lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Apr 2015 23:23:12 +0800
From:	He Kuang <hekuang@...o.com>
To:	Arnaldo Carvalho de Melo <acme@...nel.org>,
	He Kuang <hekuang@...wei.com>
CC:	masami.hiramatsu.pt@...achi.com, a.p.zijlstra@...llo.nl,
	mingo@...hat.com, namhyung@...nel.org, wangnan0@...wei.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] perf probe: Set retprobe flag when probe in address-based
 alternative mode



On 04/13/2015 10:39 PM, Arnaldo Carvalho de Melo wrote:
> Em Mon, Apr 13, 2015 at 07:41:28PM +0800, He Kuang escreveu:
>> Perf probe misses to set retprobe flag back when falling back to
>> address-based alternative mode.
>
> And when is that happens, can you explain? Because I tried to follow your
> instructions, but in my case it worked in the same way before and after your
> patch.
>
> Can you please provide more context for reviewing your patch?
>

More details:

   [root]# perf probe -v -k vmlinux --add='sys_write%return'
   probe-definition(0): sys_write%return
   symbol:sys_write file:(null) line:0 offset:0 return:1 lazy:(null)
   0 arguments
   Use vmlinux: vmlinux
   map_groups__set_modules_path_dir: cannot open /lib/modules/4.0.0-rc6+ dir
   Problems setting modules path maps, continuing anyway...
   Using vmlinux for symbols

   Open Debuginfo file: vmlinux
   >>>==========================

   Try to find probe point from debuginfo.
   Symbol sys_write address found : ffffffff811a8cf0
   Probe point found: SyS_write+0
   Found 1 probe_trace_events.
   Opening /sys/kernel/debug/tracing/kprobe_events write=1
   Added new event:
   Writing event: p:probe/sys_write _stext+1739560
     probe:sys_write      (on sys_write%return)

   You can now use it in all perf tools, such as:

           perf record -e probe:sys_write -aR sleep 1

   [root@...ldroot tmp]# cat /sys/kernel/debug/tracing/kprobe_events
   p:probe/sys_write _stext+1739560


The line I marked is different from your result, which is:
   """Could not open debuginfo. Try to use symbols."""


When perf probe searched in debuginfo and failed, it tried with 
alternative, in function get_alternative_probe_event():

         memcpy(tmp, &pev->point, sizeof(*tmp));
	memset(&pev->point, 0, sizeof(pev->point));

In this case, it drops the retprobe flag and forgets to set it back in 
find_alternative_probe_point(), so the problem occurred.



> Here are my results:
>
> Before:
>
>    [root@...andy ~]# perf probe -v --add='sys_write%return'
>    probe-definition(0): sys_write%return
>    symbol:sys_write file:(null) line:0 offset:0 return:1 lazy:(null)
>    0 arguments
>    Using /root/.debug/.build-id/dd/32e51921ede0fd46f034091b7f6a0f2e01ebda for symbols
>    Could not open debuginfo. Try to use symbols.
>    Opening /sys/kernel/debug/tracing/kprobe_events write=1
>    Added new event:
>    Writing event: r:probe/sys_write sys_write+0
>        probe:sys_write      (on sys_write%return)
>
>    You can now use it in all perf tools, such as:
>
> 	  perf record -e probe:sys_write -aR sleep 1
>    [root@...andy ~]# cat /sys/kernel/debug/tracing/kprobe_events
>    r:probe/sys_write sys_write
>
> Remove it:
>
>    [root@...andy ~]# perf probe --del *:*
>    Removed event: probe:sys_write
>
> After:
>
>    [root@...andy ~]# perf probe -v --add='sys_write%return'
>    probe-definition(0): sys_write%return
>    symbol:sys_write file:(null) line:0 offset:0 return:1 lazy:(null)
>    0 arguments
>    Using /root/.debug/.build-id/dd/32e51921ede0fd46f034091b7f6a0f2e01ebda for symbols
>    Could not open debuginfo. Try to use symbols.
>    Opening /sys/kernel/debug/tracing/kprobe_events write=1
>    Added new event:
>    Writing event: r:probe/sys_write sys_write+0
>      probe:sys_write      (on sys_write%return)
>
>    You can now use it in all perf tools, such as:
>
> 	  perf record -e probe:sys_write -aR sleep 1
>
>    [root@...andy ~]#
>    [root@...andy ~]# cat /sys/kernel/debug/tracing/kprobe_events
>    r:probe/sys_write sys_write
>
> Humm, noticed one other problem, but not with your patch, about this message:
>
> "Could not open debuginfo. Try to use symbols."
>
> That is really not clear, specially that "try to use symbols" :-)
>
> [root@...andy ~]# ls -la /root/.debug/.build-id/dd/32e51921ede0fd46f034091b7f6a0f2e01ebda
> lrwxrwxrwx. 1 root root 86 Apr 10 18:02 /root/.debug/.build-id/dd/32e51921ede0fd46f034091b7f6a0f2e01ebda -> ../../home/acme/git/build/v4.0.0-rc6+/vmlinux/dd32e51921ede0fd46f034091b7f6a0f2e01ebda
> [root@...andy ~]# ls -la /root/.debug/.build-id/dd/../../home/acme/git/build/v4.0.0-rc6+/vmlinux/dd32e51921ede0fd46f034091b7f6a0f2e01ebda
> -rwxr-xr-x. 1 root root 22698661 Apr 10 18:02 /root/.debug/.build-id/dd/../../home/acme/git/build/v4.0.0-rc6+/vmlinux/dd32e51921ede0fd46f034091b7f6a0f2e01ebda
> [root@...andy ~]# ls -la /root/.debug/.build-id/dd/../../home/acme/git/build/v4.0.0-rc6+/vmlinux/dd32e51921ede0fd46f034091b7f6a0f2e01ebda
>
> I.e. it managed to read the debuginfo, its just that it has no symbols in it :-)
>
> Anyway, digression ended.
>
> - Arnaldo
>
>> Can be reproduced as following:
>>
>>    $ perf probe -v -k vmlinux --add='sys_write%return'
>>    ...
>>    Added new event:
>>    Writing event: p:probe/sys_write _stext+1584952
>>      probe:sys_write      (on sys_write%return)
>>
>>    $ cat /sys/kernel/debug/tracing/kprobe_events
>>    p:probe/sys_write _stext+1584952
>>
>> After this patch:
>>
>>    $ perf probe -v -k vmlinux --add='sys_write%return'
>>    Added new event:
>>    Writing event: r:probe/sys_write SyS_write+0
>>      probe:sys_write      (on sys_write%return)
>>
>>    $ cat /sys/kernel/debug/tracing/kprobe_events
>>    r:probe/sys_write SyS_write
>>
>> Signed-off-by: He Kuang <hekuang@...wei.com>
>> ---
>>   tools/perf/util/probe-event.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
>> index 30545ce..5483d98 100644
>> --- a/tools/perf/util/probe-event.c
>> +++ b/tools/perf/util/probe-event.c
>> @@ -332,6 +332,7 @@ static int find_alternative_probe_point(struct debuginfo *dinfo,
>>   	else {
>>   		result->offset += pp->offset;
>>   		result->line += pp->line;
>> +		result->retprobe = pp->retprobe;
>>   		ret = 0;
>>   	}
>>
>> --
>> 2.3.3.220.g9ab698f
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ