| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Oct 2015 02:13:49 -0700
From: tip-bot for Wang Nan <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: namhyung@...nel.org, ast@...mgrid.com, mingo@...nel.org,
hekuang@...wei.com, dsahern@...il.com, hpa@...or.com,
daniel@...earbox.net, lizefan@...wei.com, a.p.zijlstra@...llo.nl,
xiakaixu@...wei.com, brendan.d.gregg@...il.com, acme@...hat.com,
tglx@...utronix.de, wangnan0@...wei.com, jolsa@...nel.org,
linux-kernel@...r.kernel.org, masami.hiramatsu.pt@...achi.com
Subject: [tip:perf/core] perf bpf: Attach eBPF filter to perf event
Commit-ID: 1f45b1d49073541947193bd7dac9e904142576aa
Gitweb: http://git.kernel.org/tip/1f45b1d49073541947193bd7dac9e904142576aa
Author: Wang Nan <wangnan0@...wei.com>
AuthorDate: Wed, 14 Oct 2015 12:41:18 +0000
Committer: Arnaldo Carvalho de Melo <acme@...hat.com>
CommitDate: Thu, 29 Oct 2015 17:16:22 -0300
perf bpf: Attach eBPF filter to perf event
This is the final patch which makes basic BPF filter work. After
applying this patch, users are allowed to use BPF filter like:
# perf record --event ./hello_world.o ls
A bpf_fd field is appended to 'struct evsel', and setup during the
callback function add_bpf_event() for each 'probe_trace_event'.
PERF_EVENT_IOC_SET_BPF ioctl is used to attach eBPF program to a newly
created perf event. The file descriptor of the eBPF program is passed to
perf record using previous patches, and stored into evsel->bpf_fd.
It is possible that different perf event are created for one kprobe
events for different CPUs. In this case, when trying to call the ioctl,
EEXIST will be return. This patch doesn't treat it as an error.
Committer note:
The bpf proggie used so far:
__attribute__((section("fork=_do_fork"), used))
int fork(void *ctx)
{
return 0;
}
char _license[] __attribute__((section("license"), used)) = "GPL";
int _version __attribute__((section("version"), used)) = 0x40300;
failed to produce any samples, even with forks happening and it being
running in system wide mode.
That is because now the filter is being associated, and the code above
always returns zero, meaning that all forks will be probed but filtered
away ;-/
Change it to 'return 1;' instead and after that:
# trace --no-syscalls --event /tmp/foo.o
0.000 perf_bpf_probe:fork:(ffffffff8109be30))
2.333 perf_bpf_probe:fork:(ffffffff8109be30))
3.725 perf_bpf_probe:fork:(ffffffff8109be30))
4.550 perf_bpf_probe:fork:(ffffffff8109be30))
^C#
And it works with all tools, including 'perf trace'.
Signed-off-by: Wang Nan <wangnan0@...wei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: Alexei Starovoitov <ast@...mgrid.com>
Cc: Brendan Gregg <brendan.d.gregg@...il.com>
Cc: Daniel Borkmann <daniel@...earbox.net>
Cc: David Ahern <dsahern@...il.com>
Cc: He Kuang <hekuang@...wei.com>
Cc: Jiri Olsa <jolsa@...nel.org>
Cc: Kaixu Xia <xiakaixu@...wei.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Cc: Zefan Li <lizefan@...wei.com>
Cc: pi3orama@....com
Link: http://lkml.kernel.org/r/1444826502-49291-8-git-send-email-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
---
tools/perf/util/evsel.c | 17 +++++++++++++++++
tools/perf/util/evsel.h | 1 +
tools/perf/util/parse-events.c | 6 ++++++
3 files changed, 24 insertions(+)
diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index 3ac4ee9c..397fb4e 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -208,6 +208,7 @@ void perf_evsel__init(struct perf_evsel *evsel,
evsel->unit = "";
evsel->scale = 1.0;
evsel->evlist = NULL;
+ evsel->bpf_fd = -1;
INIT_LIST_HEAD(&evsel->node);
INIT_LIST_HEAD(&evsel->config_terms);
perf_evsel__object.init(evsel);
@@ -1356,6 +1357,22 @@ retry_open:
err);
goto try_fallback;
}
+
+ if (evsel->bpf_fd >= 0) {
+ int evt_fd = FD(evsel, cpu, thread);
+ int bpf_fd = evsel->bpf_fd;
+
+ err = ioctl(evt_fd,
+ PERF_EVENT_IOC_SET_BPF,
+ bpf_fd);
+ if (err && errno != EEXIST) {
+ pr_err("failed to attach bpf fd %d: %s\n",
+ bpf_fd, strerror(errno));
+ err = -EINVAL;
+ goto out_close;
+ }
+ }
+
set_rlimit = NO_CHANGE;
/*
diff --git a/tools/perf/util/evsel.h b/tools/perf/util/evsel.h
index 1e8ff19..0e49bd7 100644
--- a/tools/perf/util/evsel.h
+++ b/tools/perf/util/evsel.h
@@ -123,6 +123,7 @@ struct perf_evsel {
char *group_name;
bool cmdline_group_boundary;
struct list_head config_terms;
+ int bpf_fd;
};
union u64_swap {
diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index d97b037..cee8c61 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -542,6 +542,7 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd,
struct __add_bpf_event_param *param = _param;
struct parse_events_evlist *evlist = param->data;
struct list_head *list = param->list;
+ struct perf_evsel *pos;
int err;
pr_debug("add bpf event %s:%s and attach bpf program %d\n",
@@ -562,6 +563,11 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd,
}
pr_debug("adding %s:%s\n", tev->group, tev->event);
+ list_for_each_entry(pos, &new_evsels, node) {
+ pr_debug("adding %s:%s to %p\n",
+ tev->group, tev->event, pos);
+ pos->bpf_fd = fd;
+ }
list_splice(&new_evsels, list);
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists