lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Nov 2018 10:32:19 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Song Liu <songliubraving@...com>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        ast@...nel.org, daniel@...earbox.net, acme@...nel.org,
        kernel-team@...com
Subject: Re: [PATCH perf,bpf 0/5] reveal invisible bpf programs

On Wed, Nov 21, 2018 at 11:54:57AM -0800, Song Liu wrote:
> Changes RFC -> PATCH v1:
> 
> 1. In perf-record, poll vip events in a separate thread;
> 2. Add tag to bpf prog name;
> 3. Small refactorings.
> 
> Original cover letter (with minor revisions):
> 
> This is to follow up Alexei's early effort to show bpf programs
> 
>    https://www.spinics.net/lists/netdev/msg524232.html
> 
> In this version, PERF_RECORD_BPF_EVENT is introduced to send real time BPF
> load/unload events to user space. In user space, perf-record is modified
> to listen to these events (through a dedicated ring buffer) and generate
> detailed information about the program (struct bpf_prog_info_event). Then,
> perf-report translates these events into proper symbols.
> 
> With this set, perf-report will show bpf program as:
> 
>    18.49%     0.16%  test  [kernel.vmlinux]    [k] ksys_write
>    18.01%     0.47%  test  [kernel.vmlinux]    [k] vfs_write
>    17.02%     0.40%  test  bpf_prog            [k] bpf_prog_07367f7ba80df72b_
>    16.97%     0.10%  test  [kernel.vmlinux]    [k] __vfs_write
>    16.86%     0.12%  test  [kernel.vmlinux]    [k] comm_write
>    16.67%     0.39%  test  [kernel.vmlinux]    [k] bpf_probe_read
> 
> Note that, the program name is still work in progress, it will be cleaner
> with function types in BTF.
> 
> Please share your comments on this.

So I see:

  kernel/bpf/core.c:void bpf_prog_kallsyms_add(struct bpf_prog *fp)

which should already provide basic symbol information for extant eBPF
programs, right?

And (AFAIK) perf uses /proc/kcore for annotate on the current running
kernel (if not, it really should, given alternatives, jump_labels and
all other other self-modifying code).

So this fancy new stuff is only for the case where your profile spans
eBPF load/unload events (which should be relatively rare in the normal
case, right), or when you want source annotated asm output (I normally
don't bother with that).

That is; I would really like this fancy stuff to be an optional extra
that is typically not needed.

Does that make sense?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ