From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Wang Nan <wangnan0@huawei.com>
Subject: [PATCH 22/63] perf trace: Implement syscall filtering in augmented_syscalls
Date: Tue, 18 Dec 2018 19:06:52 -0300 [thread overview]
Message-ID: <20181218220733.15839-23-acme@kernel.org> (raw)
In-Reply-To: <20181218220733.15839-1-acme@kernel.org>
From: Arnaldo Carvalho de Melo <acme@redhat.com>
Just another map, this time an BPF_MAP_TYPE_ARRAY, stating with
one bool per syscall, stating if it should be filtered or not.
So, with a pre-built augmented_raw_syscalls.o file, we use:
# perf trace -e open*,augmented_raw_syscalls.o
0.000 ( 0.016 ms): DNS Res~er #37/29652 openat(dfd: CWD, filename: /etc/hosts, flags: CLOEXEC ) = 138
187.039 ( 0.048 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC ) = 11
187.348 ( 0.041 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC ) = 11
188.793 ( 0.036 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC ) = 11
189.803 ( 0.029 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC ) = 11
190.774 ( 0.027 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC ) = 11
284.620 ( 0.149 ms): DataStorage/3076 openat(dfd: CWD, filename: /home/acme/.mozilla/firefox/ina67tev.default/SiteSecurityServiceState.txt, flags: CREAT|TRUNC|WRONLY, mode: IRUGO|IWUSR|IWGRP) = 167
^C#
What is it that this gsd-housekeeping thingy needs to open
/proc/self/mountinfo four times periodically? :-)
This map will be extended to tell per-syscall parameters, i.e. how many
bytes to copy per arg, using the function signature to get the types and
then the size of those types, via BTF.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-cy222g9ucvnym3raqvxp0hpg@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/builtin-trace.c | 66 +++++++++++++++++++
.../examples/bpf/augmented_raw_syscalls.c | 26 +++++++-
2 files changed, 91 insertions(+), 1 deletion(-)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index f9eb5bc4fefb..de81918c7ad4 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -76,6 +76,7 @@ struct trace {
struct {
int max;
struct syscall *table;
+ struct bpf_map *map;
struct {
struct perf_evsel *sys_enter,
*sys_exit,
@@ -2578,8 +2579,64 @@ static int trace__set_ev_qualifier_tp_filter(struct trace *trace)
goto out;
}
+#ifdef HAVE_LIBBPF_SUPPORT
+static int trace__set_ev_qualifier_bpf_filter(struct trace *trace)
+{
+ int fd = bpf_map__fd(trace->syscalls.map);
+ bool value = !trace->not_ev_qualifier;
+ int err = 0;
+ size_t i;
+
+ for (i = 0; i < trace->ev_qualifier_ids.nr; ++i) {
+ int key = trace->ev_qualifier_ids.entries[i];
+
+ err = bpf_map_update_elem(fd, &key, &value, BPF_EXIST);
+ if (err)
+ break;
+ }
+
+ return err;
+}
+
+static int __trace__init_syscalls_bpf_map(struct trace *trace, bool enabled)
+{
+ int fd = bpf_map__fd(trace->syscalls.map);
+ int err = 0, key;
+
+ for (key = 0; key < trace->sctbl->syscalls.nr_entries; ++key) {
+ err = bpf_map_update_elem(fd, &key, &enabled, BPF_ANY);
+ if (err)
+ break;
+ }
+
+ return err;
+}
+
+static int trace__init_syscalls_bpf_map(struct trace *trace)
+{
+ bool enabled = true;
+
+ if (trace->ev_qualifier_ids.nr)
+ enabled = trace->not_ev_qualifier;
+
+ return __trace__init_syscalls_bpf_map(trace, enabled);
+}
+#else
+static int trace__set_ev_qualifier_bpf_filter(struct trace *trace __maybe_unused)
+{
+ return 0;
+}
+
+static int trace__init_syscalls_bpf_map(struct trace *trace __maybe_unused)
+{
+ return 0;
+}
+#endif // HAVE_LIBBPF_SUPPORT
+
static int trace__set_ev_qualifier_filter(struct trace *trace)
{
+ if (trace->syscalls.map)
+ return trace__set_ev_qualifier_bpf_filter(trace);
return trace__set_ev_qualifier_tp_filter(trace);
}
@@ -2822,6 +2879,9 @@ static int trace__run(struct trace *trace, int argc, const char **argv)
if (err < 0)
goto out_error_mem;
+ if (trace->syscalls.map)
+ trace__init_syscalls_bpf_map(trace);
+
if (trace->ev_qualifier_ids.nr > 0) {
err = trace__set_ev_qualifier_filter(trace);
if (err < 0)
@@ -3449,6 +3509,11 @@ static void trace__set_bpf_map_filtered_pids(struct trace *trace)
trace->filter_pids.map = bpf__find_map_by_name("pids_filtered");
}
+static void trace__set_bpf_map_syscalls(struct trace *trace)
+{
+ trace->syscalls.map = bpf__find_map_by_name("syscalls");
+}
+
int cmd_trace(int argc, const char **argv)
{
const char *trace_usage[] = {
@@ -3589,6 +3654,7 @@ int cmd_trace(int argc, const char **argv)
if (evsel) {
trace.syscalls.events.augmented = evsel;
trace__set_bpf_map_filtered_pids(&trace);
+ trace__set_bpf_map_syscalls(&trace);
}
err = bpf__setup_stdout(trace.evlist);
diff --git a/tools/perf/examples/bpf/augmented_raw_syscalls.c b/tools/perf/examples/bpf/augmented_raw_syscalls.c
index 74ce7574073d..bb3dcc4ec256 100644
--- a/tools/perf/examples/bpf/augmented_raw_syscalls.c
+++ b/tools/perf/examples/bpf/augmented_raw_syscalls.c
@@ -26,6 +26,13 @@ struct bpf_map SEC("maps") __augmented_syscalls__ = {
.max_entries = __NR_CPUS__,
};
+struct bpf_map SEC("maps") syscalls = {
+ .type = BPF_MAP_TYPE_ARRAY,
+ .key_size = sizeof(int),
+ .value_size = sizeof(bool),
+ .max_entries = 512,
+};
+
struct syscall_enter_args {
unsigned long long common_tp_fields;
long syscall_nr;
@@ -56,6 +63,7 @@ int sys_enter(struct syscall_enter_args *args)
struct syscall_enter_args args;
struct augmented_filename filename;
} augmented_args;
+ bool *enabled;
unsigned int len = sizeof(augmented_args);
const void *filename_arg = NULL;
@@ -63,6 +71,10 @@ int sys_enter(struct syscall_enter_args *args)
return 0;
probe_read(&augmented_args.args, sizeof(augmented_args.args), args);
+
+ enabled = bpf_map_lookup_elem(&syscalls, &augmented_args.args.syscall_nr);
+ if (enabled == NULL || !*enabled)
+ return 0;
/*
* Yonghong and Edward Cree sayz:
*
@@ -131,7 +143,19 @@ int sys_enter(struct syscall_enter_args *args)
SEC("raw_syscalls:sys_exit")
int sys_exit(struct syscall_exit_args *args)
{
- return !pid_filter__has(&pids_filtered, getpid());
+ struct syscall_exit_args exit_args;
+ bool *enabled;
+
+ if (pid_filter__has(&pids_filtered, getpid()))
+ return 0;
+
+ probe_read(&exit_args, sizeof(exit_args), args);
+
+ enabled = bpf_map_lookup_elem(&syscalls, &exit_args.syscall_nr);
+ if (enabled == NULL || !*enabled)
+ return 0;
+
+ return 1;
}
license(GPL);
--
2.19.2
next prev parent reply other threads:[~2018-12-18 22:09 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-18 22:06 [GIT PULL 00/63] perf/core improvements and fixes Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 01/63] perf dso: Export data_file_size() method there are no symbols Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 02/63] perf auxtrace: Alter addr_filter__entire_dso() to work if " Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 03/63] perf tests: Use shebangs in the shell scripts Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 04/63] perf stat: Avoid segfaults caused by negated options Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 05/63] tools lib traceevent: Fix processing of dereferenced args in bprintk events Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 06/63] perf trace: Rename delivery functions to ease making ordered_events selectable Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 07/63] perf trace: Allow selecting use the use of the ordered_events code Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 08/63] perf trace beauty: Beautify renameat2's fd arg wrt AT_FDCWD Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 09/63] perf beauty: Add a string table generator for renameat2's flags constants Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 10/63] perf beauty: Wire up the renameat flags table generator to the Makefile Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 11/63] perf trace: Beautify renameat2's flags argument Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 12/63] perf trace beauty: renameat's newdirfd may also be AT_FDCWD Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 13/63] tools lib subcmd: Don't add the kernel sources to the include path Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 14/63] perf tools: Add missing sigqueue() prototype for systems lacking it Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 15/63] perf header: Fix up argument to ctime() Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 16/63] perf tools: Add missing open_memstream() prototype for systems lacking it Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 17/63] perf tools: Cast off_t to s64 to avoid warning on bionic libc Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 18/63] tools lib traceevent: Use LDFLAGS in the build commands Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 19/63] perf tools: Link libperf-jvmti.so with LDFLAGS variable Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 20/63] perf trace: Rename set_ev_qualifier_filter to clarify its a tracepoint filter Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 21/63] perf trace: Avoid using raw_syscalls in duplicity with eBPF augmentation Arnaldo Carvalho de Melo
2018-12-18 22:06 ` Arnaldo Carvalho de Melo [this message]
2018-12-18 22:06 ` [PATCH 23/63] perf bpf: Move perf_event_output() from stdio.h to bpf.h Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 24/63] perf augmented_syscalls: Switch to using a struct for the syscalls map values Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 25/63] perf trace: Switch to using a struct for the aumented_raw_syscalls " Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 26/63] perf cs-etm: Correct packets swapping in cs_etm__flush() Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 27/63] perf cs-etm: Avoid stale branch samples when flush packet Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 28/63] perf cs-etm: Remove unused 'trace_on' in cs_etm_decoder Arnaldo Carvalho de Melo
2018-12-18 22:06 ` [PATCH 29/63] perf cs-etm: Refactor enumeration cs_etm_sample_type Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 30/63] perf cs-etm: Rename CS_ETM_TRACE_ON to CS_ETM_DISCONTINUITY Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 31/63] perf cs-etm: Treat NO_SYNC element as trace discontinuity Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 32/63] perf cs-etm: Treat EO_TRACE " Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 33/63] perf cs-etm: Generate branch sample for exception packet Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 34/63] perf augmented_raw_syscalls: Do not include stdio.h Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 35/63] perf trace: Allow specifying a set of events to add in perfconfig Arnaldo Carvalho de Melo
2018-12-19 8:40 ` Namhyung Kim
2018-12-19 12:50 ` Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 36/63] perf trace: Allow configuring if zeroed syscall args should be printed Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 37/63] perf trace: Allow configuring if the syscall duration " Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 38/63] perf config: Show the configuration when no arguments are provided Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 39/63] perf trace: Allow configuring default for perf_event_attr.inherit Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 40/63] perf trace: Allow configuring if the syscall start timestamp should be printed Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 41/63] perf trace: Allow suppressing the syscall argument names Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 42/63] perf trace: Make the alignment of the syscall args be configurable Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 43/63] perf trace: Enclose strings with double quotes Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 44/63] perf trace: Add a prefix member to the strarray class Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 45/63] perf trace: Allow asking for not suppressing common string prefixes Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 46/63] perf trace beauty: Print O_RDONLY when (flags & O_ACCMODE) == 0 Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 47/63] perf trace: Add alignment spaces after the closing parens Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 48/63] perf augmented_raw_syscalls: Copy 'access' arg as well Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 49/63] perf trace: Enclose the errno strings with () Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 50/63] perf trace: Show NULL when syscall pointer args are 0 Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 51/63] tools include arch: Grab a copy of x86's prctl.h Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 52/63] perf beauty: Add a string table generator for x86's 'arch_prctl' codes Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 53/63] perf beauty: Wire up the x86_arch prctl code table generator Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 54/63] perf trace: Move strarrays to beauty.h for further reuse Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 55/63] perf trace: When showing string prefixes show prefix + ??? for unknown entries Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 56/63] perf trace beauty: Beautify arch_prctl()'s arguments Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 57/63] perf beauty mmap: Print PROT_READ before PROT_EXEC to match strace output Arnaldo Carvalho de Melo
2018-12-19 9:15 ` Namhyung Kim
2018-12-19 13:10 ` Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 58/63] perf beauty mmap: Print mmap's 'offset' arg in hexadecimal Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 59/63] tools headers uapi: Grab a copy of fadvise.h Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 60/63] perf beauty: Add generator for fadvise64's 'advice' arg constants Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 61/63] perf trace: Wire up the fadvise 'advice' table generator Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 62/63] perf symbols: Relax checks on perf-PID.map ownership Arnaldo Carvalho de Melo
2018-12-18 22:07 ` [PATCH 63/63] tools uapi asm: Update asm-generic/unistd.h copy Arnaldo Carvalho de Melo
2018-12-20 17:53 ` [GIT PULL 00/63] perf/core improvements and fixes Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181218220733.15839-23-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=adrian.hunter@intel.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=wangnan0@huawei.com \
--cc=williams@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).