| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y7aZMkgVgl28Jgmv@alley>
Date: Thu, 5 Jan 2023 10:32:34 +0100
From: Petr Mladek <pmladek@...e.com>
To: Zhen Lei <thunder.leizhen@...wei.com>
Cc: Josh Poimboeuf <jpoimboe@...nel.org>,
Jiri Kosina <jikos@...nel.org>,
Miroslav Benes <mbenes@...e.cz>,
Joe Lawrence <joe.lawrence@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Mark Rutland <mark.rutland@....com>, bpf@...r.kernel.org,
linux-trace-kernel@...r.kernel.org, live-patching@...r.kernel.org,
linux-kernel@...r.kernel.org, Luis Chamberlain <mcgrof@...nel.org>,
linux-modules@...r.kernel.org
Subject: Re: [PATCH 2/3] bpf: Optimize get_modules_for_addrs()
On Wed 2023-01-04 17:25:08, Petr Mladek wrote:
> On Fri 2022-12-30 19:27:28, Zhen Lei wrote:
> > Function __module_address() can quickly return the pointer of the module
> > to which an address belongs. We do not need to traverse the symbols of all
> > modules to check whether each address in addrs[] is the start address of
> > the corresponding symbol, because register_fprobe_ips() will do this check
> > later.
> >
> > Assuming that there are m modules, each module has n symbols on average,
> > and the number of addresses 'addrs_cnt' is abbreviated as K. Then the time
> > complexity of the original method is O(K * log(K)) + O(m * n * log(K)),
> > and the time complexity of current method is O(K * (log(m) + M)), M <= m.
> > (m * n * log(K)) / (K * m) ==> n / log2(K). Even if n is 10 and K is 128,
> > the ratio is still greater than 1. Therefore, the new method will
> > generally have better performance.
> >
> > Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
> > ---
> > kernel/trace/bpf_trace.c | 101 ++++++++++++++++-----------------------
> > 1 file changed, 40 insertions(+), 61 deletions(-)
> >
> > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> > index 5f3be4bc16403a5..0ff9037098bd241 100644
> > --- a/kernel/trace/bpf_trace.c
> > +++ b/kernel/trace/bpf_trace.c
> > @@ -2684,69 +2684,55 @@ static void symbols_swap_r(void *a, void *b, int size, const void *priv)
> > }
> > }
> >
> > -struct module_addr_args {
> > - unsigned long *addrs;
> > - u32 addrs_cnt;
> > - struct module **mods;
> > - int mods_cnt;
> > - int mods_cap;
> > -};
> > -
> > -static int module_callback(void *data, const char *name,
> > - struct module *mod, unsigned long addr)
> > +static int get_modules_for_addrs(struct module ***out_mods, unsigned long *addrs, u32 addrs_cnt)
> > {
> > - struct module_addr_args *args = data;
> > - struct module **mods;
> > -
> > - /* We iterate all modules symbols and for each we:
> > - * - search for it in provided addresses array
> > - * - if found we check if we already have the module pointer stored
> > - * (we iterate modules sequentially, so we can check just the last
> > - * module pointer)
> > - * - take module reference and store it
> > - */
> > - if (!bsearch(&addr, args->addrs, args->addrs_cnt, sizeof(addr),
> > - bpf_kprobe_multi_addrs_cmp))
> > - return 0;
> > + int i, j, err;
> > + int mods_cnt = 0;
> > + int mods_cap = 0;
> > + struct module *mod;
> > + struct module **mods = NULL;
> >
> > - if (args->mods && args->mods[args->mods_cnt - 1] == mod)
> > - return 0;
> > + for (i = 0; i < addrs_cnt; i++) {
> > + mod = __module_address(addrs[i]);
>
> This must be called under module_mutex to make sure that the module
> would not disappear.
>
> > + if (!mod)
> > + continue;
> >
> > - if (args->mods_cnt == args->mods_cap) {
> > - args->mods_cap = max(16, args->mods_cap * 3 / 2);
> > - mods = krealloc_array(args->mods, args->mods_cap, sizeof(*mods), GFP_KERNEL);
> > - if (!mods)
> > - return -ENOMEM;
> > - args->mods = mods;
> > - }
> > + /* check if we already have the module pointer stored */
> > + for (j = 0; j < mods_cnt; j++) {
> > + if (mods[j] == mod)
> > + break;
> > + }
>
> This might get optimized like the original code.
>
> My understanding is that the addresses are sorted in "addrs" array.
> So, the address is either part of the last found module or it belongs
> to a completely new module.
I thought more about it and I think that I was wrong, see below.
> for (i = 0; i < addrs_cnt; i++) {
> /*
> * The adresses are sorted. The adress either belongs
> * to the last found module or a new one.
> *
> * This is safe because we already have reference
> * on the found modules.
> */
> if (mods_cnt && within_module(addrs[i], mods[mods_cnt - 1]))
> continue;
within_module() checks two sections (init and core). They are
allocated separately, see module_alloc() called in move_module().
There might be a section from another modules between the init
and core section of a module.
The optimization worked in the original code because
module_kallsyms_on_each_symbol() always iterated over all
symbols from a module.
That said, I am not sure if bpf trace might be added for
symbols in the module init section. But it might be
better to stay on the safe side.
Best Regards,
Petr
Powered by blists - more mailing lists