Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3094671rwb;
        Fri, 11 Nov 2022 22:08:22 -0800 (PST)
X-Google-Smtp-Source: AA0mqf53vKsk8VpvfJ1Xbpa3+VePXdeNAk234eGXNYYmFmOKUqyBDJrXhozINoEEtXA79pof78nd
X-Received: by 2002:a63:1601:0:b0:470:399:c953 with SMTP id w1-20020a631601000000b004700399c953mr4322203pgl.263.1668233301982;
        Fri, 11 Nov 2022 22:08:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668233301; cv=none;
        d=google.com; s=arc-20160816;
        b=YgvPHFDpspVceRlTEh7BxsrgJoHldQKclakqSC6T32TaqpYtC9uxcYxQwfo7gwIhJ6
         f7XCi73ID6qwWyfX0Yyzr92PZZEPJYD5/YRmo7TvK0Z3ZCOhMEc21kzGra0VpQCtFEiZ
         xNAISn7gOeDm7aMOsDRA2dfb+wwldsvXIJUrz98su9Eerwt7sqAuCIPOrva9d2t7vouK
         tiYFx1+MgjuVKTmYLBe8ikWkxLZ+8ADS7A2gejaYNO/CnMZrYNuitmYE9/QSI2PfvbKz
         PbZevABXfqPPLK6CZFxzIg4KNdzqFTxwxA8a7pt5oxTNXktvxJAuUFwO4YgLYPB7etP9
         hfbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=8kPKNU0AwxuCUlhkTSYqbA/2SHbqtlAr6V/JHgkEF9k=;
        b=jjioVHsEXlaj9lkIWnY+RzclQP0yMW6P4YoEHn60GNxtQJ3Al1Td9JAY9a/vOcwFFz
         tUB7DtumQgW4V+OhO74vyqcE7DjP2QaVt+XCsUy0UzHPrrOFf3p50tzSLx6+CBqdVG6k
         hS6+C5L4R2NDmRWU1mb1Fv0Pdy9FBSLo7hbo4qz0WNq2wqWDc9xMD++KNXGW9SKJ9qOm
         SPQkYe4FU940GX2dyYb01KTNGi/WDqwSlG7rvz88faY7ymJZtyttDCFtxC4dQMHpSByP
         O+CVmqlNQVyyUI0jgaWWUTWcnrimgya6vd4LuHy5N7JPq+E/dYTbpUDXlOUyMI7DJdlA
         /EaA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HfQZkZyV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id y37-20020a056a00182500b0053652e1c0b6si5075276pfa.12.2022.11.11.22.08.04;
        Fri, 11 Nov 2022 22:08:21 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HfQZkZyV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234017AbiKLFXr (ORCPT <rfc822;smith.dustin2017@gmail.com>
        + 91 others); Sat, 12 Nov 2022 00:23:47 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58384 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229991AbiKLFXq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 12 Nov 2022 00:23:46 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29EA8B482
        for <linux-kernel@vger.kernel.org>; Fri, 11 Nov 2022 21:23:44 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B475160AF2
        for <linux-kernel@vger.kernel.org>; Sat, 12 Nov 2022 05:23:43 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E6A55C433C1;
        Sat, 12 Nov 2022 05:23:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1668230623;
        bh=2sPff8ZwIfESnXTKO5JbMAWQE6iiJImLzyqr9UKYoSU=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=HfQZkZyVaHeCMBKBAAmj/Gh3WF1eUua7dYYBOGKMnTJpmICUi8O2snkWQ/5XOIpLp
         wiAeD008flOfgPJej+D+qAu3kSiHn7+x05LwfLuTsznUFb4FKo3TxUSHtMiyRd2gzp
         7Prk53Sa9qUUJU7P1aPoKnvl33l8b+UqLKlBnRWcYYkqoyktALKF+ckvArgeMVcxrz
         BYchZ3vta9l4KvPSwbBKR5zIALdy3nk+aOYLFtLnAybYXXjCI0pEp/omoTNPcFPsYX
         FZNeYOKsRLUqQZ4cHlfUB6T5Uf+hvwBkDbfmQ+X1rypH3NraRbQFmbwb12pT7W5tP1
         IqxbkS8PIJqIQ==
Date:   Sat, 12 Nov 2022 14:23:39 +0900
From:   Masami Hiramatsu (Google) <mhiramat@kernel.org>
To:     Rafael Mendonca <rafaelmendsr@gmail.com>
Cc:     Steven Rostedt <rostedt@goodmis.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Tzvetomir Stoyanov <tz.stoyanov@gmail.com>,
        Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH 2/3] tracing/eprobe: Add eprobe filter support
Message-Id: <20221112142339.510c01a52ae8449e21f2d343@kernel.org>
In-Reply-To: <Y2sfkaIa4sBLuHGX@macondo>
References: <165932112555.2850673.7704483936633223533.stgit@devnote2>
        <165932114513.2850673.2592206685744598080.stgit@devnote2>
        <Y2sfkaIa4sBLuHGX@macondo>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
        RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 9 Nov 2022 00:33:37 -0300
Rafael Mendonca <rafaelmendsr@gmail.com> wrote:

> Hi Masami,
> I was playing around with the filter option and couldn't get it to work the way
> I was expecting. For example, I'm getting the following output:
> 
> root@localhost:/sys/kernel/tracing# echo 'e syscalls/sys_enter_openat \
> 	flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> root@localhost:/sys/kernel/tracing# echo 1 > events/eprobes/sys_enter_openat/enable
> [  114.551550] event trace: Could not enable event sys_enter_openat
> -bash: echo: write error: Invalid argument
> 
> I was wondering if the trace_event_call passed to create_event_filter()
> shouldn't be 'ep->event' instead of 'file->event_call' as such:
> 
> diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
> index e888446d80fa..123d2c0a6b68 100644
> --- a/kernel/trace/trace_eprobe.c
> +++ b/kernel/trace/trace_eprobe.c
> @@ -643,7 +643,7 @@ new_eprobe_trigger(struct trace_eprobe *ep, struct
> trace_event_file *file)
> 	INIT_LIST_HEAD(&trigger->list);
>  
> 	if (ep->filter_str) {
> -               ret = create_event_filter(file->tr, file->event_call,
> +               ret = create_event_filter(file->tr, ep->event,
> 					ep->filter_str, false, &filter);
> 		if (ret)
> 			goto error;

Ah, OK. I got it. the "file->event_call" is for the eprobe's event
itself, thus the filter doesn't work. ep->event is the event of the
original event. Thus your fix is correct.

Thank you!

> 
> Applying the above change seems to make it work the way I was expecting:
> 
> root@localhost:/sys/kernel/tracing# echo 'e syscalls/sys_enter_openat \
> 	flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> root@localhost:/sys/kernel/tracing# echo 1 > events/eprobes/sys_enter_openat/enable
> root@localhost:/sys/kernel/tracing# tail trace
> cat-241     [000] ...1.   266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> cat-242     [000] ...1.   266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> cat-242     [000] ...1.   266.979883: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> bash-223     [000] ...1.   272.322714: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=577
> cat-243     [000] ...1.   273.630900: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> cat-243     [000] ...1.   273.633464: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> tail-244     [000] ...1.   300.013530: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> tail-244     [000] ...1.   300.018584: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> tail-245     [000] ...1.   301.237883: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> tail-245     [000] ...1.   301.243375: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> 
> I'm not familiar with the eprobe code, sorry if this is nonsense.
> 
> > +					ep->filter_str, false, &filter);
> > +		if (ret)
> > +			goto error;
> > +	}
> > +	RCU_INIT_POINTER(trigger->filter, filter);
> >  
> >  	edata->file = file;
> >  	edata->ep = ep;
> >  	trigger->private_data = edata;
> >  
> >  	return trigger;
> > +error:
> > +	free_event_filter(filter);
> > +	kfree(edata);
> > +	kfree(trigger);
> > +	return ERR_PTR(ret);
> >  }
> >  
> >  static int enable_eprobe(struct trace_eprobe *ep,
> > @@ -651,6 +667,7 @@ static int disable_eprobe(struct trace_eprobe *ep,
> >  {
> >  	struct event_trigger_data *trigger = NULL, *iter;
> >  	struct trace_event_file *file;
> > +	struct event_filter *filter;
> >  	struct eprobe_data *edata;
> >  
> >  	file = find_event_file(tr, ep->event_system, ep->event_name);
> > @@ -677,6 +694,10 @@ static int disable_eprobe(struct trace_eprobe *ep,
> >  	/* Make sure nothing is using the edata or trigger */
> >  	tracepoint_synchronize_unregister();
> >  
> > +	filter = rcu_access_pointer(trigger->filter);
> > +
> > +	if (filter)
> > +		free_event_filter(filter);
> >  	kfree(edata);
> >  	kfree(trigger);
> >  
> > @@ -848,12 +869,62 @@ static int trace_eprobe_tp_update_arg(struct trace_eprobe *ep, const char *argv[
> >  	return ret;
> >  }
> >  
> > +static int trace_eprobe_parse_filter(struct trace_eprobe *ep, int argc, const char *argv[])
> > +{
> > +	struct event_filter *dummy;
> > +	int i, ret, len = 0;
> > +	char *p;
> > +
> > +	if (argc == 0) {
> > +		trace_probe_log_err(0, NO_EP_FILTER);
> > +		return -EINVAL;
> > +	}
> > +
> > +	/* Recover the filter string */
> > +	for (i = 0; i < argc; i++)
> > +		len += strlen(argv[i]) + 1;
> > +
> > +	ep->filter_str = kzalloc(len, GFP_KERNEL);
> > +	if (!ep->filter_str)
> > +		return -ENOMEM;
> > +
> > +	p = ep->filter_str;
> > +	for (i = 0; i < argc; i++) {
> > +		ret = snprintf(p, len, "%s ", argv[i]);
> > +		if (ret < 0)
> > +			goto error;
> > +		if (ret > len) {
> > +			ret = -E2BIG;
> > +			goto error;
> > +		}
> > +		p += ret;
> > +		len -= ret;
> > +	}
> > +	p[-1] = '\0';
> > +
> > +	/*
> > +	 * Ensure the filter string can be parsed correctly. Note, this
> > +	 * filter string is for the original event, not for the eprobe.
> > +	 */
> > +	ret = create_event_filter(top_trace_array(), ep->event, ep->filter_str,
> > +				  true, &dummy);
> > +	free_event_filter(dummy);
> > +	if (ret)
> > +		goto error;
> > +
> > +	return 0;
> > +error:
> > +	kfree(ep->filter_str);
> > +	ep->filter_str = NULL;
> > +	return ret;
> > +}
> > +
> >  static int __trace_eprobe_create(int argc, const char *argv[])
> >  {
> >  	/*
> >  	 * Argument syntax:
> > -	 *      e[:[GRP/][ENAME]] SYSTEM.EVENT [FETCHARGS]
> > -	 * Fetch args:
> > +	 *      e[:[GRP/][ENAME]] SYSTEM.EVENT [FETCHARGS] [if FILTER]
> > +	 * Fetch args (no space):
> >  	 *  <name>=$<field>[:TYPE]
> >  	 */
> >  	const char *event = NULL, *group = EPROBE_EVENT_SYSTEM;
> > @@ -863,8 +934,8 @@ static int __trace_eprobe_create(int argc, const char *argv[])
> >  	char buf1[MAX_EVENT_NAME_LEN];
> >  	char buf2[MAX_EVENT_NAME_LEN];
> >  	char gbuf[MAX_EVENT_NAME_LEN];
> > -	int ret = 0;
> > -	int i;
> > +	int ret = 0, filter_idx = 0;
> > +	int i, filter_cnt;
> >  
> >  	if (argc < 2 || argv[0][0] != 'e')
> >  		return -ECANCELED;
> > @@ -894,6 +965,15 @@ static int __trace_eprobe_create(int argc, const char *argv[])
> >  		event = buf1;
> >  	}
> >  
> > +	for (i = 2; i < argc; i++) {
> > +		if (!strcmp(argv[i], "if")) {
> > +			filter_idx = i + 1;
> > +			filter_cnt = argc - filter_idx;
> > +			argc = i;
> > +			break;
> > +		}
> > +	}
> > +
> >  	mutex_lock(&event_mutex);
> >  	event_call = find_and_get_event(sys_name, sys_event);
> >  	ep = alloc_event_probe(group, event, event_call, argc - 2);
> > @@ -909,6 +989,14 @@ static int __trace_eprobe_create(int argc, const char *argv[])
> >  		goto error;
> >  	}
> >  
> > +	if (filter_idx) {
> > +		trace_probe_log_set_index(filter_idx);
> > +		ret = trace_eprobe_parse_filter(ep, filter_cnt, argv + filter_idx);
> > +		if (ret)
> > +			goto parse_error;
> > +	} else
> > +		ep->filter_str = NULL;
> > +
> >  	argc -= 2; argv += 2;
> >  	/* parse arguments */
> >  	for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
> > diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h
> > index 3b3869ae8cfd..de38f1c03776 100644
> > --- a/kernel/trace/trace_probe.h
> > +++ b/kernel/trace/trace_probe.h
> > @@ -445,7 +445,8 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call,
> >  	C(SAME_PROBE,		"There is already the exact same probe event"),\
> >  	C(NO_EVENT_INFO,	"This requires both group and event name to attach"),\
> >  	C(BAD_ATTACH_EVENT,	"Attached event does not exist"),\
> > -	C(BAD_ATTACH_ARG,	"Attached event does not have this field"),
> > +	C(BAD_ATTACH_ARG,	"Attached event does not have this field"),\
> > +	C(NO_EP_FILTER,		"No filter rule after 'if'"),
> >  
> >  #undef C
> >  #define C(a, b)		TP_ERR_##a
> > 


-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>