lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160225184234.GQ8720@kernel.org>
Date:	Thu, 25 Feb 2016 15:42:34 -0300
From:	Arnaldo Carvalho de Melo <acme@...nel.org>
To:	Taeung Song <treeze.taeung@...il.com>
Cc:	Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Ingo Molnar <mingo@...hat.com>, Jiri Olsa <jolsa@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
	Lai Jiangshan <jiangshanlai@...il.com>
Subject: Re: [PATCH v2 1/3] tracing/syscalls: Rename variable 'nr' to
 'syscall_nr'

Em Fri, Feb 26, 2016 at 03:31:19AM +0900, Taeung Song escreveu:
> Hi, Arnaldo
> 
> On 02/26/2016 02:57 AM, Arnaldo Carvalho de Melo wrote:
> >Em Fri, Feb 26, 2016 at 02:38:57AM +0900, Taeung Song escreveu:
> >>There is a problem about duplicated variable name i.e.
> >>     # cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_io_getevents/format
> >>     name: sys_enter_io_getevents
> >>     ID: 739
> >>     format:
> >>             field:unsigned short common_type; offset:0;  size:2; signed:0;
> >>             field:unsigned char common_flags; offset:2;  size:1; signed:0;
> >>             field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
> >>             field:int common_pid;offset:4;size:4;signed:1;
> >>             field:int nr;                     offset:8;  size:4; signed:1;
> >>             field:aio_context_t ctx_id;       offset:16; size:8; signed:0;
> >>             field:long min_nr;                offset:24; size:8; signed:0;
> >>             field:long nr;                    offset:32; size:8; signed:0;
> >>             field:struct io_event * events;   offset:40; size:8; signed:0;
> >>             field:struct timespec * timeout;  offset:48; size:8; signed:0;
> >>
> >>             print fmt: "ctx_id: 0x%08lx, min_nr: 0x%08lx, nr: 0x%08lx,
> >>                         events: 0x%08lx, timeout: 0x%08lx", ((unsigned long)(REC->ctx_id)),
> >>                         ((unsigned long)(REC->min_nr)), ((unsigned long)(REC->nr)),
> >>                         ((unsigned long)(REC->events)), ((unsigned long)(REC->timeout))
> >>
> >>As above 'int nr;' and 'long nr;' variables have
> >>duplicated name so problems are occurred in perf-script i.e.
> >>
> >>     # perf record -e syscalls:*
> >>     # perf script -g python
> >>     # perf script -s perf-script.py
> >>       File "perf-script.py", line 8694
> >>         def syscalls__sys_enter_io_getevents(event_name, context, common_cpu,
> >>     SyntaxError: duplicate argument 'nr' in function definition
> >>     Error running python script perf-script.py
> >
> >Please test this with 'perf trace', which this patch breaks, this patch
> >should make it understand this 3rd variation of the non common list of
> >fields in syscall tracepoints:
> 
> OK, I will test it.
> But IMHO, I think the bottom change has a problem.
> Because sys_enter_io_getevent() has a argument 'long nr'.

It doesn't matter

> So this if statement must not have strcmp(sc->args->name, "nr") == 0.

This is checking for the first variable, if that has that name, it
should be discarded, as in the past it wasn't there, so for the tool to
work on kernels with "nr" as the first (for the syscall number) variable
and for kernels without it, we must check and discard.

Now we must check and discard the first "nr" (for kernels with this
meaning the syscall number) and also if it is called "syscall_nr").
The other fields are taken as the syscall arguments, in the order that
they come, that is what what we will match with what is in the
raw_syscalls:sys_enter args array:

[root@...et ~]# cat
/sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/format 
name: sys_enter
ID: 17
format:
	field:unsigned short common_type;	offset:0;	size:2; signed:0;
	field:unsigned char common_flags;	offset:2;	size:1; signed:0;
	field:unsigned char common_preempt_count;	offset:3; size:1;	signed:0;
	field:int common_pid;	offset:4;	size:4;	signed:1;

	field:long id;	offset:8;	size:8;	signed:1;
	field:unsigned long args[6];	offset:16;	size:48; signed:0;

print fmt: "NR %ld (%lx, %lx, %lx, %lx, %lx, %lx)", REC->id,
REC->args[0], REC->args[1], REC->args[2], REC->args[3], REC->args[4],
REC->args[5]
[root@...et ~]#

> + if (sc->args && strcmp(sc->args->name, "syscall_nr") == 0) {
> 
> I think the above instance seem better than the bottom.
> 
> +	if (sc->args && (strcmp(sc->args->name, "syscall_nr") ||
> strcmp(sc->args->name, "nr")) == 0) {

Right in this 'if' body we do:

		sc->args = sc->args->next;
		sc->nr_args--;

something like that.

- Arnaldo
 
> But I'll test again with perf-trace.

Right, look at the output of 'perf trace' before and after, so that you
can check if, say, we're using that syscall_nr value as the fd for the
'write' syscall ('fd' comes right after 'nr'/'syscall_nr').

- Arnaldo

> And then will say the result.
> 
> >
> >diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
> >index 20916dd77aac..b31eed102a83 100644
> >--- a/tools/perf/builtin-trace.c
> >+++ b/tools/perf/builtin-trace.c
> >@@ -1724,8 +1724,8 @@ static int trace__read_syscall_info(struct trace *trace, int id)
> >
> >  	sc->args = sc->tp_format->format.fields;
> >  	sc->nr_args = sc->tp_format->format.nr_fields;
> >-	/* drop nr field - not relevant here; does not exist on older kernels */
> >-	if (sc->args && strcmp(sc->args->name, "nr") == 0) {
> >+	/* drop (syscall_)?nr field - not relevant here; does not exist on older kernels */
> >+	if (sc->args && (strcmp(sc->args->name, "syscall_nr") || strcmp(sc->args->name, "nr")) == 0) {
> >  		sc->args = sc->args->next;
> >  		--sc->nr_args;
> >  	}
> >
> >
> >----------------------
> >
> >But then I wonder if it wouldn't be better to prefix this with double
> >underscores, making it "__syscall_nr" :-\
> >
> 
> I so agree. Low probability but the name 'syscall_nr' may also
> have similar problems.
> 
> Thanks,
> Taeung

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ