lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 5 May 2015 10:10:06 +0000
From:	He Kuang <hekuang@...wei.com>
To:	<ast@...mgrid.com>, <davem@...emloft.net>, <acme@...nel.org>,
	<mingo@...hat.com>, <a.p.zijlstra@...llo.nl>,
	<masami.hiramatsu.pt@...achi.com>, <jolsa@...nel.org>
CC:	<wangnan0@...wei.com>, <lizefan@...nel.org>,
	<linux-kernel@...r.kernel.org>, <pi3orama@....com>
Subject: [RFC PATCH 0/6] perf bpf: Probing with local variable

This patch set is based on https://lkml.org/lkml/2015/4/30/264

By using bpf 'config' section like this:

  char _config2[] SEC("config") = "generic_perform_write=generic_perform_write+122 file->f_mapping->a_ops bytes offset";
  SEC("generic_perform_write")
  int NODE_generic_perform_write (struct pt_regs *ctx, void *a_ops, void *bytes, void* offset) {
          char fmt[] = "NODE_generic_perform_write, a_ops=%p, bytes=%p, offset=%p\n";
          bpf_trace_printk(fmt, sizeof(fmt), a_ops, bytes, offset);
          return 1;
  }

In this example, 'bytes' and 'offset' are local variables, a_ops is in
the structure field of file parameter, and we probe in the body of the
generic_perform_write() function.

Perf can fetch and convert all the arguments and then we translate them
into bpf bytecode as a prologue before calling bpf body functions. In
the prologue, we fetch arguments from bpf context register and place
them according to bpf calling conventions so the body function can
access them as formal parameters.

The perf command is as following:

  $ perf bpf -v bpf_bytecode.o
  ...
  bpf_prologue: insn num=26
  (bf) r6 = r1
  (79) r3 = *(u64 *)(r6 +112)
  (07) r3 += 248
  (b7) r1 = 0
  (7b) *(u64 *)(r10 -8) = r1
  (bf) r1 = r10
  (07) r1 += -8
  (b7) r2 = 8
  (85) call 4
  (79) r3 = *(u64 *)(r10 -8)
  (07) r3 += 104
  (b7) r1 = 0
  (7b) *(u64 *)(r10 -8) = r1
  (bf) r1 = r10
  (07) r1 += -8
  (b7) r2 = 8
  (85) call 4
  (79) r3 = *(u64 *)(r10 -8)
  (bf) r7 = r3
  (79) r3 = *(u64 *)(r6 +24)
  (bf) r8 = r3
  (79) r3 = *(u64 *)(r6 +88)
  (bf) r9 = r3
  (bf) r2 = r7
  (bf) r3 = r8
  (bf) r4 = r9
  ...
  Added new event:
  Writing event: p:perf_bpf_probe/generic_perform_write _stext+1257282 a_ops=+104(+248(%di)):u64 bytes=%r12:u64 offset=%cx:u64
    perf_bpf_probe:generic_perform_write (on generic_perform_write+122 with a_ops=file->f_mapping->a_ops bytes offset)

The trace output:
  sh-1260  [000] d... 112592.463169: : NODE_generic_perform_write, a_ops=ffffffff81a20160, bytes=0000000000000017, offset=000000000000031d
  sh-1260  [000] d... 112593.155105: : NODE_generic_perform_write, a_ops=ffffffff81a20160, bytes=000000000000000a, offset=0000000000000334
  sh-1260  [000] d... 112599.015993: : NODE_generic_perform_write, a_ops=ffffffff81a20160, bytes=0000000000000017, offset=000000000000033e
  sh-1260  [000] d... 112600.790977: : NODE_generic_perform_write, a_ops=ffffffff81a20160, bytes=000000000000000a, offset=0000000000000355

He Kuang (6):
  perf bpf: Add headers for generate bpf bytecode
  perf bpf: Add pt_regs convert table for x86
  perf bpf: Save pt_regs info from debuginfo
  perf bpf: Convert arglist to bpf prologue
  perf bpf: Process debuginfo for generating bpf prologue
  perf bpf: Generate bpf prologue for arguments

 tools/perf/arch/x86/util/dwarf-regs.c |  31 ++++++
 tools/perf/util/bpf-loader.c          |  66 ++++++++++++
 tools/perf/util/bpf-loader.h          | 188 ++++++++++++++++++++++++++++++++++
 tools/perf/util/include/dwarf-regs.h  |   2 +
 tools/perf/util/probe-event.c         | 121 ++++++++++++++++++++++
 tools/perf/util/probe-event.h         |  12 +++
 tools/perf/util/probe-finder.c        | 101 ++++++++++++++++++
 tools/perf/util/probe-finder.h        |   4 +
 8 files changed, 525 insertions(+)

-- 
1.8.5.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ