lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Jun 2015 12:31:04 +0000
From:	Wang Nan <wangnan0@...wei.com>
To:	<acme@...nel.org>, <ast@...mgrid.com>, <brendan.d.gregg@...il.com>,
	<daniel@...earbox.net>, <namhyung@...nel.org>,
	<masami.hiramatsu.pt@...achi.com>, <paulus@...ba.org>,
	<a.p.zijlstra@...llo.nl>, <mingo@...hat.com>, <jolsa@...nel.org>,
	<dsahern@...il.com>
CC:	<linux-kernel@...r.kernel.org>, <lizefan@...wei.com>,
	<hekuang@...wei.com>, <xiakaixu@...wei.com>, <pi3orama@....com>
Subject: [RFC PATCH v8 00/49] perf tools: filtering events using eBPF programs

This is the 8th version which tries to introduce eBPF programs to perf.

Since version 7 is still being reviewed, this series keeps patch 1/49
to 37/49 identical to what they are in v7 except a small modification
in patch 36/48, which prints more debug information when silent is set,
and some context to rebase them onto newest tip/perf/core (a9a3cd9).

The core stuffs in this series resides in 38/49 - 49/49, which allow
users to access kernel data through parameters of eBPF programs. Now
it is possible to write eBPF programs like this:

 SEC("get_superblock=journal_get_superblock journal->j_errno")
 int get_superblock(struct pt_regs *ctx, int err, int j_errno)
 {
         char fmt[] = "j_errno=%lx\n";
         bpf_trace_printk(fmt, sizeof(fmt), j_errno);
	 if (j_errno)
                 return 1;
	 return 0;
 }

Where, 'j_errno' in that function will be dereferenced according to
dwarf information by prologue generated by perf. 'err' indicates the
successfulness of the dereferencing.

He Kuang posted 2 series on that idea it a month ago:

    http://lkml.kernel.org/r/1432456091-73384-1-git-send-email-hekuang@huawei.com

This series totally rewrite its code, the interface is also changed.

In addition, this series of patches supports setting BPF program to
multiple probing points and generate different prologue for all of them
if necessary. Using glob matching is also allowed. In the above
example, there will be two journal_get_superblock() functions in kernel
if we compile both jbd and jbd2. That BPF function tracks both of them.

In this series:
 Patch 01/49 - 37/49  are identical to v7 series, except context
                      adjustments and a small improvement in 36/49.

 Patch 38/49 - 43/49  are preparation. Where 39/49 gives libbpf the
                      ability to load multiple instances. New interfaces
		      are introduced for it.

 Patch 44/49 - 47/49  introduce bpf-prologue.c into perf, whcih generates
                      prologue according to argument list of pevs. Core
		      functions are in 46/49. Its commit message
		      describes the detail of prologue generation.

 Patch 48/49 groups similar prologue together and only create one BPF
             program instance for events which can share prologue.

 Patch 49/49 adds '--vmlinux' to 'perf record' to allow it access dwarf
             information.

He Kuang (4):
  perf tools: Move linux/filter.h to tools/include
  perf tools: Introduce arch_get_reg_info() for x86
  perf tools: Add prologue for BPF programs for fetching arguments
  perf record: Support custom vmlinux path

Wang Nan (45):
  tools build: Add feature check for eBPF API
  bpf tools: Introduce 'bpf' library to tools
  bpf tools: Allow caller to set printing function
  bpf tools: Open eBPF object file and do basic validation
  bpf tools: Read eBPF object from buffer
  bpf tools: Check endianess and make libbpf fail early
  bpf tools: Iterate over ELF sections to collect information
  bpf tools: Collect version and license from ELF sections
  bpf tools: Collect map definitions from 'maps' section
  bpf tools: Collect symbol table from SHT_SYMTAB section
  bpf tools: Collect eBPF programs from their own sections
  bpf tools: Collect relocation sections from SHT_REL sections
  bpf tools: Record map accessing instructions for each program
  bpf tools: Add bpf.c/h for common bpf operations
  bpf tools: Create eBPF maps defined in an object file
  bpf tools: Relocate eBPF programs
  bpf tools: Introduce bpf_load_program() to bpf.c
  bpf tools: Load eBPF programs in object files into kernel
  bpf tools: Introduce accessors for struct bpf_program
  bpf tools: Introduce accessors for struct bpf_object
  bpf tools: Link all bpf objects onto a list
  perf tools: Make perf depend on libbpf
  perf tools: Introduce llvm config options
  perf tools: Call clang to compile C source to object code
  perf tests: Add LLVM test for eBPF on-the-fly compiling
  perf tools: Auto detecting kernel build directory
  perf tools: Auto detecting kernel include options
  perf record: Enable passing bpf object file to --event
  perf record: Compile scriptlets if pass '.c' to --event
  perf tools: Parse probe points of eBPF programs during preparation
  perf probe: Attach trace_probe_event with perf_probe_event
  perf record: Probe at kprobe points
  perf record: Load all eBPF object into kernel
  perf tools: Add bpf_fd field to evsel and config it
  perf tools: Attach eBPF program to perf event
  perf tools: Suppress probing messages when probing by BPF loading
  perf record: Add clang options for compiling BPF scripts
  bpf tools: Load instructions buffer using load_program()
  bpf tools: Load a program with different instance using preprocessor
  perf tools: Fix probe-event.h include
  perf probe: Reset tev->args and tev->nargs when failure
  perf tools: Iterater over tev instead of pev in bpf__for_each_program
  perf tools: Add BPF_PROLOGUE config options for further patches
  perf tools: Generate prologue for BPF programs
  perf tools: Use same BPF program if arguments are identical

 tools/build/Makefile.feature          |    6 +-
 tools/build/feature/Makefile          |    6 +-
 tools/build/feature/test-bpf.c        |   18 +
 tools/include/linux/filter.h          |  237 +++++++
 tools/lib/bpf/.gitignore              |    2 +
 tools/lib/bpf/Build                   |    1 +
 tools/lib/bpf/Makefile                |  195 ++++++
 tools/lib/bpf/bpf.c                   |   84 +++
 tools/lib/bpf/bpf.h                   |   23 +
 tools/lib/bpf/libbpf.c                | 1173 +++++++++++++++++++++++++++++++++
 tools/lib/bpf/libbpf.h                |  107 +++
 tools/perf/MANIFEST                   |    4 +
 tools/perf/Makefile.perf              |   19 +-
 tools/perf/arch/x86/Makefile          |    1 +
 tools/perf/arch/x86/util/Build        |    2 +
 tools/perf/arch/x86/util/dwarf-regs.c |  104 ++-
 tools/perf/builtin-probe.c            |    2 +-
 tools/perf/builtin-record.c           |   47 +-
 tools/perf/config/Makefile            |   31 +-
 tools/perf/tests/Build                |    1 +
 tools/perf/tests/builtin-test.c       |    4 +
 tools/perf/tests/llvm.c               |   85 +++
 tools/perf/tests/make                 |    4 +-
 tools/perf/tests/tests.h              |    1 +
 tools/perf/util/Build                 |    3 +
 tools/perf/util/bpf-loader.c          |  556 ++++++++++++++++
 tools/perf/util/bpf-loader.h          |   46 ++
 tools/perf/util/bpf-prologue.c        |  425 ++++++++++++
 tools/perf/util/bpf-prologue.h        |   19 +
 tools/perf/util/config.c              |    4 +
 tools/perf/util/debug.c               |    5 +
 tools/perf/util/debug.h               |    1 +
 tools/perf/util/evlist.c              |   41 ++
 tools/perf/util/evlist.h              |    1 +
 tools/perf/util/evsel.c               |   17 +
 tools/perf/util/evsel.h               |    1 +
 tools/perf/util/include/dwarf-regs.h  |    7 +
 tools/perf/util/llvm-utils.c          |  370 +++++++++++
 tools/perf/util/llvm-utils.h          |   39 ++
 tools/perf/util/parse-events.c        |   16 +
 tools/perf/util/parse-events.h        |    2 +
 tools/perf/util/parse-events.l        |    6 +
 tools/perf/util/parse-events.y        |   29 +-
 tools/perf/util/probe-event.c         |   81 ++-
 tools/perf/util/probe-event.h         |    7 +-
 tools/perf/util/probe-finder.c        |    4 +
 46 files changed, 3761 insertions(+), 76 deletions(-)
 create mode 100644 tools/build/feature/test-bpf.c
 create mode 100644 tools/include/linux/filter.h
 create mode 100644 tools/lib/bpf/.gitignore
 create mode 100644 tools/lib/bpf/Build
 create mode 100644 tools/lib/bpf/Makefile
 create mode 100644 tools/lib/bpf/bpf.c
 create mode 100644 tools/lib/bpf/bpf.h
 create mode 100644 tools/lib/bpf/libbpf.c
 create mode 100644 tools/lib/bpf/libbpf.h
 create mode 100644 tools/perf/tests/llvm.c
 create mode 100644 tools/perf/util/bpf-loader.c
 create mode 100644 tools/perf/util/bpf-loader.h
 create mode 100644 tools/perf/util/bpf-prologue.c
 create mode 100644 tools/perf/util/bpf-prologue.h
 create mode 100644 tools/perf/util/llvm-utils.c
 create mode 100644 tools/perf/util/llvm-utils.h

-- 
1.8.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ