Received: by 10.223.164.202 with SMTP id h10csp813613wrb; Thu, 9 Nov 2017 15:03:59 -0800 (PST) X-Google-Smtp-Source: ABhQp+Sj5Yt6rvwjWEaOxzACCYJcERirrPvF2cp6cR26PATpRIahxsYyjokZgYdrHC5idReP0CEW X-Received: by 10.99.64.5 with SMTP id n5mr1983810pga.244.1510268639058; Thu, 09 Nov 2017 15:03:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510268639; cv=none; d=google.com; s=arc-20160816; b=076Bv5eW30Qr7N1LlNmtbuK8VYkxJIBBKs4uwnkBrc4sRVz/iwDMPpE35E0f8HawGX 5txgNBq+IXqFyQqawtL8A10GB4HGLcjfr4SORVvHKton3ii4r6r04oyPTjdXJzU1FAEu 6hoH/R4oyG2OZKAFMdbTunustnq6Ynoyu5+2cAORHP/OdylcwpYFItmBgpQZ9F6UCbKM erbkjiC5T1NJHA2k04y1q8nDiGyYRaOwovWNVUEtPfHZX9L8JFrva1ouOlNrSQ1PNvMj uDLt15tlFL46u6OxEba7U+8KbjcDf6bfYBESjPQYp0kojyiRwG+D4aG3kktS+hsZ+D8i 2ujA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject :smtp-origin-cluster:cc:to:smtp-origin-hostname:from :smtp-origin-hostprefix:dkim-signature:arc-authentication-results; bh=4f2AMpDyRvpoEJMm3RJYl7hehAPysw7tIH8+WNaW1+w=; b=IgC4fd8xi5ZPNAwtscRT+VZL0mN44W3my29ZsAngjsBKbedoVxbAwV9ICIqpC+yvZu pwewr4ULkDZvlno1Xxen4hD9cvj1TS+cUSp4TZRoPTYgwtm6ml1HPxEYNQl76kElBWb8 6MDIjfRcBT4fSo2GPABdoYrjQlUWUpBHvrOBZ+vknbfKDWMJFs8Hg5DK34uBtIglqwo5 nLa/vxsPlB7A40hLomS+Ix7g/OMUzLD/mbhls1kwsH6JCu0RigDMEGAgveKAch7YTSdR 5mameFsi/sCUAQQk6/KlbdnzfB57QmUGkc5uI1nFjW5pVwBftHUj8A3baqcsRe3IF2jS iVIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=BxY+LgIp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j2si7220701plk.165.2017.11.09.15.03.46; Thu, 09 Nov 2017 15:03:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=BxY+LgIp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754702AbdKIXC6 (ORCPT + 83 others); Thu, 9 Nov 2017 18:02:58 -0500 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:37236 "EHLO mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751709AbdKIXC4 (ORCPT ); Thu, 9 Nov 2017 18:02:56 -0500 Received: from pps.filterd (m0109331.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vA9MrCM2017495 for ; Thu, 9 Nov 2017 15:02:56 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=facebook; bh=4f2AMpDyRvpoEJMm3RJYl7hehAPysw7tIH8+WNaW1+w=; b=BxY+LgIp9ZnF4KvG3bd+KV2w77DZ97b//AFIE3YXjoZ+HMjf/KAXsoSRp4cQwX8jb5KK 2KV8mzi7FJh9U/n6TAxXMVYeN/QukcbYTLwq2HLYjMDs5wijqzZsDssUwRO+mdIuKf4G YFeF6JqImaz8aoZ1rMOYy85tGSmQK8IpgXM= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2e4w2fgv27-3 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 09 Nov 2017 15:02:56 -0800 Received: from mx-out.facebook.com (192.168.52.123) by PRN-CHUB09.TheFacebook.com (192.168.16.19) with Microsoft SMTP Server id 14.3.361.1; Thu, 9 Nov 2017 15:02:54 -0800 Received: by devbig474.prn1.facebook.com (Postfix, from userid 128203) id C6A14E412DB; Thu, 9 Nov 2017 15:02:53 -0800 (PST) Smtp-Origin-Hostprefix: devbig From: Yonghong Song Smtp-Origin-Hostname: devbig474.prn1.facebook.com To: , , , , , , , CC: Smtp-Origin-Cluster: prn1c29 Subject: [PATCH] uprobes/x86: emulate push insns for uprobe on x86 Date: Thu, 9 Nov 2017 15:02:53 -0800 Message-ID: <20171109230253.988995-1-yhs@fb.com> X-Mailer: git-send-email 2.9.5 X-FB-Internal: Safe MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-09_10:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Uprobe is a tracing mechanism for userspace programs. Typical uprobe will incur overhead of two traps. First trap is caused by replaced trap insn, and the second trap is to execute the original displaced insn in user space. To reduce the overhead, kernel provides hooks for architectures to emulate the original insn and skip the second trap. In x86, emulation is done for certain branch insns. This patch extends the emulation to "push " insns. These insns are typical in the beginning of the function. For example, bcc in https://github.com/iovisor/bcc repo provides tools to measure funclantency, detect memleak, etc. The tools will place uprobes in the beginning of function and possibly uretprobes at the end of function. This patch is able to reduce the trap overhead for uprobe from 2 to 1. Without this patch, uretprobe will typically incur three traps. With this patch, if the function starts with "push" insn, the number of traps can be reduced from 3 to 2. An experiment was conducted on two local VMs, fedora 26 64-bit VM and 32-bit VM, both 4 processors and 4GB memory, booted with latest tip repo (and this patch). The host is MacBook with intel i7 processor. The test program looks like #include #include #include #include static void test() __attribute__((noinline)); void test() {} int main() { struct timeval start, end; gettimeofday(&start, NULL); for (int i = 0; i < 1000000; i++) { test(); } gettimeofday(&end, NULL); printf("%ld\n", ((end.tv_sec * 1000000 + end.tv_usec) - (start.tv_sec * 1000000 + start.tv_usec))); return 0; } The program is compiled without optimization, and the first insn for function "test" is "push %rbp". The host is relatively idle. Before the test run, the uprobe is inserted as below for uprobe: echo 'p :' > /sys/kernel/debug/tracing/uprobe_events echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable and for uretprobe: echo 'r :' > /sys/kernel/debug/tracing/uprobe_events echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable Unit: microsecond(usec) per loop iteration x86_64 W/ this patch W/O this patch uprobe 1.55 3.1 uretprobe 2.0 3.6 x86_32 W/ this patch W/O this patch uprobe 1.41 3.5 uretprobe 1.75 4.0 You can see that this patch significantly reduced the overhead, 50% for uprobe and 44% for uretprobe on x86_64, and even more on x86_32. Signed-off-by: Yonghong Song --- arch/x86/include/asm/uprobes.h | 4 ++ arch/x86/kernel/uprobes.c | 110 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 107 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/uprobes.h b/arch/x86/include/asm/uprobes.h index 74f4c2f..a90090c 100644 --- a/arch/x86/include/asm/uprobes.h +++ b/arch/x86/include/asm/uprobes.h @@ -53,6 +53,10 @@ struct arch_uprobe { u8 fixups; u8 ilen; } defparam; + struct { + u8 src_offset; /* to the start of pt_regs */ + u8 ilen; + } push; }; }; diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index a3755d2..1ee8b59 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -528,11 +528,11 @@ static int default_pre_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs) return 0; } -static int push_ret_address(struct pt_regs *regs, unsigned long ip) +static int emulate_push_stack(struct pt_regs *regs, unsigned long val) { unsigned long new_sp = regs->sp - sizeof_long(); - if (copy_to_user((void __user *)new_sp, &ip, sizeof_long())) + if (copy_to_user((void __user *)new_sp, &val, sizeof_long())) return -EFAULT; regs->sp = new_sp; @@ -566,7 +566,7 @@ static int default_post_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs regs->ip += correction; } else if (auprobe->defparam.fixups & UPROBE_FIX_CALL) { regs->sp += sizeof_long(); /* Pop incorrect return address */ - if (push_ret_address(regs, utask->vaddr + auprobe->defparam.ilen)) + if (emulate_push_stack(regs, utask->vaddr + auprobe->defparam.ilen)) return -ERESTART; } /* popf; tell the caller to not touch TF */ @@ -655,7 +655,7 @@ static bool branch_emulate_op(struct arch_uprobe *auprobe, struct pt_regs *regs) * * But there is corner case, see the comment in ->post_xol(). */ - if (push_ret_address(regs, new_ip)) + if (emulate_push_stack(regs, new_ip)) return false; } else if (!check_jmp_cond(auprobe, regs)) { offs = 0; @@ -665,6 +665,16 @@ static bool branch_emulate_op(struct arch_uprobe *auprobe, struct pt_regs *regs) return true; } +static bool push_emulate_op(struct arch_uprobe *auprobe, struct pt_regs *regs) +{ + void *src_ptr = (void *)regs + auprobe->push.src_offset; + + if (emulate_push_stack(regs, *(unsigned long *)src_ptr)) + return false; + regs->ip += auprobe->push.ilen; + return true; +} + static int branch_post_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs) { BUG_ON(!branch_is_call(auprobe)); @@ -703,13 +713,99 @@ static const struct uprobe_xol_ops branch_xol_ops = { .post_xol = branch_post_xol_op, }; -/* Returns -ENOSYS if branch_xol_ops doesn't handle this insn */ -static int branch_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn) +static const struct uprobe_xol_ops push_xol_ops = { + .emulate = push_emulate_op, +}; + +static int uprobe_setup_push_ops(struct arch_uprobe *auprobe, struct insn *insn, + u8 opc1) +{ + u8 src_offset = 0; + + if (insn->length > 2) + return -ENOSYS; + if (insn->length == 2) { + /* only support rex_prefix 0x41 (x64 only) */ +#ifdef CONFIG_X86_64 + if (insn->rex_prefix.nbytes != 1 || + insn->rex_prefix.bytes[0] != 0x41) + return -ENOSYS; + + auprobe->push.ilen = 2; + switch (opc1) { + case 0x50: + src_offset = offsetof(struct pt_regs, r8); + break; + case 0x51: + src_offset = offsetof(struct pt_regs, r9); + break; + case 0x52: + src_offset = offsetof(struct pt_regs, r10); + break; + case 0x53: + src_offset = offsetof(struct pt_regs, r11); + break; + case 0x54: + src_offset = offsetof(struct pt_regs, r12); + break; + case 0x55: + src_offset = offsetof(struct pt_regs, r13); + break; + case 0x56: + src_offset = offsetof(struct pt_regs, r14); + break; + case 0x57: + src_offset = offsetof(struct pt_regs, r15); + break; + } +#else + return -ENOSYS; +#endif + } else { + auprobe->push.ilen = 1; + switch (opc1) { + case 0x50: + src_offset = offsetof(struct pt_regs, ax); + break; + case 0x51: + src_offset = offsetof(struct pt_regs, cx); + break; + case 0x52: + src_offset = offsetof(struct pt_regs, dx); + break; + case 0x53: + src_offset = offsetof(struct pt_regs, bx); + break; + case 0x54: + src_offset = offsetof(struct pt_regs, sp); + break; + case 0x55: + src_offset = offsetof(struct pt_regs, bp); + break; + case 0x56: + src_offset = offsetof(struct pt_regs, si); + break; + case 0x57: + src_offset = offsetof(struct pt_regs, di); + break; + } + } + + auprobe->push.src_offset = src_offset; + auprobe->ops = &push_xol_ops; + return 0; +} + +/* Returns -ENOSYS if {branch|push}_xol_ops doesn't handle this insn */ +static int uprobe_setup_xol_ops(struct arch_uprobe *auprobe, struct insn *insn) { u8 opc1 = OPCODE1(insn); int i; switch (opc1) { + case 0x50 ... 0x57: + return uprobe_setup_push_ops(auprobe, insn, opc1); + case 0xeb: /* jmp 8 */ case 0xe9: /* jmp 32 */ case 0x90: /* prefix* + nop; same as jmp with .offs = 0 */ @@ -767,7 +863,7 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, if (ret) return ret; - ret = branch_setup_xol_ops(auprobe, &insn); + ret = uprobe_setup_xol_ops(auprobe, &insn); if (ret != -ENOSYS) return ret; -- 2.9.5 From 1583627105344225462@xxx Thu Nov 09 21:54:57 +0000 2017 X-GM-THRID: 1583574831236519975 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread