| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240824163322.60796-1-howardchu95@gmail.com>
Date: Sun, 25 Aug 2024 00:33:14 +0800
From: Howard Chu <howardchu95@...il.com>
To: acme@...nel.org
Cc: adrian.hunter@...el.com,
irogers@...gle.com,
jolsa@...nel.org,
kan.liang@...ux.intel.com,
namhyung@...nel.org,
linux-perf-users@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v3 0/8] perf trace: Enhanced augmentation for pointer arguments
Changes in v3:
- Prefer customized pretty printers to BTF general pretty printer
- Add --force-btf for debugging purpose (use BTF printer instead of the
customized ones that already exist)
- Add trap-handling cleanup to tests
Changes in v2:
- Fix perf trace workload bug.
- Rename pids_filtered to pids_filtered_out, and add pids_allowed to
avoid confusion.
- Add tests.
Forgot to add some before & afters in v1, here they are:
before:
# struct
perf $ perf trace -e epoll_wait
0.068 (500.192 ms): Hyprland/539 epoll_wait(epfd: 3, events: 0x7ffd9f6f1730, maxevents: 32, timeout: 4294967295) = 1
# string
perf $ perf trace -e renameat2 -- mv /tmp/f1 /tmp/f2
0.024 ( 0.012 ms): mv/294902 renameat2(olddfd: CWD, oldname: "/tmp/f1", newdfd: CWD, newname: "") = 0
# buffer
perf $ perf trace -e write echo "Hikawa Sayo"
Hikawa Sayo
0.000 ( 0.011 ms): echo/928215 write(fd: 1, buf: 0x5b292f307410, count: 12) = 12
after:
# struct
perf $ perf trace -e epoll_wait
0.023 (500.128 ms): Hyprland/539 epoll_wait(epfd: 3, events: {1,102459045712424,}, maxevents: 32, timeout: 4294967295) = 1
# string
perf $ perf trace -e renameat2 -- mv /tmp/f1 /tmp/f2
0.039 ( 0.018 ms): mv/295046 renameat2(olddfd: CWD, oldname: "/tmp/f1", newdfd: CWD, newname: "/tmp/f2") = 0
# buffer
perf $ perf trace -e write echo "Hikawa Sayo"
Hikawa Sayo
0.000 ( 0.013 ms): echo/929159 write(fd: 1, buf: "Hikawa Sayo\10", count: 12) = 12
Still debugging read-like syscalls augmentation such as read, readlinkat
and gettimeofday. The support for read-like syscalls will be added in a
separated patch.
v1:
This patch series adds augmentation feature to struct pointer, string
and buffer arguments all-in-one. It also fixes 'perf trace -p <PID>'.
With this patch series, perf trace will augment struct pointers well, it
can be applied to syscalls such as clone3, epoll_wait, write, and so on.
But unfortunately, it only collects the data once, when syscall enters.
This makes syscalls that pass a pointer in order to let it get
written, not to be augmented very well, I call them the read-like
syscalls, because it reads from the kernel, using the syscall. This
patch series only augments write-like syscalls well.
Unfortunately, there are more read-like syscalls(such as read,
readlinkat, even gettimeofday) than write-like syscalls(write, pwrite64,
epoll_wait, clone3).
Here are three test scripts that I find useful:
pwrite64
```
#include <unistd.h>
#include <sys/syscall.h>
int main()
{
int i1 = 1, i2 = 2, i3 = 3, i4 = 4;
char s1[] = "DI\0NGZ\0HE\1N", s2[] = "XUEBAO";
while (1) {
syscall(SYS_pwrite64, i1, s1, sizeof(s1), i2);
sleep(1);
}
return 0;
}
```
epoll_wait
```
#include <unistd.h>
#include <sys/epoll.h>
#include <stdlib.h>
#include <string.h>
#define MAXEVENTS 2
int main()
{
int i1 = 1, i2 = 2, i3 = 3, i4 = 4;
char s1[] = "DINGZHEN", s2[] = "XUEBAO";
struct epoll_event ee = {
.events = 114,
.data.ptr = NULL,
};
struct epoll_event *events = calloc(MAXEVENTS, sizeof(struct epoll_event));
memcpy(events, &ee, sizeof(ee));
while (1) {
epoll_wait(i1, events, i2, i3);
sleep(1);
}
return 0;
}
```
clone3
```
#include <unistd.h>
#include <sys/syscall.h>
#include <linux/sched.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
int main()
{
int i1 = 1, i2 = 2, i3 = 3, i4 = 4;
char s1[] = "DINGZHEN", s2[] = "XUEBAO";
struct clone_args cla = {
.flags = 1,
.pidfd = 1,
.child_tid = 4,
.parent_tid = 5,
.exit_signal = 1,
.stack = 4,
.stack_size = 1,
.tls = 9,
.set_tid = 1,
.set_tid_size = 9,
.cgroup = 8,
};
while (1) {
syscall(SYS_clone3, &cla, i1);
sleep(1);
}
return 0;
}
```
Arnaldo Carvalho de Melo (1):
perf trace: Pass the richer 'struct syscall_arg' pointer to
trace__btf_scnprintf()
Howard Chu (7):
perf trace: Fix perf trace -p <PID>
perf trace: Add trace__bpf_sys_enter_beauty_map() to prepare for
fetching data in BPF
perf trace: Pretty print struct data
perf trace: Pretty print buffer data
perf trace: Collect augmented data using BPF
perf trace: Add --force-btf for debugging
perf trace: Add general tests for augmented syscalls
tools/perf/builtin-trace.c | 217 +++++++++++++++++-
tools/perf/tests/shell/trace_btf_general.sh | 67 ++++++
tools/perf/trace/beauty/perf_event_open.c | 2 +-
tools/perf/trace/beauty/sockaddr.c | 2 +-
tools/perf/trace/beauty/timespec.c | 2 +-
.../bpf_skel/augmented_raw_syscalls.bpf.c | 114 ++++++++-
tools/perf/util/evlist.c | 2 +-
tools/perf/util/trace_augment.h | 6 +
8 files changed, 399 insertions(+), 13 deletions(-)
create mode 100755 tools/perf/tests/shell/trace_btf_general.sh
create mode 100644 tools/perf/util/trace_augment.h
--
2.45.2
Powered by blists - more mailing lists