lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <557021D3.7070900@huawei.com>
Date:	Thu, 4 Jun 2015 18:00:51 +0800
From:	"Wangnan (F)" <wangnan0@...wei.com>
To:	Ingo Molnar <mingo@...nel.org>
CC:	Arnaldo Carvalho de Melo <acme@...nel.org>,
	<linux-kernel@...r.kernel.org>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Alexei Starovoitov <ast@...mgrid.com>,
	Brendan Gregg <brendan.d.gregg@...il.com>,
	Daniel Borkmann <daniel@...earbox.net>,
	"David Ahern" <dsahern@...il.com>, He Kuang <hekuang@...wei.com>,
	Jiri Olsa <jolsa@...hat.com>, Kaixu Xia <xiakaixu@...wei.com>,
	Madhavan Srinivasan <maddy@...ux.vnet.ibm.com>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Michael Ellerman <mpe@...erman.id.au>,
	Namhyung Kim <namhyung@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>, <pi3orama@....com>,
	Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>,
	"Zefan Li" <lizefan@...wei.com>,
	Arnaldo Carvalho de Melo <acme@...hat.com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>
Subject: Re: [GIT PULL 0/6] perf/core improvements and fixes



On 2015/6/4 15:21, Ingo Molnar wrote:
> * Wangnan (F) <wangnan0@...wei.com> wrote:
>
>> On 2015/6/4 13:48, Ingo Molnar wrote:
>>> * Arnaldo Carvalho de Melo <acme@...nel.org> wrote:
>>>
>>>> Hi Ingo,
>>>>
>>>> 	Please consider applying.
>>>>
>>>> 	One of the next requests probably will have the eBPF work by Wang Nan,
>>>> but I am still going thru it and want to test it thoroughly.
>>>>
>>>> 	BTW: Have you looked at it lately? It is at:
>>>>
>>>> http://lkml.kernel.org/r/1433144296-74992-1-git-send-email-wangnan0@huawei.com
>>>>
>>>> Super summary from the above cover letter:
>>>>
>>>> ---------------------
>>>> It enables 'perf record' to filter events using eBPF programs like:
>>>>
>>>>   # perf record --event bpf-file.o sleep 1
>>>>
>>>> Events are selected and filtered according to definitions in bpf-file.o.
>>> Looks useful, but I think the UI needs one more tweak: could you fix it to be able
>>> to filter based on the eBPF _source_ file, not just the object file?
>>>
>>> People want to tweak such filters as they profile, so we should use the eBPF
>>> source code as the primary interface. We can compile it internally to the .o just
>>> fine. The .o file is a totally uninteresting intermediate product in itself.
>>>
>>> I.e. we need to first think through such profiling workflows from beginning to end
>>> before allowing them upstream.
>> In a private mail Alexei Starovoitov disscussed with me about this. He said that
>> he is working on a shared object which can compile C program into BPF bytecode
>> on the fly. After he done his work, I think perf can support dtrace-like
>> profiling that, users will be able to feed source code to perf directly on
>> cmdline. He said he can release it on June. I added him to the CC-list.
>>
>> However I think the '.o' intermediate is still needed. [...]
> So how do you generate the .o? Why cannot the tool, if it sees that the filter
> parameter is eBPF source code, do that automatically?

I think compiling on the fly is our goal, and Alexei is working on it. 
However,
it looks like some limitations are still exist. For example, the BPF 
program may
require the definition of kernel structure for it to derefrernce struct 
pointers.
Therefore, the machine on which compiling occures should have kernel 
header and
configuration installed. However, most of production environment doesn't 
have
them for security and reasons.

I think BPF should be used to profile not only development environment 
but also
production systems. If we only concern development systems, why not 
recompiling
kernel with stub core or using kProbe modules?

What about this:

Give perf the ability to generate the '.o' file (to memory or dump to a 
real file)
on development environment. If we are willing to profiling that system, 
we can make
load the generated object into kernel and start trace by (perf record 
--event bpf_file.c ...).
If we are willing to profile systems on which the compiling environment 
is missing, we can
make perf to create a '.o' file (perf bpf compile bpf_file.c -o 
bpf_file.o) then copy
it onto target environment, use perf record --event bpf_file.o ... to 
filter events.

Thank you.

> I.e. you are making the user jump through hoops for no good reason - that's a bad
> UI and a bad workflow. Please don't do that!
>
> Thanks,
>
> 	Ingo


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ