| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM9d7chU4pPVTT1rFvr4zP27c5DOVuX6MJi6qBw9SgN1B-Ezww@mail.gmail.com>
Date: Tue, 7 Mar 2023 12:57:26 -0800
From: Namhyung Kim <namhyung@...nel.org>
To: Adrian Hunter <adrian.hunter@...el.com>
Cc: Arnaldo Carvalho de Melo <acme@...nel.org>,
Jiri Olsa <jolsa@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...nel.org>,
Ian Rogers <irogers@...gle.com>,
Andi Kleen <ak@...ux.intel.com>,
Kan Liang <kan.liang@...ux.intel.com>,
Song Liu <song@...nel.org>,
Stephane Eranian <eranian@...gle.com>,
Ravi Bangoria <ravi.bangoria@....com>,
Leo Yan <leo.yan@...aro.org>,
James Clark <james.clark@....com>, Hao Luo <haoluo@...gle.com>,
LKML <linux-kernel@...r.kernel.org>,
linux-perf-users@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH 2/8] perf bpf filter: Implement event sample filtering
Hi Adrian,
Thanks for your feedback!
On Tue, Mar 7, 2023 at 5:04 AM Adrian Hunter <adrian.hunter@...el.com> wrote:
>
> On 23/02/23 01:01, Namhyung Kim wrote:
> > The BPF program will be attached to a perf_event and be triggered when
> > it overflows. It'd iterate the filters map and compare the sample
> > value according to the expression. If any of them fails, the sample
> > would be dropped.
> >
> > Also it needs to have the corresponding sample data for the expression
> > so it compares data->sample_flags with the given value. To access the
> > sample data, it uses the bpf_cast_to_kern_ctx() kfunc which was added
> > in v6.2 kernel.
> >
> > Signed-off-by: Namhyung Kim <namhyung@...nel.org>
[SNIP]
> > diff --git a/tools/perf/util/bpf-filter.h b/tools/perf/util/bpf-filter.h
> > index fd5b1164a322..6077930073f9 100644
> > --- a/tools/perf/util/bpf-filter.h
> > +++ b/tools/perf/util/bpf-filter.h
> > @@ -4,15 +4,7 @@
> >
> > #include <linux/list.h>
> >
> > -enum perf_bpf_filter_op {
> > - PBF_OP_EQ,
> > - PBF_OP_NEQ,
> > - PBF_OP_GT,
> > - PBF_OP_GE,
> > - PBF_OP_LT,
> > - PBF_OP_LE,
> > - PBF_OP_AND,
> > -};
> > +#include "bpf_skel/sample-filter.h"
> >
> > struct perf_bpf_filter_expr {
> > struct list_head list;
> > @@ -21,16 +13,30 @@ struct perf_bpf_filter_expr {
> > unsigned long val;
> > };
> >
> > +struct evsel;
> > +
> > #ifdef HAVE_BPF_SKEL
> > struct perf_bpf_filter_expr *perf_bpf_filter_expr__new(unsigned long sample_flags,
> > enum perf_bpf_filter_op op,
> > unsigned long val);
> > int perf_bpf_filter__parse(struct list_head *expr_head, const char *str);
> > +int perf_bpf_filter__prepare(struct evsel *evsel);
> > +int perf_bpf_filter__destroy(struct evsel *evsel);
> > +
> > #else /* !HAVE_BPF_SKEL */
> > +
> > static inline int perf_bpf_filter__parse(struct list_head *expr_head __maybe_unused,
> > const char *str __maybe_unused)
> > {
> > return -ENOSYS;
>
> Any reason for ENOSYS instead of say EOPNOTSUPP?
No specific reason. I can change it to EOPNOTSUPP.
>
> > }
> > +static inline int perf_bpf_filter__prepare(struct evsel *evsel)
>
> Needs __maybe_unused on the parameters
Sure.
>
> > +{
> > + return -ENOSYS;
> > +}
> > +static inline int perf_bpf_filter__destroy(struct evsel *evsel)
>
> Needs __maybe_unused on the parameters
Will do.
Thanks,
Namhyung
Powered by blists - more mailing lists