lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Aug 2022 14:12:56 -0700
From:   Namhyung Kim <namhyung@...nel.org>
To:     Song Liu <songliubraving@...com>
Cc:     Song Liu <song@...nel.org>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
        Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...nel.org>,
        "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf-next] bpf: Add bpf_read_raw_record() helper

On Fri, Aug 26, 2022 at 1:59 PM Song Liu <songliubraving@...com> wrote:
>
>
>
> > On Aug 26, 2022, at 12:30 PM, Namhyung Kim <namhyung@...nel.org> wrote:
> >
> > On Fri, Aug 26, 2022 at 11:45 AM Song Liu <songliubraving@...com> wrote:
> >
> >>> And actually, we can just read ctx->data and get the raw record,
> >>> right..?
> >>
> >> Played with this for a little bit. ctx->data appears to be not
> >> reliable sometimes. I guess (not 100% sure) this is because we
> >> call bpf program before event->orig_overflow_handler. We can
> >> probably add a flag to specify we want to call orig_overflow_handler
> >> first.
> >
> > I'm not sure.  The sample_data should be provided by the caller
> > of perf_event_overflow.  So I guess the bpf program should see
> > a valid ctx->data.
>
> Let's dig into this. Maybe we need some small changes in
> pe_prog_convert_ctx_access.

Sure, can you explain the problem in detail and share your program?

>
> > Also I want to control calling the orig_overflow_handler based
> > on the return value of the BPF program.  So calling the orig
> > handler before BPF won't work for me. :)
>
> Interesting. Could you share more information about the use case?

Well.. it's nothing new.  The bpf_overflow_handler calls the
orig_overflow_handler (which writes the sample to the buffer)
only if the BPF returns non zero.  Then I can drop unnecessary
samples based on the sample data by returning 0.

The possible use cases are
1. when you want to sample from specific code ranges only
2. when hardware sets specific bits in raw data

Thanks,
Namhyung

Powered by blists - more mailing lists