| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 May 2015 14:45:58 -0700 From: Alexei Starovoitov <ast@...mgrid.com> To: Arnaldo Carvalho de Melo <acme@...nel.org> CC: Wang Nan <wangnan0@...wei.com>, paulus@...ba.org, a.p.zijlstra@...llo.nl, mingo@...hat.com, namhyung@...nel.org, jolsa@...nel.org, dsahern@...il.com, daniel@...earbox.net, brendan.d.gregg@...il.com, masami.hiramatsu.pt@...achi.com, lizefan@...wei.com, linux-kernel@...r.kernel.org, pi3orama@....com Subject: Re: [RFC PATCH v3 00/37] perf tools: introduce 'perf bpf' command to load eBPF programs. On 5/18/15 2:20 PM, Arnaldo Carvalho de Melo wrote: > Em Mon, May 18, 2015 at 02:05:35PM -0700, Alexei Starovoitov escreveu: >> On 5/18/15 1:44 PM, Arnaldo Carvalho de Melo wrote: >>> >>> perf record --filter, to pass a filter to tracepoints, if I could >>> instead of a filter expression pass, say, filter_bpf.o, that would seem >>> natural for me, i.e. no new option, just an alternative type of filter, >>> one way more powerful. >> ... >>> I'd say keep it in --filter, that noticing it is a bpf object would >>> dtrt: >>> >>> perf record --filter bpf_thing.o usleep 1 >>> >> >> agree. make sense. >> The only thing is that such bpf program defines both event and filter. >> Existing --filter applies to --event, whereas this bpf_thing.o does both >> and likely kprob-ing multiple events underneath. >> I guess '--filter' still fits. Just need to document it clearly. > > Humm, unsure then, because it is not a filter anymore, i.e. it is both a > filter and event selector :-\ > > I was thinking more like, hey, for an existing event, i.e. a place in > the kernel where it will collect something, collect if this filter > returns true. That would fit the existing --filter semantic. > > perf record --event bpf_thing.o > > Looks more natural then, as it is an event that will take place when the > filter returns true, and in addition to that, it will come with a bunch > of variables, etc. well, I think --event fits a bit less than --filter ;) Both not ideal. May be --bpfobj would be a better flag, since it's a clean slate. Short version '-b' is also unused :) > And if that is the case, then what is the difference from a kprobe > event? I.e. for the existing tooling it wouldn't matter how this event > was set up, as long as it was available via tracefs, etc. I.e. it would > be completely similar to a tracepoint, kprobe, uprobe, etc, i.e. first > set it up, expose its internals via tracefs, no changes to perf. the main difference that programs are not static as kprobes. bpf maps, programs need to be dynamically created and loaded and they will cease to exist as soon as process that holds FDs exits. So it matches perf_event_open model which is FD based as well. And that's only filtering like usage. Where 'perf report' facilities are reused. For 'kernel debugging', 'latency heatmaps' use cases some new visualizations in perf will be needed. That's where 'perf bpf command' fits. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists