lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160803025739.GA30416@ast-mbp.thefacebook.com>
Date:	Tue, 2 Aug 2016 19:57:42 -0700
From:	Alexei Starovoitov <alexei.starovoitov@...il.com>
To:	Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
Cc:	Wang Nan <wangnan0@...wei.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	brendan.d.gregg@...il.com, bblanco@...mgrid.com
Subject: Re: perf test BPF failing on f24: fix

On Tue, Aug 02, 2016 at 11:15:34PM -0300, Arnaldo Carvalho de Melo wrote:
> Em Tue, Aug 02, 2016 at 02:03:33PM -0700, Alexei Starovoitov escreveu:
> > On Tue, Aug 02, 2016 at 04:51:02PM -0300, Arnaldo Carvalho de Melo wrote:
> > > Hi Wang,
> > > 
> > > 	Something changed and a function used in a perf test for BPF is
> > > not anymore appearing on vmlinux, albeit still available on
> > > /proc/kallsyms:
> > > 
> > > # readelf -wi /lib/modules/4.7.0+/build/vmlinux | grep -w sys_epoll_wait
> > > #
> > > 
> > > But:
> > > 
> > > [root@...et ~]# grep -i sys_epoll_wait /proc/kallsyms 
> > > ffffffffbd295b50 T SyS_epoll_wait
> > > ffffffffbd295b50 T sys_epoll_wait
> > > [root@...et ~]#
> > > 
> > > I noticed that it is some sort of aliasing so I checked the other
> > > variant:
> > > 
> > > [root@...et ~]# readelf -wi /lib/modules/4.7.0+/build/vmlinux | grep -w SyS_epoll_wait
> > >     <2bc9b85>   DW_AT_name        : (indirect string, offset: 0xe7524): SyS_epoll_wait
> > > [root@...et ~]# 
> > > 
> > > Trying to use perf probe also produces the same resuls I notice when
> > > running the perf test that is failing:
> > > 
> > > [root@...et ~]# perf probe sys_epoll_wait
> > > Failed to find debug information for address ffffffffbd295b50
> > > Probe point 'sys_epoll_wait' not found.
> > >   Error: Failed to add events.
> > > [root@...et ~]# perf probe SyS_epoll_wait
> > > Added new events:
> > >   probe:SyS_epoll_wait (on SyS_epoll_wait)
> > >   probe:SyS_epoll_wait_1 (on SyS_epoll_wait)
> > >   probe:SyS_epoll_wait_2 (on SyS_epoll_wait)
> > 
> > that change will break all sorts of scripts that relying on syscalls to start
> > with sys_
> 
> Is there a promise that internal kernel functions will not change names?
>
> > I guess we can workaround in user space, but what was the motivation to
> > disable kprobe attach on sys_* while it's still in kallsyms?
> 
> Was it disabled? What I noticed whas that the sys_epoll_wait wasn't
> present in the DWARF info present in the vmlinux file, which would be
> good for others to confirm, which I'll check on other machines here at
> home, tomorrow.

as far as I can see sys_ and SyS_ both present in kallsyms,
so kprobe infra should recognize both,
the question is why perf decided to ingore sys_ version?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ