lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20090609191746.GB3111@redhat.com>
Date:	Tue, 9 Jun 2009 15:17:46 -0400
From:	Jason Baron <jbaron@...hat.com>
To:	Frederic Weisbecker <fweisbec@...il.com>
Cc:	Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
	linux-kernel@...r.kernel.org, laijs@...fujitsu.com,
	rostedt@...dmis.org, peterz@...radead.org,
	mathieu.desnoyers@...ymtl.ca, jiayingz@...gle.com,
	mbligh@...gle.com, roland@...hat.com, fche@...hat.com
Subject: Re: [PATCH 2/2] convert to syscall tracepoints

On Tue, Jun 09, 2009 at 08:53:21PM +0200, Frederic Weisbecker wrote:
> On Tue, Jun 09, 2009 at 10:13:09AM -0400, Jason Baron wrote:
> > On Tue, Jun 09, 2009 at 01:02:35AM +0200, Frederic Weisbecker wrote:
> > > On Mon, Jun 08, 2009 at 05:38:33PM -0400, Jason Baron wrote:
> > > > On Mon, Jun 08, 2009 at 11:25:26PM +0200, Ingo Molnar wrote:
> > > > > > On Mon, Jun 08, 2009 at 10:40:56PM +0200, Ingo Molnar wrote:
> > > > > > > * Jason Baron <jbaron@...hat.com> wrote:
> > > > > > > 
> > > > > > > > +#ifdef __NR_time
> > > > > > > > +trace_event_syscall(1, time, time_t __user *, tloc);
> > > > > > > > +#endif
> > > > > > > > +
> > > > > > > > +#ifdef __NR_stime
> > > > > > > > +trace_event_syscall(1, stime, time_t __user *, tptr);
> > > > > > > > +#endif
> > > > > > > > +
> > > > > > > > +#ifdef __NR_gettimeofday
> > > > > > > > +trace_event_syscall(2, gettimeofday, struct timeval __user *, tv, struct timezone __user *, tz);
> > > > > > > > +#endif
> > > > > > > 
> > > > > > > This could be reduced to a single line: just add a Kconfig entry 
> > > > > > > (say TRACE_SYSCALL_TRACEPOINTS) wether an arch supports syscall 
> > > > > > > tracepoints, enable it on a sane arch, make sure it has all the 
> > > > > > > syscalls and list them ...
> > > > > > > 
> > > > > > > As more architectures turn on SYSCALL_TRACEPOINTS, they'll have to 
> > > > > > > resolve any deviations in syscall entry points. Ideally we'd have 
> > > > > > > one generic table that covers 95% of all syscalls, and the remaining 
> > > > > > > 5% in some architecture specific #ifdef section.
> > > > > > > 
> > > > > > 
> > > > > > true, but this implementation works for all arches now, why would 
> > > > > > want to slowly add this over time? [...]
> > > > > 
> > > > > Because the current solution is butt-ugly ...
> > > > > 
> > > > > > [...] I think its unnecessary work that could be error prone.
> > > > > 
> > > > > This area needs cleanups - making it messier doesnt help. (I've 
> > > > > Cc:-ed hpa - he has expressed interest in auto-generating all the 
> > > > > syscall related details from another angle ...)
> > > > > 
> > > > > > > But, more generally, i'm not at all convinced that we need _any_ 
> > > > > > > of this enumeration. Look how much the above lines duplicate 
> > > > > > > DEFINE_SYSCALL macros. Why arent those macros re-used?
> > > > > > 
> > > > > > The DEFINE_SYSCALL() are located all over the code in various .c files.
> > > > > 
> > > > > yes, and that's good.
> > > > > 
> > > > > > Thus, if we define the tracpoints via the DEFINE_SYSCALL() macros 
> > > > > > we are going to have 'static inline functions' (which is how 
> > > > > > tracepoints are implemented) defined in all these .c files. Now, I 
> > > > > > need to call all these 'static inline functions' from ptrace.c. 
> > > > > > How do I do that? [...]
> > > > > 
> > > > > And that's bad.
> > > > > 
> > > > > We dont want a per syscall tracepoint call site. AT ALL.
> > > > > 
> > > > > We want to collect the record information, we want to construct 
> > > > > /debug/tracing/events/syscalls/ directories with all the proper 
> > > > > tracepoint-lookalike entries, and then we want to use the 
> > > > > _existing_, _zero overhead_ method implemented by Frederic to get 
> > > > > per syscall functionality.
> > > > > 
> > > > 
> > > > Yes, this can easily be done....but that wasn't the problem I was
> > > > interested in solving. I wanted a per syscall tracepoint site. I thought
> > > > I had been making that clear all along...Please notice that the
> > > > implementation I've proposed obtains the syscall number, and then jumps
> > > > to the appropriate tracepoint and then exits. Its quite efficient. In
> > > > fact, I've enabled all of the syscalls using my proposed method and
> > > > running tbench I'm able to get more throughput then using the current
> > > > syscall method. I've also done 'getpid()' loops and seen no performance
> > > > difference between the approaches. I'm happy to run any other
> > > > benchmarks...
> > > > 
> > > > > Have you looked at how the syscall attributes information is 
> > > > > constructed by using .section tricks? See: 
> > > > > kernel/trace/trace_syscalls.c.
> > > > > 
> > > > 
> > > > yes, I believe I understand the problem space. I had been talking about
> > > > a per-syscall tracepoint all along...maybe I wasn't clear...
> > > > 
> > > > thanks,
> > > > 
> > > > -Jason
> > > 
> > > 
> > > Ok, I understand the problem.
> > > Well, the fact is that we can use the artifact from the current syscall tracer
> > > to solve a part of this problem.
> > > 
> > > Currently the syscall tracer does the following:
> > > 
> > > - create a section with all syscalls informations, provided by DEFINE_SYSCALL()
> > >   That includes the size, type, name of parameters.
> > > 
> > > - map a table during the boot which resolves a syscall number to its information
> > >   in the syscall metadata section
> > > 
> > > - uses a generic "trace_syscall()" (or something like that) in ptrace.c (x86)
> > >   which gather informations from the current syscalls (get from the mapped table)
> > >   and then send the trace to the ring buffer.
> > > 
> > > - have a pretty printing (well, not that much actually) callback which, again,
> > >   retrieve the syscall information from its number after getting the trace from
> > >   the ring buffer. And then the raw field values aree printed, with the field
> > >   names, and their types, optionally.
> > > 
> > > Now what I would suggest to avoid this whole listing of syscalls in your patch
> > > is to avoid the use of hardcoded tracepoints.
> > > 
> > > We can't really use TRACE_EVENT() here without using the listing you did.
> > > Instead, you could define a custom struct ftrace_event_call from DEFINE_SYSCALL().
> > > 
> > > In regfunc() you can turn on TIF_FTRACE (using a refcounter).
> > > 
> > > The struct trace_event ftrace_event_type can reuse the existing output callback
> > > for syscall tracing which retrieve the syscall informations.
> > > 
> > > void ftrace_raw_event_##call() can be replaced by calling directly the existing
> > > generic callback for syscall tracing trace insertion.
> > > 
> > > And the arch mapping table can resolve a syscall number to its matching
> > > event.
> > > 
> > 
> > hmmm..so I presume this would layer on 2 tracepoints? One in syscall
> > entry and one in exit, presumably passing a 'struct pt_regs'?
> 
> 
> 
> Exactly, instead of having two tracepoints per syscalls, we would have only
> two generic and smart enough to handle all syscalls thanks to the syscalls
> metadata.
> 
> 
> 
> > I think
> > the refcounter would also have to be deeper in the tracepoint
> > infrastructure since the event tracing wouldn't be the only potential
> > user of these tracepoints.
> 
> 
> 
> Yeah. Ie we would have two layers of syscalls tracing (de)activation:
> the TIF flags to enable the whole syscall tracing, and also a state bit
> in syscalls metadata. So that we can activate/deactivate each of them
> independently, like any "normal" tracepoint.
> 
> Frederic.
> 

ok, this is what I was thinking here as well...I'll code this
implementation up.

thanks,

-Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ