lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 27 May 2022 07:13:54 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Zhang Yuchen <zhangyuchen.lcr@...edance.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        David Hildenbrand <david@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Alexei Starovoitov <ast@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux-Fsdevel <linux-fsdevel@...r.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
        linux-s390 <linux-s390@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>, fam.zheng@...edance.com,
        bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH] procfs: add syscall statistics

On Fri, May 27, 2022 at 4:10 AM Zhang Yuchen
<zhangyuchen.lcr@...edance.com> wrote:
>
> Add /proc/syscalls to display percpu syscall count.

I second Peter's nack.
We don't add debug features to the production kernel.

> We need a less resource-intensive way to count syscall per cpu
> for system problem location.
>
> There is a similar utility syscount in the BCC project, but syscount
> has a high performance cost.

There are two syscount tools in BCC:
tools/syscount
libbpf-tools/syscount

Which one has this 42% overhead?

The former tool is obsolete though.
It was written in the days when bpf had 1/10 of
the features it has today.
Both tools can be optimized.
They attach to raw_syscalls tracepoint.
tracepoints are not cheap.
In terms of overhead:
tracepoint > raw_tracepoint > fentry.
bpf can attach to all three.

Please profile libbpf-tools/syscount tool
with perf and unixbench, understand where overhead
comes from and then optimize the tool.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ