Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1143011pxb;
        Thu, 4 Mar 2021 04:35:47 -0800 (PST)
X-Google-Smtp-Source: ABdhPJylsX8kEibiMLutyq67YWwxIy8buJXxe5miovFwo5W1MHuD0ent0k0Jc/pK+cXCrVWugsiV
X-Received: by 2002:a05:6402:510f:: with SMTP id m15mr4169920edd.78.1614861347748;
        Thu, 04 Mar 2021 04:35:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614861347; cv=none;
        d=google.com; s=arc-20160816;
        b=SMNqC6iBev1N1f1HJ9vWdBDsiTGDdQVsVdwrugdAZ2Non3btMvuJ4kq6ge48qkMoqu
         WziUXFCcSXyFWJ0PduakZhTw30eT3yMYBhHzFTRP9Zl1/WGozB5ExPxv5jc6OAjR2vyg
         kQuqrm22uFqvmdYW3rO/AzxPfa/HqTUcE5R38qLmpIZuzOmOHjVqk7mK9rHgy8EU0l/r
         DM5SG1GCDeReQe95lAFzlrAsdPaNRHnJfCczprIiEz/hU/6x3pJhAV0PLWKdF3oFEnKB
         YIUjviGAByR9Wbtc9H26xzMAPuTqvvIggpBh9i8mfM6nWc/fEKUiDt5AJcebQJiMt86b
         KgpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:in-reply-to:cc:references:message-id:date
         :subject:mime-version:from:content-transfer-encoding:dkim-signature;
        bh=k4jBZrFbV5z5C+8VpzHIjWbEzvPUkgb89xssp4fGpJY=;
        b=C0u8tun64f1Y3M9feMK4wfxfiRg47Te9zQ6ZpJOPDrpUoLeRC2NxTJ424O2hIFxY2J
         az3dEMpf8431qjb3r7rxnRJRQhI+DwiQrk/+b4cAauTu/k8WXZf6TbzFWg8spZPJ9dHh
         bfgz3c24XJniTvEzjZUlK8h48qyxuOW4zUj4itRpJSMGIST3BZOSI7pzN41axSjvmqup
         CET2UuVF4ZaPOLi/Z7iyYUCZbYZuCg6pwJskA1RB+gxuFv2tVGY4ky3iTYf9LT0JhBQw
         K5pwP8UTL1M6gGwKZQvYzCSzuCBR4ZERk0o1v2GxcPDPeAA2KLlUoWI90h8InPJteZo5
         HxTA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="r9/TcZaL";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d12si14195413edx.162.2021.03.04.04.35.25;
        Thu, 04 Mar 2021 04:35:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b="r9/TcZaL";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1387726AbhCCTdO (ORCPT <rfc822;luxiaolong211@gmail.com>
        + 99 others); Wed, 3 Mar 2021 14:33:14 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39652 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1387042AbhCCTPS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Mar 2021 14:15:18 -0500
Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE4B8C06175F
        for <linux-kernel@vger.kernel.org>; Wed,  3 Mar 2021 11:14:38 -0800 (PST)
Received: by mail-pj1-x102c.google.com with SMTP id e9so4986066pjj.0
        for <linux-kernel@vger.kernel.org>; Wed, 03 Mar 2021 11:14:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=k4jBZrFbV5z5C+8VpzHIjWbEzvPUkgb89xssp4fGpJY=;
        b=r9/TcZaLLPtkrbWxQm5ZqCCvdnLL138WIXcHAkp4uJ44kSq892Nde99fe0Z9wuh6Fq
         QHDhi2UmvACYcjTgvWzBojSyGD8q9nJeeRGBRN4gQehgj/Cmhwvf3iAheplKRy22l3Au
         KpMFDOCeTxHej/CuwOS4kPtTif/ztYOORF/jb+5VptwODSNQUn59I6jduHXX4yPxZhVP
         2ulz4KcYSFe0Wjolb9sIX30psLeoprlxFBs9lFp+ElysN3/0QIkln+jRWVZYAWtTBUXK
         7UL7KhqWdiFx//r4rG6Ip75S5C6KQzMBYWFm6Z8nufWvT63zH1MoSTdIujV2+idqb7Es
         MEJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=k4jBZrFbV5z5C+8VpzHIjWbEzvPUkgb89xssp4fGpJY=;
        b=rt4OfHe2nNmDLYQpv9W+XS8ikME8MWj6AVEZIuzur4P78buPAgRcSc7zNBujPSYCfS
         MlIFTKGocitYEslTEd68D1w12WEwy39OQs4Jp+LKcvBfyoVlB8bm9INQWONLKRVg8tsX
         nzDItwSuc3Ajo2Ppme7hi4iMClNYjDOR5iDdChUhq97b+rSQ//rTJTVnfhpcGcWszAsc
         /HRJ8vmyilDyILBo7yJaGe9xysj7LYmv37ygECIJ0HtSELjknT7CHWQgkZSF0cJzweJk
         EbbO/kDZtNuEdLZTUH3D4VlQwAJ3gJ9bvl1bRIEZR1sxd6CXsyS6lFrcLFGrAQ9yyf6U
         FF4w==
X-Gm-Message-State: AOAM533MmeptuHW8xDHskxqs+dt8wCr1Dh/N3cdJod+VL+zay3q20wlP
        0KhpypU0QuluUaUjme7JepLA5Q==
X-Received: by 2002:a17:902:b089:b029:e3:28:b8ee with SMTP id p9-20020a170902b089b02900e30028b8eemr615480plr.84.1614798878128;
        Wed, 03 Mar 2021 11:14:38 -0800 (PST)
Received: from ?IPv6:2601:646:c200:1ef2:d817:cd13:9030:8391? ([2601:646:c200:1ef2:d817:cd13:9030:8391])
        by smtp.gmail.com with ESMTPSA id k5sm7076673pjl.50.2021.03.03.11.14.37
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 03 Mar 2021 11:14:37 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Andy Lutomirski <luto@amacapital.net>
Mime-Version: 1.0 (1.0)
Subject: Re: Why do kprobes and uprobes singlestep?
Date:   Wed, 3 Mar 2021 11:14:36 -0800
Message-Id: <39348848-C213-4739-B002-5BFACDA981C1@amacapital.net>
References: <20210303181111.th5ukrfzrmyuvk5x@maharaja.localdomain>
Cc:     Alexei Starovoitov <alexei.starovoitov@gmail.com>,
        Andy Lutomirski <luto@kernel.org>, bpf <bpf@vger.kernel.org>,
        Oleg Nesterov <oleg@redhat.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
        "David S. Miller" <davem@davemloft.net>, X86 ML <x86@kernel.org>,
        Andrew Cooper <andrew.cooper3@citrix.com>
In-Reply-To: <20210303181111.th5ukrfzrmyuvk5x@maharaja.localdomain>
To:     Daniel Xu <dxu@dxuuu.xyz>
X-Mailer: iPhone Mail (18D52)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


> On Mar 3, 2021, at 10:11 AM, Daniel Xu <dxu@dxuuu.xyz> wrote:
>=20
> =EF=BB=BFOn Tue, Mar 02, 2021 at 06:18:23PM -0800, Alexei Starovoitov wrot=
e:
>>> On Tue, Mar 2, 2021 at 5:46 PM Andy Lutomirski <luto@amacapital.net> wro=
te:
>>>=20
>>>=20
>>>> On Mar 2, 2021, at 5:22 PM, Alexei Starovoitov <alexei.starovoitov@gmai=
l.com> wrote:
>>>>=20
>>>> =EF=BB=BFOn Tue, Mar 2, 2021 at 1:02 PM Andy Lutomirski <luto@amacapita=
l.net> wrote:
>>>>>=20
>>>>>=20
>>>>>>> On Mar 2, 2021, at 12:24 PM, Alexei Starovoitov <alexei.starovoitov@=
gmail.com> wrote:
>>>>>>=20
>>>>>> =EF=BB=BFOn Tue, Mar 2, 2021 at 10:38 AM Andy Lutomirski <luto@kernel=
.org> wrote:
>>>>>>>=20
>>>>>>> Is there something like a uprobe test suite?  How maintained /
>>>>>>> actively used is uprobe?
>>>>>>=20
>>>>>> uprobe+bpf is heavily used in production.
>>>>>> selftests/bpf has only one test for it though.
>>>>>>=20
>>>>>> Why are you asking?
>>>>>=20
>>>>> Because the integration with the x86 entry code is a mess, and I want t=
o know whether to mark it BROKEN or how to make sure the any cleanups actual=
ly work.
>>>>=20
>>>> Any test case to repro the issue you found?
>>>> Is it a bug or just messy code?
>>>=20
>>> Just messy code.
>>>=20
>>>> Nowadays a good chunk of popular applications (python, mysql, etc) has
>>>> USDTs in them.
>>>> Issues reported with bcc:
>>>> https://github.com/iovisor/bcc/issues?q=3Dis%3Aissue+USDT
>>>> Similar thing with bpftrace.
>>>> Both standard USDT and semaphore based are used in the wild.
>>>> uprobe for containers has been a long standing feature request.
>>>> If you can improve uprobe performance that would be awesome.
>>>> That's another thing that people report often. We optimized it a bit.
>>>> More can be done.
>>>=20
>>>=20
>>> Wait... USDT is much easier to implement well.  Are we talking just USDT=
 or are we talking about general uprobes in which almost any instruction can=
 get probed?  If the only users that care about uprobes are doing USDT, we c=
ould vastly simplify the implementation and probably make it faster, too.
>>=20
>> USDTs are driving the majority of uprobe usage.
>=20
> I'd say 50/50 in my experience. Larger userspace applications using bpf
> for production monitoring tend to use USDT for stability and ABI reasons
> (hard for bpf to read C++ classes). Bare uprobes (ie not USDT) are used
> quite often for ad-hoc production debugging.
>=20
>> If they can get faster it will increase their adoption even more.
>> There are certainly cases of normal uprobes.
>> They are at the start of the function 99% of the time.
>> Like the following:
>> "uprobe:/lib64/libc.so:malloc(u64 size):size:size,_ret",
>> "uprobe:/lib64/libc.so:free(void *ptr)::ptr",
>> is common despite its overhead.
>>=20
>> Here is the most interesting and practical usage of uprobes:
>> https://github.com/iovisor/bcc/blob/master/tools/sslsniff.py
>> and the manpage for the tool:
>> https://github.com/iovisor/bcc/blob/master/tools/sslsniff_example.txt
>>=20
>> uprobe in the middle of the function is very rare.
>> If the kernel starts rejecting uprobes on some weird instructions
>> I suspect no one will complain.
>=20
> I think it would be great if the kernel could reject mid-instruction
> uprobes. Unlike with kprobes, you can place uprobes on immediate
> operands which can cause silent data corruption. See
> https://github.com/iovisor/bpftrace/pull/803#issuecomment-507693933
> for a funny example.

This can=E2=80=99t be done in general on x86. One cannot look at code and fi=
nd the instruction boundaries.

>=20
> To prevent accidental (and silent) data corruption, bpftrace uses a
> disassembler to ensure uprobes are placed on instruction boundaries.
>=20
> <...>
>=20
> Daniel