lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110215134409.GA23092@ghostprotocols.net>
Date:	Tue, 15 Feb 2011 11:44:09 -0200
From:	Arnaldo Carvalho de Melo <acme@...radead.org>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Steven Rostedt <rostedt@...dmis.org>, linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
	Lai Jiangshan <laijs@...fujitsu.com>,
	Li Zefan <lizf@...fujitsu.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Tom Zanussi <tzanussi@...il.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: Re: [PATCH 00/14] [GIT PULL][v2.6.39] tracing/filter: More robust
 filtering

Addressing the tools/perf/ suggestions:

Em Tue, Feb 15, 2011 at 05:44:25AM +0100, Ingo Molnar escreveu:
> Here is what i've done. Firstly, i have put my 'naive but curious user trying to 
> make use of filters' hat on.
> 
> I did:
> 
> 	perf list | grep Tracepoint | less
> 
> to get a list of tracepoints.
> 
>  #
>  #  Btw., unrelated feature request, it would be nice if the following shorcut did the 
>  #  obvious thing:
>  #
>  #	perf list Tracepoint
>  #

Will do
 
> I picked one of the interesting looking tracepoints:
> 
>   syscalls:sys_enter_close                   [Tracepoint event]
> 
> first roadblock: 
> 
> I had absolutely no idea how to proceed from here any further. I knew it from 'perf 
> list --help' that I could stick 'syscalls:sys_enter_close' into -e expressions, but 
> i had no idea how to utilize filter expressions at all.

<SNIP>
 
>  aldebaran:~> cat /debug/tracing/events/syscalls/sys_enter_close/format 
>  name: sys_enter_close
>  ID: 404
>  format:
> 	field:unsigned short common_type;	offset:0;	size:2;	signed:0;
> 	field:unsigned char common_flags;	offset:2;	size:1;	signed:0;
> 	field:unsigned char common_preempt_count;	offset:3;	size:1;	signed:0;
> 	field:int common_pid;	offset:4;	size:4;	signed:1;
> 	field:int common_lock_depth;	offset:8;	size:4;	signed:1;
> 
> 	field:int nr;	offset:12;	size:4;	signed:1;
> 	field:unsigned int fd;	offset:16;	size:8;	signed:0;
> 
>  print fmt: "fd: 0x%08lx", ((unsigned long)(REC->fd))
> 
> And putting my kernel tracing hacker hat on i knew that the only interesting piece 
> of information for a filter would be the 'fd' word.

Something in the TUI that allows the user to navigate thru the
tracepoints, grouping them and allowing something like:

    + Hardware
    + Dynamic Probes
    + Software
      + Scheduler
      + Block I/O
      - System Calls
        - close
            entry
            exit

And at any point in the tree allow enabling the tree branch and allowing
filters for fields that are common from that point down, i.e. fd should
be usable as a filter for file system events, allowing to see all events
that have an fd for a given pid.

Worth some experimentation.

<SNIP>

>  aldebaran:~> perf record -e syscalls:sys_enter_close --filter 'fd == 10' ./hackbench 1
>  Time: 0.079
>  [ perf record: Woken up 1 times to write data ]
>  [ perf record: Captured and wrote 0.007 MB perf.data (~325 samples) ]
> 
> Cool i thought, it has 325 samples, success!
> 
> Lets look at it via 'perf report' i thought:
> 
>  aldebaran:~> perf report
>  aldebaran:~> 
> 
> ouch. The TUI flickered something which went away immediately (feature request: 
> don't do that - at least try to mumble something about non-existent data or so).

Right, as the tools do when it finds LOST events, they should emit a
warning stating "No EVENT_NAME samples found in file foo.data", will do.

- Arnaldo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists