Currently, we just use raw data in the format fields to not interfere
> perf sample parser, because the raw-data can be parsed by perf script
> plugin easily.

Looks much better!
In general I think splitting it into two patches is confusing,
since 1st patch is meaningless without 2nd. I would squash it.
Other comments inline.

>            bpf_output_sample(&del_time, sizeof(del_time));

typo?
You meant bpf_output_data(&del_time, sizeof(del_time), ctx) ?

To match the rest of helpers, please make ctx to be first argument.
Also I think bpf_output_trace_data() name is better.
bpf_output_data name doesn't indicate that it's tracing only helper
and might be confusing with networking helpers.

> Record bpf events:
>
>    $ perf record -e ftrace:bpf -e sample.o -- dd if=/dev/zero of=test bs=4k count=3
>
> The results showed in perf-script:
>
>    $ perf script
>    dd   994 [000]   166.686779: ftrace:bpf: 8: (000000000542b426, ...)
>    dd   994 [000]   166.686779: ftrace:bpf: 8: (00000000001011ef, ...)
>    dd   994 [000]   166.686779: ftrace:bpf: 8: (000000000007a2b6, ...)

nice!

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ