| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Mar 2018 10:43:00 +0100
From: Jiri Olsa <jolsa@...nel.org>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Brendan Gregg <bgregg@...flix.com>,
Stanislav Kozina <skozina@...hat.com>,
"Frank Ch. Eigler" <fche@...hat.com>,
Will Cohen <wcohen@...hat.com>,
Eugene Syromiatnikov <esyromia@...hat.com>,
Jerome Marchand <jmarchan@...hat.com>,
lkml <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
David Ahern <dsahern@...il.com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: [RFC 00/13] perf bpf: Add support to run BEGIN/END code
hi,
this is *RFC* and the following patchset is very rough
and ugly 'prove of concept'-kind-of-toy code. I'm mostly
interested in opinions about if this could be useful in
your current eBPF usage.
Currently we can load eBPF code within the record command
and attach it to event. We have 2 ways of communicating
the data back to user: bpf-output event that goes to
perf.data or 'trace_printk' output in tracefs buffer.
AFAICS we're not covering quite large usage base that runs
code before and once the probe is finished to setup, collect
and display the collected data.
This patchset is adding support to run BEGIN and END
code snipets before and after eBPF probe is loaded.
This allow to write 'collecting' code in eBPF object,
like in the attached example (it's also part of the
patchset).
This patchset also adds 'bpf' command to ease up the
loading of eBPF files with options for compilation
and disassembly of eBPF objects:
$ perf bpf -c samples/syscall-counts.c
LLVM: dumping samples/syscall-counts.o
$ perf bpf -d samples/syscall-counts.o | head
Disassembly of raw_syscalls:sys_enter:
0: (b7) r1 = 1
b7 01 00 00 01 00 00 00
1: (7b) *(u64 *)(r10 -8) = r1
7b 1a f8 ff 00 00 00 00
2: (bf) r6 = r10
...
$ sudo perf bpf -e samples/syscall-counts.o -a
BEGIN
^CEND
comm value
firefox 182
Socket Thread 8
InotifyEventThr 26
xmonad-x86_64-l 405
...
The patchset is also available in here:
https://git.kernel.org/pub/scm/linux/kernel/git/jolsa/perf.git
perf/bpf
So far I need following following lines in .perfconfig to run this:
[llvm]
kbuild-dir=/home/jolsa/kernel/linux-perf
clang-opt=-I/home/jolsa/kernel/linux-perf/tools/perf/util
thoughts? ;-) thanks,
jirka
Cc: Brendan Gregg <bgregg@...flix.com>
Cc: Stanislav Kozina <skozina@...hat.com>
Cc: "Frank Ch. Eigler" <fche@...hat.com>
Cc: Will Cohen <wcohen@...hat.com>
Cc: Eugene Syromiatnikov <esyromia@...hat.com>
Cc: Jerome Marchand <jmarchan@...hat.com>
---
#include <uapi/linux/bpf.h>
#include <bpf-helpers.h>
#include <bpf-userfuncs.h>
#define TASK_COMM_LEN 16
char _license[] SEC("license") = "GPL";
int _version SEC("version") = LINUX_VERSION_CODE;
struct key_t {
char comm[TASK_COMM_LEN];
};
struct bpf_map_def SEC("maps") counts_map = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(struct key_t),
.value_size = sizeof(u64),
.max_entries = 100,
};
SEC("raw_syscalls:sys_enter")
int func(void *ctx)
{
u64 *val, one = 1;
struct key_t key;
char comm[TASK_COMM_LEN];
bpf_get_current_comm(&key.comm, sizeof(comm));
val = bpf_map_lookup_elem(&counts_map, &key);
if (val)
(*val)++;
else
bpf_map_update_elem(&counts_map, &key, &one, BPF_NOEXIST);
return 0;
}
int BEGIN(void)
{
print("BEGIN\n");
return 0;
}
void END(void)
{
struct key_t key = {}, next_key;
u64 value;
int i = 0;
print("END\n");
print("\n comm value\n");
while (bpfu_map_get_next_key(&counts_map, &key, &next_key) == 0) {
if (bpfu_map_lookup_elem(&counts_map, &next_key, &value))
continue;
print("%18s %16lu\n", next_key.comm, value);
key = next_key;
}
}
---
Jiri Olsa (13):
lib bpf: Add bpf_program__insns function
perf tools: Display ebpf compiling command in debug output
perf tools: Add bpf command
perf tools: Add bpf__compile function
perf bpf: Add compile option
perf bpf: Add disasm option
libbpf: Make bpf_program__next skip .text section
libbpf: Collect begin/end .text functions
libbpf: Add bpf_insn__interpret function
libbpf: Add bpf_object__run_(begin|end) functions
perf bpf: Add helper header files
perf bpf: Run begin/end programs
perf samples: Add syscall-count.c object
tools/lib/bpf/Build | 2 +-
tools/lib/bpf/interp.c | 245 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/lib/bpf/libbpf.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++--
tools/lib/bpf/libbpf.h | 7 +++
tools/perf/Build | 7 +++
tools/perf/Makefile.config | 1 +
tools/perf/builtin-bpf.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/perf/builtin.h | 1 +
tools/perf/command-list.txt | 1 +
tools/perf/perf.c | 1 +
tools/perf/samples/syscall-counts.c | 61 ++++++++++++++++++++++++
tools/perf/util/bpf-helpers.h | 246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/perf/util/bpf-loader.c | 124 ++++++++++++++++++++++++++++++++++++++++++++-----
tools/perf/util/bpf-loader.h | 4 ++
tools/perf/util/bpf-userapi.h | 11 +++++
tools/perf/util/bpf-userfuncs.h | 19 ++++++++
tools/perf/util/llvm-utils.c | 14 ++++++
17 files changed, 1173 insertions(+), 15 deletions(-)
create mode 100644 tools/lib/bpf/interp.c
create mode 100644 tools/perf/builtin-bpf.c
create mode 100644 tools/perf/samples/syscall-counts.c
create mode 100644 tools/perf/util/bpf-helpers.h
create mode 100644 tools/perf/util/bpf-userapi.h
create mode 100644 tools/perf/util/bpf-userfuncs.h
Powered by blists - more mailing lists