lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190612024917.GG28689@kernel.org>
Date:   Tue, 11 Jun 2019 23:49:17 -0300
From:   Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
To:     Leo Yan <leo.yan@...aro.org>
Cc:     Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        Mike Leach <mike.leach@...aro.org>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [PATCH v2 3/4] perf augmented_raw_syscalls: Support arm64 raw
 syscalls

Em Tue, Jun 11, 2019 at 12:18:31PM +0800, Leo Yan escreveu:
> On Mon, Jun 10, 2019 at 03:47:54PM -0300, Arnaldo Carvalho de Melo wrote:
> 
> [...]
> 
> > > > I tested with the lastest perf/core branch which contains the patch:
> > > > 'perf augmented_raw_syscalls: Tell which args are filenames and how
> > > > many bytes to copy' and got the error as below:
> > > > 
> > > > # perf trace -e string -e /mnt/linux-kernel/linux-cs-dev/tools/perf/examples/bpf/augmented_raw_syscalls.c
> > > > Error:  Invalid syscall access, chmod, chown, creat, futimesat, lchown, link, lstat, mkdir, mknod, newfstatat, open, readlink, rename,
> > > > rmdir, stat, statfs, symlink, truncate, unlink
> > 
> > Humm, I think that we can just make the code that parses the
> > tools/perf/trace/strace/groups/string file to ignore syscalls it can't
> > find in the syscall_tbl, i.e. trace those if they exist in the arch.
> 
> Agree.
> 
> > > > Hint:   try 'perf list syscalls:sys_enter_*'
> > > > Hint:   and: 'man syscalls'
> > > > 
> > > > So seems mksyscalltbl has not included completely for syscalls, I
> > > > use below command to generate syscalltbl_arm64[] array and it don't
> > > > include related entries for access, chmod, chown, etc ...
> > 
> > So, we need to investigate why is that these are missing, good thing we
> > have this 'strings' group :-)
> > 
> > > > You could refer the generated syscalltbl_arm64 in:
> > > > http://paste.ubuntu.com/p/8Bj7Jkm2mP/
> > > 
> > > After digging into this issue on Arm64, below is summary info:
> > > 
> > > - arm64 uses the header include/uapi/linux/unistd.h to define system
> > >   call numbers, in this header some system calls are not defined (I
> > >   think the reason is these system calls are obsolete at the end) so the
> > >   corresponding strings are missed in the array syscalltbl_native,
> > >   for arm64 the array is defined in the file:
> > >   tools/perf/arch/arm64/include/generated/asm/syscalls.c.
> > 
> > Yeah, I looked at the 'access' case and indeed it is not present in
> > include/uapi/asm-generic/unistd.h, which is the place
> > include/uapi/linux/unistd.h ends up.
> > 
> > Ok please take a look at the patch at the end of this message, should be ok?
> > 
> > I tested it by changing the strace/gorups/string file to have a few
> > unknown syscalls, running it with -v we see:
> > 
> > [root@...co perf]# perf trace -v -e string ls
> > Skipping unknown syscalls: access99, acct99, add_key99
> > <SNIP other verbose messages>
> > normal operation not considering those unknown syscalls.
> 
> I did testing with the patch, but it failed after I added eBPF event
> with below command, I even saw segmentation fault; please see below
> inline comments.
> 
>   perf --debug verbose=10 trace -e string -e \
>     /mnt/linux-kernel/linux-cs-dev/tools/perf/examples/bpf/augmented_raw_syscalls.c
> 
> [...]
> 
> > commit e0b34a78c4ed0a6422f5b2dafa0c8936e537ee41
> > Author: Arnaldo Carvalho de Melo <acme@...hat.com>
> > Date:   Mon Jun 10 15:37:45 2019 -0300
> > 
> >     perf trace: Skip unknown syscalls when expanding strace like syscall groups
> >     
> >     We have $INSTALL_DIR/share/perf-core/strace/groups/string files with
> >     syscalls that should be selected when 'string' is used, meaning, in this
> >     case, syscalls that receive as one of its arguments a string, like a
> >     pathname.
> >     
> >     But those were first selected and tested on x86_64, and end up failing
> >     in architectures where some of those syscalls are not available, like
> >     the 'access' syscall on arm64, which makes using 'perf trace -e string'
> >     in such archs to fail.
> >     
> >     Since this the routine doing the validation is used only when reading
> >     such files, do not fail when some syscall is not found in the
> >     syscalltbl, instead just use pr_debug() to register that in case people
> >     are suspicious of problems.
> >     
> >     Now using 'perf trace -e string' should work on arm64, selecting only
> >     the syscalls that have a string and are available on that architecture.
> >     
> >     Reported-by: Leo Yan <leo.yan@...aro.org>
> >     Cc: Adrian Hunter <adrian.hunter@...el.com>
> >     Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> >     Cc: Alexei Starovoitov <ast@...nel.org>
> >     Cc: Daniel Borkmann <daniel@...earbox.net>
> >     Cc: Jiri Olsa <jolsa@...hat.com>
> >     Cc: Martin KaFai Lau <kafai@...com>
> >     Cc: Mathieu Poirier <mathieu.poirier@...aro.org>
> >     Cc: Mike Leach <mike.leach@...aro.org>
> >     Cc: Namhyung Kim <namhyung@...nel.org>
> >     Cc: Song Liu <songliubraving@...com>
> >     Cc: Suzuki K Poulose <suzuki.poulose@....com>
> >     Cc: Yonghong Song <yhs@...com>
> >     Link: https://lkml.kernel.org/n/tip-oa4c2x8p3587jme0g89fyg18@git.kernel.org
> >     Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
> > 
> > diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
> > index 1a2a605cf068..eb70a4b71755 100644
> > --- a/tools/perf/builtin-trace.c
> > +++ b/tools/perf/builtin-trace.c
> > @@ -1529,6 +1529,7 @@ static int trace__read_syscall_info(struct trace *trace, int id)
> >  static int trace__validate_ev_qualifier(struct trace *trace)
> >  {
> >  	int err = 0, i;
> > +	bool printed_invalid_prefix = false;
> >  	size_t nr_allocated;
> >  	struct str_node *pos;
> >  
> > @@ -1555,14 +1556,15 @@ static int trace__validate_ev_qualifier(struct trace *trace)
> >  			if (id >= 0)
> >  				goto matches;
> >  
> > -			if (err == 0) {
> > -				fputs("Error:\tInvalid syscall ", trace->output);
> > -				err = -EINVAL;
> > +			if (!printed_invalid_prefix) {
> > +				pr_debug("Skipping unknown syscalls: ");
> > +				printed_invalid_prefix = true;
> >  			} else {
> > -				fputs(", ", trace->output);
> > +				pr_debug(", ");
> >  			}
> >  
> > -			fputs(sc, trace->output);
> > +			pr_debug("%s", sc);
> > +			continue;
> 
> Here adds 'continue' so that we want to let ev_qualifier_ids.entries
> to only store valid system call ids.  But this is not sufficient,
> because we have initialized ev_qualifier_ids.nr at the beginning of
> the function:
> 
>   trace->ev_qualifier_ids.nr = strlist__nr_entries(trace->ev_qualifier);
> This sentence will set ids number to the string table's length; but
> actually some strings are not really supported; this leads to some
> items in trace->ev_qualifier_ids.entries[] will be not initialized
> properly.
> 
> If we want to get neat entries and entry number, I suggest at the
> beginning of the function we use variable 'nr_allocated' to store
> string table length and use it to allocate entries:
> 
>   nr_allocated = strlist__nr_entries(trace->ev_qualifier);
>   trace->ev_qualifier_ids.entries = malloc(nr_allocated *
>                                            sizeof(trace->ev_qualifier_ids.entries[0]));
> 
> If we find any matched string, then increment the nr field under
> 'matches' tag:
> 
> matches:
>                 trace->ev_qualifier_ids.nr++;
>                 trace->ev_qualifier_ids.entries[i++] = id;
> 
> This can ensure the entries[0..nr-1] has valid id and we can use
> ev_qualifier_ids.nr to maintain the valid system call numbers.

yeah, you're right, I'll address these issues in a followup patch,
tomorrow.

- Arnaldo
 
> 
> >  		}
> >  matches:
> >  		trace->ev_qualifier_ids.entries[i++] = id;
> > @@ -1591,15 +1593,14 @@ static int trace__validate_ev_qualifier(struct trace *trace)
> >  		}
> >  	}
> >  
> > -	if (err < 0) {
> > -		fputs("\nHint:\ttry 'perf list syscalls:sys_enter_*'"
> > -		      "\nHint:\tand: 'man syscalls'\n", trace->output);
> > -out_free:
> > -		zfree(&trace->ev_qualifier_ids.entries);
> > -		trace->ev_qualifier_ids.nr = 0;
> > -	}
> >  out:
> > +	if (printed_invalid_prefix)
> > +		pr_debug("\n");
> >  	return err;
> > +out_free:
> > +	zfree(&trace->ev_qualifier_ids.entries);
> > +	trace->ev_qualifier_ids.nr = 0;
> > +	goto out;
> 
> Nitpick: directly return err and 'goto out' is not necessary.
> 
> Thanks,
> Leo Yan
> 
> >  }
> >  
> >  /*

-- 

- Arnaldo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ