lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1441523623-152703-6-git-send-email-wangnan0@huawei.com>
Date:	Sun, 6 Sep 2015 07:13:21 +0000
From:	Wang Nan <wangnan0@...wei.com>
To:	<acme@...hat.com>, <ast@...mgrid.com>,
	<masami.hiramatsu.pt@...achi.com>, <namhyung@...nel.org>
CC:	<a.p.zijlstra@...llo.nl>, <brendan.d.gregg@...il.com>,
	<daniel@...earbox.net>, <dsahern@...il.com>, <hekuang@...wei.com>,
	<jolsa@...nel.org>, <lizefan@...wei.com>, <paulus@...ba.org>,
	<wangnan0@...wei.com>, <xiakaixu@...wei.com>, <pi3orama@....com>,
	<linux-kernel@...r.kernel.org>
Subject: [PATCH 05/27] perf record, bpf: Parse and create probe points for BPF programs

This patch introduces bpf__{un,}probe() functions to enable callers to
create kprobe points based on section names of BPF programs. It parses
the section names of each eBPF program and creates corresponding 'struct
perf_probe_event' structures. The parse_perf_probe_command() function is
used to do the main parsing work.

Parsing result is stored into an array to satisify
{convert,apply}_perf_probe_events(). It accepts an array of
'struct perf_probe_event' and do all the work in one call.

Define PERF_BPF_PROBE_GROUP as "perf_bpf_probe", which will be used as
the group name of all eBPF probing points.

probe_conf.max_probes is set to MAX_PROBES to support glob matching.

Before ending of bpf__probe(), data in each 'struct perf_probe_event' is
cleaned. Things will be changed by following patches because they need
'struct probe_trace_event' in them,

Signed-off-by: Wang Nan <wangnan0@...wei.com>
Cc: Alexei Starovoitov <ast@...mgrid.com>
Cc: Brendan Gregg <brendan.d.gregg@...il.com>
Cc: Daniel Borkmann <daniel@...earbox.net>
Cc: David Ahern <dsahern@...il.com>
Cc: He Kuang <hekuang@...wei.com>
Cc: Jiri Olsa <jolsa@...nel.org>
Cc: Kaixu Xia <xiakaixu@...wei.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Paul Mackerras <paulus@...ba.org>
Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: Zefan Li <lizefan@...wei.com>
Cc: pi3orama@....com
Link: http://lkml.kernel.org/n/1436445342-1402-21-git-send-email-wangnan0@huawei.com
Link: http://lkml.kernel.org/n/1436445342-1402-23-git-send-email-wangnan0@huawei.com
[Merged by two patches
 wangnan: Utilize new perf probe API {convert,apply,cleanup}_perf_probe_events()
]
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
---
 tools/perf/builtin-record.c  |  19 +++++-
 tools/perf/util/bpf-loader.c | 149 +++++++++++++++++++++++++++++++++++++++++++
 tools/perf/util/bpf-loader.h |  13 ++++
 3 files changed, 180 insertions(+), 1 deletion(-)

diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c
index f886706..b56109f 100644
--- a/tools/perf/builtin-record.c
+++ b/tools/perf/builtin-record.c
@@ -1141,7 +1141,23 @@ int cmd_record(int argc, const char **argv, const char *prefix __maybe_unused)
 	if (err)
 		goto out_bpf_clear;
 
-	err = -ENOMEM;
+	/*
+	 * bpf__probe must be called before symbol__init() because we
+	 * need init_symbol_maps. If called after symbol__init,
+	 * symbol_conf.sort_by_name won't take effect.
+	 *
+	 * bpf__unprobe() is safe even if bpf__probe() failed, and it
+	 * also calls symbol__init. Therefore, goto out_symbol_exit
+	 * is safe when probe failed.
+	 */
+	err = bpf__probe();
+	if (err) {
+		bpf__strerror_probe(err, errbuf, sizeof(errbuf));
+
+		pr_err("Probing at events in BPF object failed.\n");
+		pr_err("\t%s\n", errbuf);
+		goto out_symbol_exit;
+	}
 
 	symbol__init(NULL);
 
@@ -1202,6 +1218,7 @@ out_symbol_exit:
 	perf_evlist__delete(rec->evlist);
 	symbol__exit();
 	auxtrace_record__free(rec->itr);
+	bpf__unprobe();
 out_bpf_clear:
 	bpf__clear();
 	return err;
diff --git a/tools/perf/util/bpf-loader.c b/tools/perf/util/bpf-loader.c
index 88531ea..10505cb 100644
--- a/tools/perf/util/bpf-loader.c
+++ b/tools/perf/util/bpf-loader.c
@@ -9,6 +9,8 @@
 #include "perf.h"
 #include "debug.h"
 #include "bpf-loader.h"
+#include "probe-event.h"
+#include "probe-finder.h"
 
 #define DEFINE_PRINT_FN(name, level) \
 static int libbpf_##name(const char *fmt, ...)	\
@@ -28,6 +30,58 @@ DEFINE_PRINT_FN(debug, 1)
 
 static bool libbpf_initialized;
 
+static int
+config_bpf_program(struct bpf_program *prog, struct perf_probe_event *pev)
+{
+	const char *config_str;
+	int err;
+
+	config_str = bpf_program__title(prog, false);
+	if (!config_str) {
+		pr_debug("bpf: unable to get title for program\n");
+		return -EINVAL;
+	}
+
+	pr_debug("bpf: config program '%s'\n", config_str);
+	err = parse_perf_probe_command(config_str, pev);
+	if (err < 0) {
+		pr_debug("bpf: '%s' is not a valid config string\n",
+			 config_str);
+		/* parse failed, don't need clear pev. */
+		return -EINVAL;
+	}
+
+	if (pev->group && strcmp(pev->group, PERF_BPF_PROBE_GROUP)) {
+		pr_debug("bpf: '%s': group for event is set and not '%s'.\n",
+			 config_str, PERF_BPF_PROBE_GROUP);
+		err = -EINVAL;
+		goto errout;
+	} else if (!pev->group)
+		pev->group = strdup(PERF_BPF_PROBE_GROUP);
+
+	if (!pev->group) {
+		pr_debug("bpf: strdup failed\n");
+		err = -ENOMEM;
+		goto errout;
+	}
+
+	if (!pev->event) {
+		pr_debug("bpf: '%s': event name is missing\n",
+			 config_str);
+		err = -EINVAL;
+		goto errout;
+	}
+
+	pr_debug("bpf: config '%s' is ok\n", config_str);
+
+	return 0;
+
+errout:
+	if (pev)
+		clear_perf_probe_event(pev);
+	return err;
+}
+
 int bpf__prepare_load(const char *filename)
 {
 	struct bpf_object *obj;
@@ -59,6 +113,90 @@ void bpf__clear(void)
 		bpf_object__close(obj);
 }
 
+static bool is_probed;
+
+int bpf__unprobe(void)
+{
+	struct strfilter *delfilter;
+	int ret;
+
+	if (!is_probed)
+		return 0;
+
+	delfilter = strfilter__new(PERF_BPF_PROBE_GROUP ":*", NULL);
+	if (!delfilter) {
+		pr_debug("Failed to create delfilter when unprobing\n");
+		return -ENOMEM;
+	}
+
+	ret = del_perf_probe_events(delfilter);
+	strfilter__delete(delfilter);
+	if (ret < 0 && is_probed)
+		pr_debug("Error: failed to delete events: %s\n",
+			 strerror(-ret));
+	else
+		is_probed = false;
+	return ret < 0 ? ret : 0;
+}
+
+int bpf__probe(void)
+{
+	int err, nr_events = 0;
+	struct bpf_object *obj, *tmp;
+	struct bpf_program *prog;
+	struct perf_probe_event *pevs;
+
+	pevs = calloc(MAX_PROBES, sizeof(pevs[0]));
+	if (!pevs)
+		return -ENOMEM;
+
+	bpf_object__for_each_safe(obj, tmp) {
+		bpf_object__for_each_program(prog, obj) {
+			err = config_bpf_program(prog, &pevs[nr_events++]);
+			if (err < 0)
+				goto out;
+
+			if (nr_events >= MAX_PROBES) {
+				pr_debug("Too many (more than %d) events\n",
+					 MAX_PROBES);
+				err = -ERANGE;
+				goto out;
+			};
+		}
+	}
+
+	if (!nr_events) {
+		/*
+		 * Don't call following code to prevent perf report failure
+		 * init_symbol_maps can fail when perf is started by non-root
+		 * user, which prevent non-root user track normal events even
+		 * without using BPF, because bpf__probe() is called by
+		 * 'perf record' unconditionally.
+		 */
+		err = 0;
+		goto out;
+	}
+
+	probe_conf.max_probes = MAX_PROBES;
+	/* Let convert_perf_probe_events generates probe_trace_event (tevs) */
+	err = convert_perf_probe_events(pevs, nr_events);
+	if (err < 0) {
+		pr_debug("bpf_probe: failed to convert perf probe events");
+		goto out;
+	}
+
+	err = apply_perf_probe_events(pevs, nr_events);
+	if (err < 0)
+		pr_debug("bpf probe: failed to probe events\n");
+	else
+		is_probed = true;
+out_cleanup:
+	cleanup_perf_probe_events(pevs, nr_events);
+out:
+	free(pevs);
+	return err < 0 ? err : 0;
+}
+
 #define bpf__strerror_head(err, buf, size) \
 	char sbuf[STRERR_BUFSIZE], *emsg;\
 	if (!size)\
@@ -90,3 +228,14 @@ int bpf__strerror_prepare_load(const char *filename, int err,
 	bpf__strerror_end(buf, size);
 	return 0;
 }
+
+int bpf__strerror_probe(int err, char *buf, size_t size)
+{
+	bpf__strerror_head(err, buf, size);
+	bpf__strerror_entry(ERANGE, "Too many (more than %d) events",
+			    MAX_PROBES);
+	bpf__strerror_entry(ENOENT, "Selected kprobe point doesn't exist.");
+	bpf__strerror_entry(EEXIST, "Selected kprobe point already exist, try perf probe -d '*'.");
+	bpf__strerror_end(buf, size);
+	return 0;
+}
diff --git a/tools/perf/util/bpf-loader.h b/tools/perf/util/bpf-loader.h
index 12be630..6b09a85 100644
--- a/tools/perf/util/bpf-loader.h
+++ b/tools/perf/util/bpf-loader.h
@@ -9,10 +9,15 @@
 #include <string.h>
 #include "debug.h"
 
+#define PERF_BPF_PROBE_GROUP "perf_bpf_probe"
+
 #ifdef HAVE_LIBBPF_SUPPORT
 int bpf__prepare_load(const char *filename);
 int bpf__strerror_prepare_load(const char *filename, int err,
 			       char *buf, size_t size);
+int bpf__probe(void);
+int bpf__unprobe(void);
+int bpf__strerror_probe(int err, char *buf, size_t size);
 
 void bpf__clear(void);
 #else
@@ -22,6 +27,8 @@ static inline int bpf__prepare_load(const char *filename __maybe_unused)
 	return -1;
 }
 
+static inline int bpf__probe(void) { return 0; }
+static inline int bpf__unprobe(void) { return 0; }
 static inline void bpf__clear(void) { }
 
 static inline int
@@ -43,5 +50,11 @@ bpf__strerror_prepare_load(const char *filename __maybe_unused,
 {
 	return __bpf_strerror(buf, size);
 }
+
+static inline int bpf__strerror_probe(int err __maybe_unused,
+				      char *buf, size_t size)
+{
+	return __bpf_strerror(buf, size);
+}
 #endif
 #endif
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ