lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <558D0F5F.2000700@plumgrid.com>
Date:	Fri, 26 Jun 2015 01:37:51 -0700
From:	Alexei Starovoitov <ast@...mgrid.com>
To:	Wang Nan <wangnan0@...wei.com>, acme@...nel.org,
	brendan.d.gregg@...il.com, daniel@...earbox.net,
	namhyung@...nel.org, masami.hiramatsu.pt@...achi.com,
	paulus@...ba.org, a.p.zijlstra@...llo.nl, mingo@...hat.com,
	jolsa@...nel.org, dsahern@...il.com
CC:	linux-kernel@...r.kernel.org, lizefan@...wei.com,
	hekuang@...wei.com, xiakaixu@...wei.com, pi3orama@....com
Subject: Re: [RFC PATCH v8 00/49] perf tools: filtering events using eBPF
 programs

On 6/24/15 5:31 AM, Wang Nan wrote:
> The core stuffs in this series resides in 38/49 - 49/49, which allow
> users to access kernel data through parameters of eBPF programs. Now
> it is possible to write eBPF programs like this:
>
>   SEC("get_superblock=journal_get_superblock journal->j_errno")
>   int get_superblock(struct pt_regs *ctx, int err, int j_errno)
>   {
>           char fmt[] = "j_errno=%lx\n";
>           bpf_trace_printk(fmt, sizeof(fmt), j_errno);
> 	 if (j_errno)
>                   return 1;
> 	 return 0;
>   }
>
> Where, 'j_errno' in that function will be dereferenced according to
> dwarf information by prologue generated by perf. 'err' indicates the
> successfulness of the dereferencing.

Looks great. Very useful addition.

> In addition, this series of patches supports setting BPF program to
> multiple probing points and generate different prologue for all of them
> if necessary. Using glob matching is also allowed. In the above
> example, there will be two journal_get_superblock() functions in kernel
> if we compile both jbd and jbd2. That BPF function tracks both of them.

Sounds ok, but what is the real use case for it?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ