lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5569604F.1010201@hitachi.com>
Date:	Sat, 30 May 2015 16:01:35 +0900
From:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
To:	Alexei Starovoitov <ast@...mgrid.com>,
	He Kuang <hekuang@...wei.com>, wangnan0@...wei.com,
	paulus@...ba.org, a.p.zijlstra@...llo.nl, mingo@...hat.com,
	acme@...nel.org, namhyung@...nel.org, jolsa@...nel.org,
	dsahern@...il.com, brendan.d.gregg@...il.com, daniel@...earbox.net
CC:	lizefan@...wei.com, linux-kernel@...r.kernel.org,
	cti.systems-productivity-manager.ts@...achi.com
Subject: Re: [RFC PATCH v2 09/15] perf probe: Support $params without debuginfo

On 2015/05/30 10:27, Alexei Starovoitov wrote:
> On 5/29/15 4:55 PM, Masami Hiramatsu wrote:
>> On 2015/05/29 15:30, He Kuang wrote:
>>> hi, Alexei
>>>
>>> On 2015/5/29 2:10, Alexei Starovoitov wrote:
>>>> On 5/28/15 6:01 AM, He Kuang wrote:
>>>>>> I don't think you can break it down in two steps like this.
>>>>>>> There is no such thing as 'calling regs'. x86_32 with ax,dx,cx
>>>>>>> are not 'calling regs'. 64-bit values will be passed in a pair.
>>>>>>> Only 'pt_regs + arch + func_proto + asmlinkage' makes sense
>>>>>> >from the user point of view.
>>>>>>> Adding 'asmlinkage' attr is also trivial.
>>>>>>> 'func(long, char) asmlinkage' is easy to parse and the user
>>>>> I think at this early stage, we could make our bpf variable
>>>>> prologue work with debuginfo while keeping bpf 'SEC' syntax
>>>>> consistent with original perf probe. After all, we can use
>>>>> pt_regs directly or relay to perf-probe cache by Masami to deal
>>>>> with non-debug cases.
>>>>
>>>> so you're saying you don't want to support non-debug case for now?
>>>> Sure, as long as section name parser will be able to support
>>>> 'func(long, char) asmlinkage' syntax in the future without breaking
>>>> compatibility. I'm mostly interested in cases when debug info
>>>> is not available at all. So perf-probe cache is of no use to me.
>>>>
>>>>
>>>
>>> Yes, that syntax do deal with the situation which current 'perf
>>> probe' syntax not covered, so not only bpf prologue would benifit
>>> from that, maybe we could try to let perf probe involve that.
>>
>> Hmm, then how about below syntax?
>>
>>   perf probe x86_acpi_enter_sleep_state $regparams:asmlinkage(char)
>>
>> So, regparams has following synopsis.
>>
>>   $regparams[:[asmlinkage|0-6]([u8|u16|u32|u64|ptr][,...])]
> 
> the number doesn't make sense in generic command. Only x86_32 plays
> with calling convention. All other archs are not doing anything special
> for asmlinkage.

Yes, asmlinkage is a kernel hack. However, perf probe is not only for
kprobes, but also uprobes. So someone may want to use it.
Fortunately, perf probe itself can recognize it is kernel or not,
so only if the probe point is on the kernel, asmlinkage will work
as expected.

> I think the following is enough:
> $regparams[[:asmlinkage]([u8|u16|u32|u64|ptr|char|short|long|
> long long|void*][,...])]
> asmlinkage most of the time won't be used and typical command will look
> like: 'func=func $regparams(char, long, void*)'
> which is ok for kprobe.
> For bpf section name I would still prefer 'func(char, long, void*)'
> since it's more concise, easier to remember, more similar to C declaration.

Ah, that's interesting. I think perf probe can also use that :)

perf probe func(s8,ptr) $regparams (or $arg1 $arg2 ...)

Thank you!

>> Note that asmlinkage is a synonym of 0, and default depends on arch :)
>> Some architecture ignores this part, e.g. x86_64 always uses regs.
>> And it is automatically expanded to argX="%reg or $stackX".
>>
>> e.g.
>>   $regparams is expanded to
>>    arg1=%di arg2=%si arg3=%dx arg4=%cx arg5=%r8 arg6=%r9 (on x86_64)
>>    arg1=%ax arg2=%dx arg3=%cx arg4=$stack1 arg5=$stack2 arg6=$stack3 (on i386)
>>
>>   $regparams:0 is expanded to
>>    arg1=%di arg2=%si arg3=%dx arg4=%cx arg5=%r8 arg6=%r9 (on x86_64)
>>    arg1=$stack1 arg2=$stack2 arg3=$stack3 arg4=$stack4 arg5=$stack5 arg6=$stack6 (on i386)
>>
>>   $regparams:3(char,long) is expanded to
>>    arg1=%di:s8 arg2=%si:s64 (on x86_64)
>>    arg1=%ax:s8 arg2=%dx:s64 (on i386)
>>
>> How is this?
>>
>> Thank you,
>>
>>
> 
> 


-- 
Masami HIRAMATSU
Linux Technology Research Center, System Productivity Research Dept.
Center for Technology Innovation - Systems Engineering
Hitachi, Ltd., Research & Development Group
E-mail: masami.hiramatsu.pt@...achi.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ