lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190613181514.GC1402@kernel.org>
Date:   Thu, 13 Jun 2019 15:15:14 -0300
From:   Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
To:     Leo Yan <leo.yan@...aro.org>
Cc:     Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Namhyung Kim <namhyung@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        Mike Leach <mike.leach@...aro.org>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [PATCH v2 3/4] perf augmented_raw_syscalls: Support arm64 raw
 syscalls

Em Tue, Jun 11, 2019 at 11:49:17PM -0300, Arnaldo Carvalho de Melo escreveu:
> Em Tue, Jun 11, 2019 at 12:18:31PM +0800, Leo Yan escreveu:
> > On Mon, Jun 10, 2019 at 03:47:54PM -0300, Arnaldo Carvalho de Melo wrote:
> > 
> > [...]
> > 
> > > > > I tested with the lastest perf/core branch which contains the patch:
> > > > > 'perf augmented_raw_syscalls: Tell which args are filenames and how
> > > > > many bytes to copy' and got the error as below:
> > > > > 
> > > > > # perf trace -e string -e /mnt/linux-kernel/linux-cs-dev/tools/perf/examples/bpf/augmented_raw_syscalls.c
> > > > > Error:  Invalid syscall access, chmod, chown, creat, futimesat, lchown, link, lstat, mkdir, mknod, newfstatat, open, readlink, rename,
> > > > > rmdir, stat, statfs, symlink, truncate, unlink
> > > 
> > > Humm, I think that we can just make the code that parses the
> > > tools/perf/trace/strace/groups/string file to ignore syscalls it can't
> > > find in the syscall_tbl, i.e. trace those if they exist in the arch.
> > 
> > Agree.
> > 
> > > > > Hint:   try 'perf list syscalls:sys_enter_*'
> > > > > Hint:   and: 'man syscalls'
> > > > > 
> > > > > So seems mksyscalltbl has not included completely for syscalls, I
> > > > > use below command to generate syscalltbl_arm64[] array and it don't
> > > > > include related entries for access, chmod, chown, etc ...
> > > 
> > > So, we need to investigate why is that these are missing, good thing we
> > > have this 'strings' group :-)
> > > 
> > > > > You could refer the generated syscalltbl_arm64 in:
> > > > > http://paste.ubuntu.com/p/8Bj7Jkm2mP/
> > > > 
> > > > After digging into this issue on Arm64, below is summary info:
> > > > 
> > > > - arm64 uses the header include/uapi/linux/unistd.h to define system
> > > >   call numbers, in this header some system calls are not defined (I
> > > >   think the reason is these system calls are obsolete at the end) so the
> > > >   corresponding strings are missed in the array syscalltbl_native,
> > > >   for arm64 the array is defined in the file:
> > > >   tools/perf/arch/arm64/include/generated/asm/syscalls.c.
> > > 
> > > Yeah, I looked at the 'access' case and indeed it is not present in
> > > include/uapi/asm-generic/unistd.h, which is the place
> > > include/uapi/linux/unistd.h ends up.
> > > 
> > > Ok please take a look at the patch at the end of this message, should be ok?
> > > 
> > > I tested it by changing the strace/gorups/string file to have a few
> > > unknown syscalls, running it with -v we see:
> > > 
> > > [root@...co perf]# perf trace -v -e string ls
> > > Skipping unknown syscalls: access99, acct99, add_key99
> > > <SNIP other verbose messages>
> > > normal operation not considering those unknown syscalls.
> > 
> > I did testing with the patch, but it failed after I added eBPF event
> > with below command, I even saw segmentation fault; please see below
> > inline comments.
> > 
> >   perf --debug verbose=10 trace -e string -e \
> >     /mnt/linux-kernel/linux-cs-dev/tools/perf/examples/bpf/augmented_raw_syscalls.c
> > 
> > [...]
> > 
> > > commit e0b34a78c4ed0a6422f5b2dafa0c8936e537ee41
> > > Author: Arnaldo Carvalho de Melo <acme@...hat.com>
> > > Date:   Mon Jun 10 15:37:45 2019 -0300
> > > 
> > >     perf trace: Skip unknown syscalls when expanding strace like syscall groups
> > >     
> > >     We have $INSTALL_DIR/share/perf-core/strace/groups/string files with
> > >     syscalls that should be selected when 'string' is used, meaning, in this
> > >     case, syscalls that receive as one of its arguments a string, like a
> > >     pathname.
> > >     
> > >     But those were first selected and tested on x86_64, and end up failing
> > >     in architectures where some of those syscalls are not available, like
> > >     the 'access' syscall on arm64, which makes using 'perf trace -e string'
> > >     in such archs to fail.
> > >     
> > >     Since this the routine doing the validation is used only when reading
> > >     such files, do not fail when some syscall is not found in the
> > >     syscalltbl, instead just use pr_debug() to register that in case people
> > >     are suspicious of problems.
> > >     
> > >     Now using 'perf trace -e string' should work on arm64, selecting only
> > >     the syscalls that have a string and are available on that architecture.
> > >     
> > >     Reported-by: Leo Yan <leo.yan@...aro.org>
> > >     Cc: Adrian Hunter <adrian.hunter@...el.com>
> > >     Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> > >     Cc: Alexei Starovoitov <ast@...nel.org>
> > >     Cc: Daniel Borkmann <daniel@...earbox.net>
> > >     Cc: Jiri Olsa <jolsa@...hat.com>
> > >     Cc: Martin KaFai Lau <kafai@...com>
> > >     Cc: Mathieu Poirier <mathieu.poirier@...aro.org>
> > >     Cc: Mike Leach <mike.leach@...aro.org>
> > >     Cc: Namhyung Kim <namhyung@...nel.org>
> > >     Cc: Song Liu <songliubraving@...com>
> > >     Cc: Suzuki K Poulose <suzuki.poulose@....com>
> > >     Cc: Yonghong Song <yhs@...com>
> > >     Link: https://lkml.kernel.org/n/tip-oa4c2x8p3587jme0g89fyg18@git.kernel.org
> > >     Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
> > > 
> > > diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
> > > index 1a2a605cf068..eb70a4b71755 100644
> > > --- a/tools/perf/builtin-trace.c
> > > +++ b/tools/perf/builtin-trace.c
> > > @@ -1529,6 +1529,7 @@ static int trace__read_syscall_info(struct trace *trace, int id)
> > >  static int trace__validate_ev_qualifier(struct trace *trace)
> > >  {
> > >  	int err = 0, i;
> > > +	bool printed_invalid_prefix = false;
> > >  	size_t nr_allocated;
> > >  	struct str_node *pos;
> > >  
> > > @@ -1555,14 +1556,15 @@ static int trace__validate_ev_qualifier(struct trace *trace)
> > >  			if (id >= 0)
> > >  				goto matches;
> > >  
> > > -			if (err == 0) {
> > > -				fputs("Error:\tInvalid syscall ", trace->output);
> > > -				err = -EINVAL;
> > > +			if (!printed_invalid_prefix) {
> > > +				pr_debug("Skipping unknown syscalls: ");
> > > +				printed_invalid_prefix = true;
> > >  			} else {
> > > -				fputs(", ", trace->output);
> > > +				pr_debug(", ");
> > >  			}
> > >  
> > > -			fputs(sc, trace->output);
> > > +			pr_debug("%s", sc);
> > > +			continue;
> > 
> > Here adds 'continue' so that we want to let ev_qualifier_ids.entries
> > to only store valid system call ids.  But this is not sufficient,
> > because we have initialized ev_qualifier_ids.nr at the beginning of
> > the function:
> > 
> >   trace->ev_qualifier_ids.nr = strlist__nr_entries(trace->ev_qualifier);
> > This sentence will set ids number to the string table's length; but
> > actually some strings are not really supported; this leads to some
> > items in trace->ev_qualifier_ids.entries[] will be not initialized
> > properly.
> > 
> > If we want to get neat entries and entry number, I suggest at the
> > beginning of the function we use variable 'nr_allocated' to store
> > string table length and use it to allocate entries:
> > 
> >   nr_allocated = strlist__nr_entries(trace->ev_qualifier);
> >   trace->ev_qualifier_ids.entries = malloc(nr_allocated *
> >                                            sizeof(trace->ev_qualifier_ids.entries[0]));
> > 
> > If we find any matched string, then increment the nr field under
> > 'matches' tag:
> > 
> > matches:
> >                 trace->ev_qualifier_ids.nr++;
> >                 trace->ev_qualifier_ids.entries[i++] = id;
> > 
> > This can ensure the entries[0..nr-1] has valid id and we can use
> > ev_qualifier_ids.nr to maintain the valid system call numbers.
> 
> yeah, you're right, I'll address these issues in a followup patch,
> tomorrow.

This is equivalent and I think the smallest patch, I'll add one on top
doing what you suggested about nr_allocated getting the
strlist__nr_entries() and also will rename i to nr_used to contrast with
nr_allocated, and then at the end set ev_qualifier_ids.nr to nr_used.

- Arnaldo

diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index eb70a4b71755..bd1f00e7a2eb 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -1528,9 +1528,9 @@ static int trace__read_syscall_info(struct trace *trace, int id)
 
 static int trace__validate_ev_qualifier(struct trace *trace)
 {
-	int err = 0, i;
+	int err = 0;
 	bool printed_invalid_prefix = false;
-	size_t nr_allocated;
+	size_t nr_allocated, i;
 	struct str_node *pos;
 
 	trace->ev_qualifier_ids.nr = strlist__nr_entries(trace->ev_qualifier);
@@ -1575,7 +1575,7 @@ static int trace__validate_ev_qualifier(struct trace *trace)
 			id = syscalltbl__strglobmatch_next(trace->sctbl, sc, &match_next);
 			if (id < 0)
 				break;
-			if (nr_allocated == trace->ev_qualifier_ids.nr) {
+			if (nr_allocated == i) {
 				void *entries;
 
 				nr_allocated += 8;
@@ -1588,11 +1588,11 @@ static int trace__validate_ev_qualifier(struct trace *trace)
 				}
 				trace->ev_qualifier_ids.entries = entries;
 			}
-			trace->ev_qualifier_ids.nr++;
 			trace->ev_qualifier_ids.entries[i++] = id;
 		}
 	}
 
+	trace->ev_qualifier_ids.nr = i;
 out:
 	if (printed_invalid_prefix)
 		pr_debug("\n");

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ