Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp67027imm; Wed, 5 Sep 2018 15:06:54 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYOKeP+P25o8bb++t0x/kLRPAnzlXdmZsz0+MmuFZl10e5QSr/ZAP8ffFncL3Wjj7pEMjg4 X-Received: by 2002:a62:2983:: with SMTP id p125-v6mr42594255pfp.128.1536185214172; Wed, 05 Sep 2018 15:06:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536185214; cv=none; d=google.com; s=arc-20160816; b=QxMgTJ5XXkUOwysdjXEF4u7KKh/ASJxIlDr3nPf1Y8tXkhoLAkph6SEhENf7XFwsku 9z5xilRa2XyuqGilEm9qpdj4lW29JddCw5mmiwX/ioBuBDKmC4xXSd77HQ3RfXOcaA0N wbEQowc/YfSMhCJF+cgrz8h03NAG5wBrgmTT2P06C7uasStRx/PWk12EqAMtM3i4iSlx 2xzUpQlUXGyd9pcRLLJ26x1BY4kv3W4LZXx0iF83cSMoM+zm09IRicxxtec33QxD9DBi urixxv51nBOuM0cbfA/Rk+QewuQk1nNmPO/WKv6Lak40K07aTFRh4ceDL0r6ihLiEOg1 Bxig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=x8dVM5yJ/1DVIkPNznUkQNEmCJKescPnMmFfDqw4CyI=; b=q9Twr7K/cZ+g6O5PHSmkNuRBP7vbWjHdy04ukQfinAcOAy/vxlMFtVEKrpbk4Aql4l LUCoJjuyjfoQjKtKiSiiPO+QEnmuGR1D0XmJHpKRxMjuqEllGtnqpGCE5+MLNI/ZaVu2 0C06NSOFgAwuGw1AHKTrJ9uAJ8Z//i37l5+SCH0ylmy2KLiz7IzkCi/ivE5a1+dTGLZT vQJYkTDU9fLYVaCBX52hQsGtwQ/OMr8K5a3aW5XCddNyi5FL/Di5j+Wfwb1qv4L9pyLw 3ztxhuxWpNZjSbqXcgoB27wHMBdKOkhxylD9qRFJu1mwRaVfJh3+uouzpPOKXsfRc020 XQ2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=g+38eGLU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b8-v6si3158201ple.171.2018.09.05.15.06.37; Wed, 05 Sep 2018 15:06:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=g+38eGLU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728009AbeIFChV (ORCPT + 99 others); Wed, 5 Sep 2018 22:37:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:51350 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727518AbeIFChV (ORCPT ); Wed, 5 Sep 2018 22:37:21 -0400 Received: from jouet.infradead.org (unknown [179.97.41.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DCE362077C; Wed, 5 Sep 2018 22:05:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1536185109; bh=Cwj4o0jlskgS0zOq99X4ZHQnzt+458ZrD7veSFwKXjs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g+38eGLUGQWMaWZPkoL/hw5OhQPrQv1WitZeZYphQRbDRIx8SHzC3Lz1nsN+PTl6+ i9c6PnP5hPcQtwpWFHmfaiuV6QRtVgKoNm0DMOyuJDx5FFsP7KrLtJCBEoYrbpM5gi j1XwvTPKEKnOK+n5/aMYZpU1FQUbkoED2c7umWbM= From: Arnaldo Carvalho de Melo To: Ingo Molnar Cc: Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Arnaldo Carvalho de Melo , Adrian Hunter , David Ahern , Jiri Olsa , Namhyung Kim , Wang Nan Subject: [PATCH 06/77] perf trace: Use the augmented filename, expanding syscall enter pointers Date: Wed, 5 Sep 2018 19:03:29 -0300 Message-Id: <20180905220440.20256-7-acme@kernel.org> X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180905220440.20256-1-acme@kernel.org> References: <20180905220440.20256-1-acme@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnaldo Carvalho de Melo This is the final touch in showing how a syscall argument beautifier can access the augmented args put in place by the tools/perf/examples/bpf/augmented_syscalls.c eBPF script, right after the regular raw syscall args, i.e. the up to 6 long integer values in the syscall interface. With this we are able to show the 'openat' syscall arg, now with up to 64 bytes, but in time this will be configurable, just like with the 'strace -s strsize' argument, from 'strace''s man page: -s strsize Specify the maximum string size to print (the default is 32). This actually is the maximum string to _collect_ and store in the ring buffer, not just print. Before: # perf trace -e tools/perf/examples/bpf/augmented_syscalls.c,openat cat /etc/passwd > /dev/null 0.000 ( ): cat/9658 openat(dfd: CWD, filename: 0x6626eda8, flags: CLOEXEC) 0.017 ( 0.007 ms): cat/9658 openat(dfd: CWD, filename: 0x6626eda8, flags: CLOEXEC) = 3 0.049 ( ): cat/9658 openat(dfd: CWD, filename: 0x66476ce0, flags: CLOEXEC) 0.051 ( 0.007 ms): cat/9658 openat(dfd: CWD, filename: 0x66476ce0, flags: CLOEXEC) = 3 0.377 ( ): cat/9658 openat(dfd: CWD, filename: 0x1e8f806b) 0.379 ( 0.005 ms): cat/9658 openat(dfd: CWD, filename: 0x1e8f806b) = 3 # After: # perf trace -e tools/perf/examples/bpf/augmented_syscalls.c,openat cat /etc/passwd > /dev/null 0.000 ( ): cat/11966 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC) 0.006 ( 0.006 ms): cat/11966 openat(dfd: CWD, filename: 0x4bfdcda8, flags: CLOEXEC) = 3 0.034 ( ): cat/11966 openat(dfd: CWD, filename: /lib64/libc.so.6, flags: CLOEXEC) 0.036 ( 0.008 ms): cat/11966 openat(dfd: CWD, filename: 0x4c1e4ce0, flags: CLOEXEC) = 3 0.375 ( ): cat/11966 openat(dfd: CWD, filename: /etc/passwd) 0.377 ( 0.005 ms): cat/11966 openat(dfd: CWD, filename: 0xe87906b) = 3 # This cset should show all the aspects of establishing a protocol between an eBPF syscall arg augmenter program, tools/perf/examples/bpf/augmented_syscalls.c and a 'perf trace' beautifier, the one associated with all 'char *' point syscall args with names that can heuristically be associated with filenames. Now to wire up 'open' to show a second syscall using this scheme, all we have to do now is to change tools/perf/examples/bpf/augmented_syscalls.c, as 'perf trace' will notice that the perf_sample.raw_size is more than what is expected for a particular syscall payload as defined by its tracefs format file and will then use the augmented payload in the 'filename' syscall arg beautifier. The same protocol will be used for structs such as 'struct sockaddr *', 'struct pollfd', etc, with additions for handling arrays. This will all be done under the hood when 'perf trace' realizes the system has the necessary components, and also can be done by providing a precompiled augmented_syscalls.c eBPF ELF object. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-gj9kqb61wo7m3shtpzercbcr@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/builtin-trace.c | 10 ++++++++++ tools/perf/examples/bpf/augmented_syscalls.c | 17 +++++++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c index e46ac9009172..5d841114a745 100644 --- a/tools/perf/builtin-trace.c +++ b/tools/perf/builtin-trace.c @@ -1097,11 +1097,21 @@ static void thread__set_filename_pos(struct thread *thread, const char *bf, ttrace->filename.entry_str_pos = bf - ttrace->entry_str; } +static size_t syscall_arg__scnprintf_augmented_string(struct syscall_arg *arg, char *bf, size_t size) +{ + struct augmented_arg *augmented_arg = arg->augmented.args; + + return scnprintf(bf, size, "%.*s", augmented_arg->size, augmented_arg->value); +} + static size_t syscall_arg__scnprintf_filename(char *bf, size_t size, struct syscall_arg *arg) { unsigned long ptr = arg->val; + if (arg->augmented.args) + return syscall_arg__scnprintf_augmented_string(arg, bf, size); + if (!arg->trace->vfs_getname) return scnprintf(bf, size, "%#x", ptr); diff --git a/tools/perf/examples/bpf/augmented_syscalls.c b/tools/perf/examples/bpf/augmented_syscalls.c index 10e7997ab481..93960e891478 100644 --- a/tools/perf/examples/bpf/augmented_syscalls.c +++ b/tools/perf/examples/bpf/augmented_syscalls.c @@ -27,6 +27,12 @@ struct bpf_map SEC("maps") __augmented_syscalls__ = { .max_entries = __NR_CPUS__, }; +struct augmented_filename { + int size; + int reserved; + char value[256]; +}; + struct syscall_enter_openat_args { unsigned long long common_tp_fields; long syscall_nr; @@ -38,17 +44,20 @@ struct syscall_enter_openat_args { struct augmented_enter_openat_args { struct syscall_enter_openat_args args; - char filename[64]; + struct augmented_filename filename; }; int syscall_enter(openat)(struct syscall_enter_openat_args *args) { - struct augmented_enter_openat_args augmented_args; + struct augmented_enter_openat_args augmented_args = { .filename.reserved = 0, }; probe_read(&augmented_args.args, sizeof(augmented_args.args), args); - probe_read_str(&augmented_args.filename, sizeof(augmented_args.filename), args->filename_ptr); + augmented_args.filename.size = probe_read_str(&augmented_args.filename.value, + sizeof(augmented_args.filename.value), + args->filename_ptr); perf_event_output(args, &__augmented_syscalls__, BPF_F_CURRENT_CPU, - &augmented_args, sizeof(augmented_args)); + &augmented_args, + sizeof(augmented_args) - sizeof(augmented_args.filename.value) + augmented_args.filename.size); return 0; } -- 2.14.4