Message ID | 20231018064441.2751317-1-tmricht@linux.ibm.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4604251vqb; Tue, 17 Oct 2023 23:46:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEWZcwD2JrzPRiD1v6U5BwbwicXkInRVAqS2/ut8Crccz9035xnmbFhq07+uq2yhws+32as X-Received: by 2002:a17:90b:1812:b0:27c:fbf8:6c43 with SMTP id lw18-20020a17090b181200b0027cfbf86c43mr4679794pjb.1.1697611571239; Tue, 17 Oct 2023 23:46:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697611571; cv=none; d=google.com; s=arc-20160816; b=OGwXfV9nv2HFgF5iX9fNPTJZ28Z7u94wHOmuiq5ey+Lx+zbQc6dqHkunpP2UWjPJh4 gmYpHAXnUVPdwQPMO7jjTpFZaVPaO+B2vIuJMHGCuyZv0tstczSqHBYLgBq62/9D8p9m SSIhmeRJrKcTZD4hNn4FsVbDHmRztXTaWlDNgsXjAo/nrLGVpvlpeQTxER7QU4q3XDjF 2nqXwrlaxrs7S10Z1qee/oCRBv4Lp2WQ7QBlp/aV4aFyngex0bkTeH9XRpD+63L34g/S koiVPD39v1C6iSr2nCK+RIk0lxcsAaIdPybzn6Jfpx1AlHnmo+Lx0Rm956LHVmE6AgrM Ll3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=LqE3bsjS3d7fUFgQ8meolb1vfdC6rlb7wmWsYw/PucM=; fh=eKekZ85pf4DNAXTpxXwWKZrdSqif0oow/di9HyC3Tfw=; b=BNII5qRuKfSr0OzNG6MEwVMs5rhwIJG+ym0vw13cy7he5cXlHHWS3Lg+/qzYUBfbNN aS4DBnjERNr6hGgTj9A64cI+nHAPqZlMj5WAfHtKnuX8bEMHwr1maZT+4oeq4gY7gOME H2xChys4/Jtm9BJo3YUFOQKm4CSKWEp9fyq2wI9b+U/P4DMfnyxbZQCKcNlDP9P+DtBR GEw5pmtmk58r7JuGpIAwI/411ZUrRE//Lv8D1h3ofFiaFE/VHVlWIhFAKJYPbV9ksENl +V5SyC2tVvOsuoJb5JybZJ1LbEvZCXY+8g16E4PmLFfanNkhcNxg3zBRUxh5Q9NZQCBc v8Og== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=nJoA+pVS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id pc18-20020a17090b3b9200b0027762d9999csi919046pjb.155.2023.10.17.23.46.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 23:46:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=nJoA+pVS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id CDA8F80C2E20; Tue, 17 Oct 2023 23:45:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344470AbjJRGo7 (ORCPT <rfc822;zwp10758@gmail.com> + 23 others); Wed, 18 Oct 2023 02:44:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229448AbjJRGo6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 18 Oct 2023 02:44:58 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DDDB93; Tue, 17 Oct 2023 23:44:56 -0700 (PDT) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39I6g2uR029553; Wed, 18 Oct 2023 06:44:53 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=LqE3bsjS3d7fUFgQ8meolb1vfdC6rlb7wmWsYw/PucM=; b=nJoA+pVSGDOtYfiFAi5xI5nLhruV6f2x/mBG8rJkstAVEMxNHaJ2+qTUSrD0PYobzCFQ uvn0JM+o3e/5KhlepCXpbE8QcgMybcT2SPlpWJYP3O3oqsPuHcYA2azxYH0LTzpf6GMm BVFZBjAi4A1fWOYwZxXbWrCi20+CoovmYnDjDWn0nMbWKtFRU5QRC0IKkMQcSFEAWaEz +bpglfdRD7Qj8KIUcXd/CkCdTLs3Vr/myInHzvkTCRSHnuzE5mFdLvHB4y/LOhmSK31j doBRbDGZrmLLjQ8wg4dgUle1rqRIY4zpUwJMnEkT59iAtRJx8GjYr0WOY4++0q4nfmOL kA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ttaaqg25v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2023 06:44:53 +0000 Received: from m0353729.ppops.net (m0353729.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 39I6ha6u002871; Wed, 18 Oct 2023 06:44:53 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ttaaqg259-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2023 06:44:52 +0000 Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 39I40Cxc026879; Wed, 18 Oct 2023 06:44:51 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3tr5asekgd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Oct 2023 06:44:51 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 39I6imHV21299956 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Oct 2023 06:44:48 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4F9092004E; Wed, 18 Oct 2023 06:44:48 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 204FA2004B; Wed, 18 Oct 2023 06:44:48 +0000 (GMT) Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Oct 2023 06:44:48 +0000 (GMT) From: Thomas Richter <tmricht@linux.ibm.com> To: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, acme@kernel.org, iii@linux.ibm.com, irogers@google.com Cc: svens@linux.ibm.com, gor@linux.ibm.com, sumanthk@linux.ibm.com, hca@linux.ibm.com, Thomas Richter <tmricht@linux.ibm.com> Subject: [PATCH] perf test: test case 111 fails on s390 Date: Wed, 18 Oct 2023 08:44:41 +0200 Message-Id: <20231018064441.2751317-1-tmricht@linux.ibm.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: NXPT4q3yb5Umjie7CUINcWIkWlyPu0Zw X-Proofpoint-ORIG-GUID: U7lLSEIItiDpuRwUU0DqJZ27YGPaANCr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-18_04,2023-10-17_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 clxscore=1011 phishscore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 mlxscore=0 malwarescore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310180056 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 17 Oct 2023 23:45:59 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780074750969266771 X-GMAIL-MSGID: 1780074750969266771 |
Series |
perf test: test case 111 fails on s390
|
|
Commit Message
Thomas Richter
Oct. 18, 2023, 6:44 a.m. UTC
Perf test case 111 Check open filename arg using perf trace + vfs_getname fails on s390. This is caused by a failing function bpf_probe_read() in file util/bpf_skel/augmented_raw_syscalls.bpf.c. The root cause is the lookup by address. Function bpf_probe_read() is used. This function works only for architectures with ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE. On s390 is not possible to determine from the address to which address space the address belongs to (user or kernel space). Replace bpf_probe_read() by bpf_probe_read_kernel() and bpf_probe_read_str() by bpf_probe_read_user_str() to explicity specify the address space the address refers to. Output before: # ./perf trace -eopen,openat -- touch /tmp/111 libbpf: prog 'sys_enter': BPF program load failed: Invalid argument libbpf: prog 'sys_enter': -- BEGIN PROG LOAD LOG -- reg type unsupported for arg#0 function sys_enter#75 0: R1=ctx(off=0,imm=0) R10=fp0 ; int sys_enter(struct syscall_enter_args *args) 0: (bf) r6 = r1 ; R1=ctx(off=0,imm=0) R6_w=ctx(off=0,imm=0) ; return bpf_get_current_pid_tgid(); 1: (85) call bpf_get_current_pid_tgid#14 ; R0_w=scalar() 2: (63) *(u32 *)(r10 -8) = r0 ; R0_w=scalar() R10=fp0 fp-8=????mmmm 3: (bf) r2 = r10 ; R2_w=fp0 R10=fp0 ; ..... lines deleted here ..... 23: (bf) r3 = r6 ; R3_w=ctx(off=0,imm=0) R6=ctx(off=0,imm=0) 24: (85) call bpf_probe_read#4 unknown func bpf_probe_read#4 processed 23 insns (limit 1000000) max_states_per_insn 0 \ total_states 2 peak_states 2 mark_read 2 -- END PROG LOAD LOG -- libbpf: prog 'sys_enter': failed to load: -22 libbpf: failed to load object 'augmented_raw_syscalls_bpf' libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -22 .... Output after: # ./perf test -Fv 111 111: Check open filename arg using perf trace + vfs_getname : --- start --- 1.085 ( 0.011 ms): touch/320753 openat(dfd: CWD, filename: \ "/tmp/temporary_file.SWH85", \ flags: CREAT|NOCTTY|NONBLOCK|WRONLY, mode: IRUGO|IWUGO) = 3 ---- end ---- Check open filename arg using perf trace + vfs_getname: Ok # Fixes: 14e4b9f4289a ("perf trace: Raw augmented syscalls fix libbpf 1.0+ compatibility") Signed-off-by: Thomas Richter <tmricht@linux.ibm.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Cc: Ian Rogers <irogers@google.com> --- .../util/bpf_skel/augmented_raw_syscalls.bpf.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)
Comments
Em Wed, Oct 18, 2023 at 08:44:41AM +0200, Thomas Richter escreveu: > Perf test case 111 Check open filename arg using perf trace + vfs_getname > fails on s390. This is caused by a failing function > bpf_probe_read() in file util/bpf_skel/augmented_raw_syscalls.bpf.c. Please change the patch subject to describe what is being really fixed instead of the test that spotted the problem, i.e. something like: perf trace: Use the right bpf_probe_read(_str) variant for reading user data But then shouldn't all those use bpf_probe_read_user(_str)? As it is reading arguments to the syscall, that are coming from userspace, i.e. both open/openat/etc path/filename, clock_nanosleep rqtp args (and connect sockaddr, etc) comes from userspace. - Arnaldo > The root cause is the lookup by address. Function bpf_probe_read() > is used. This function works only for architectures > with ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE. > > On s390 is not possible to determine from the address to which > address space the address belongs to (user or kernel space). > > Replace bpf_probe_read() by bpf_probe_read_kernel() > and bpf_probe_read_str() by bpf_probe_read_user_str() to > explicity specify the address space the address refers to. > > Output before: > # ./perf trace -eopen,openat -- touch /tmp/111 > libbpf: prog 'sys_enter': BPF program load failed: Invalid argument > libbpf: prog 'sys_enter': -- BEGIN PROG LOAD LOG -- > reg type unsupported for arg#0 function sys_enter#75 > 0: R1=ctx(off=0,imm=0) R10=fp0 > ; int sys_enter(struct syscall_enter_args *args) > 0: (bf) r6 = r1 ; R1=ctx(off=0,imm=0) R6_w=ctx(off=0,imm=0) > ; return bpf_get_current_pid_tgid(); > 1: (85) call bpf_get_current_pid_tgid#14 ; R0_w=scalar() > 2: (63) *(u32 *)(r10 -8) = r0 ; R0_w=scalar() R10=fp0 fp-8=????mmmm > 3: (bf) r2 = r10 ; R2_w=fp0 R10=fp0 > ; > ..... > lines deleted here > ..... > 23: (bf) r3 = r6 ; R3_w=ctx(off=0,imm=0) R6=ctx(off=0,imm=0) > 24: (85) call bpf_probe_read#4 > unknown func bpf_probe_read#4 > processed 23 insns (limit 1000000) max_states_per_insn 0 \ > total_states 2 peak_states 2 mark_read 2 > -- END PROG LOAD LOG -- > libbpf: prog 'sys_enter': failed to load: -22 > libbpf: failed to load object 'augmented_raw_syscalls_bpf' > libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -22 > .... > > Output after: > # ./perf test -Fv 111 > 111: Check open filename arg using perf trace + vfs_getname : > --- start --- > 1.085 ( 0.011 ms): touch/320753 openat(dfd: CWD, filename: \ > "/tmp/temporary_file.SWH85", \ > flags: CREAT|NOCTTY|NONBLOCK|WRONLY, mode: IRUGO|IWUGO) = 3 > ---- end ---- > Check open filename arg using perf trace + vfs_getname: Ok > # > > Fixes: 14e4b9f4289a ("perf trace: Raw augmented syscalls fix libbpf 1.0+ compatibility") > Signed-off-by: Thomas Richter <tmricht@linux.ibm.com> > Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> > Cc: Ian Rogers <irogers@google.com> > --- > .../util/bpf_skel/augmented_raw_syscalls.bpf.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c b/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c > index 939ec769bf4a..cc22bccfc178 100644 > --- a/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c > +++ b/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c > @@ -153,7 +153,7 @@ static inline > unsigned int augmented_arg__read_str(struct augmented_arg *augmented_arg, const void *arg, unsigned int arg_len) > { > unsigned int augmented_len = sizeof(*augmented_arg); > - int string_len = bpf_probe_read_str(&augmented_arg->value, arg_len, arg); > + int string_len = bpf_probe_read_user_str(&augmented_arg->value, arg_len, arg); > > augmented_arg->size = augmented_arg->err = 0; > /* > @@ -203,7 +203,7 @@ int sys_enter_connect(struct syscall_enter_args *args) > _Static_assert(is_power_of_2(sizeof(augmented_args->saddr)), "sizeof(augmented_args->saddr) needs to be a power of two"); > socklen &= sizeof(augmented_args->saddr) - 1; > > - bpf_probe_read(&augmented_args->saddr, socklen, sockaddr_arg); > + bpf_probe_read_kernel(&augmented_args->saddr, socklen, sockaddr_arg); > > return augmented__output(args, augmented_args, len + socklen); > } > @@ -221,7 +221,7 @@ int sys_enter_sendto(struct syscall_enter_args *args) > > socklen &= sizeof(augmented_args->saddr) - 1; > > - bpf_probe_read(&augmented_args->saddr, socklen, sockaddr_arg); > + bpf_probe_read_kernel(&augmented_args->saddr, socklen, sockaddr_arg); > > return augmented__output(args, augmented_args, len + socklen); > } > @@ -311,7 +311,7 @@ int sys_enter_perf_event_open(struct syscall_enter_args *args) > if (augmented_args == NULL) > goto failure; > > - if (bpf_probe_read(&augmented_args->__data, sizeof(*attr), attr) < 0) > + if (bpf_probe_read_kernel(&augmented_args->__data, sizeof(*attr), attr) < 0) > goto failure; > > attr_read = (const struct perf_event_attr_size *)augmented_args->__data; > @@ -325,7 +325,7 @@ int sys_enter_perf_event_open(struct syscall_enter_args *args) > goto failure; > > // Now that we read attr->size and tested it against the size limits, read it completely > - if (bpf_probe_read(&augmented_args->__data, size, attr) < 0) > + if (bpf_probe_read_kernel(&augmented_args->__data, size, attr) < 0) > goto failure; > > return augmented__output(args, augmented_args, len + size); > @@ -347,7 +347,7 @@ int sys_enter_clock_nanosleep(struct syscall_enter_args *args) > if (size > sizeof(augmented_args->__data)) > goto failure; > > - bpf_probe_read(&augmented_args->__data, size, rqtp_arg); > + bpf_probe_read_kernel(&augmented_args->__data, size, rqtp_arg); > > return augmented__output(args, augmented_args, len + size); > failure: > @@ -385,7 +385,7 @@ int sys_enter(struct syscall_enter_args *args) > if (augmented_args == NULL) > return 1; > > - bpf_probe_read(&augmented_args->args, sizeof(augmented_args->args), args); > + bpf_probe_read_kernel(&augmented_args->args, sizeof(augmented_args->args), args); > > /* > * Jump to syscall specific augmenter, even if the default one, > @@ -406,7 +406,7 @@ int sys_exit(struct syscall_exit_args *args) > if (pid_filter__has(&pids_filtered, getpid())) > return 0; > > - bpf_probe_read(&exit_args, sizeof(exit_args), args); > + bpf_probe_read_kernel(&exit_args, sizeof(exit_args), args); > /* > * Jump to syscall specific return augmenter, even if the default one, > * "!raw_syscalls:unaugmented" that will just return 1 to return the > -- > 2.41.0 >
Em Wed, Oct 18, 2023 at 11:05:29AM -0300, Arnaldo Carvalho de Melo escreveu: > Em Wed, Oct 18, 2023 at 08:44:41AM +0200, Thomas Richter escreveu: > > Perf test case 111 Check open filename arg using perf trace + vfs_getname > > fails on s390. This is caused by a failing function > > bpf_probe_read() in file util/bpf_skel/augmented_raw_syscalls.bpf.c. > > > Please change the patch subject to describe what is being really fixed > instead of the test that spotted the problem, i.e. something like: > > perf trace: Use the right bpf_probe_read(_str) variant for reading user data > > But then shouldn't all those use bpf_probe_read_user(_str)? > > As it is reading arguments to the syscall, that are coming from > userspace, i.e. both open/openat/etc path/filename, clock_nanosleep rqtp > args (and connect sockaddr, etc) comes from userspace. So, with your patch, on x86_64, I get: ^C[root@five ~]# perf trace -e connect* 0.000 ( 0.021 ms): DNS Res~ver #1/8756 connect(fd: 229, uservaddr: { .family: UNSPEC }, addrlen: 42) = 0 0.544 ( 0.011 ms): DNS Res~ver #1/8756 connect(fd: 229, uservaddr: { .family: UNSPEC }, addrlen: 16) = 0 0.569 ( 0.009 ms): DNS Res~ver #1/8756 connect(fd: 229, uservaddr: { .family: UNSPEC }, addrlen: 28) = -1 ENETUNREACH (Network is unreachable) I.e. it loads the resulting BPF bytecode but doesn't manage to copy the sockaddr in userspace pointed by connect's uservaddr argument. We need to use bpf_probe_read_kernel() for the tracepoint payload, in the raw_syscalls/sys_enter and raw_syscalls/sys_exit handlers, as that is kernel memory, but in the syscall specific BPF programs we need to use bpf_probe_read_user() to get things like sockaddr, etc, i.e. userspace contents. With the patch below: [root@five ~]# perf trace -e connect* 0.000 ( 0.128 ms): pool/2690 connect(fd: 7, uservaddr: { .family: LOCAL, path: /var/run/.heim_org.h5l.kcm-socket }, addrlen: 110) = 0 304.127 ( 0.018 ms): DNS Resolver #/6524 connect(fd: 556, uservaddr: { .family: LOCAL, path: /run/systemd/resolve/io.systemd.Resolve }, addrlen: 42) = 0 304.554 ( 0.016 ms): systemd-resolv/1167 connect(fd: 24, uservaddr: { .family: INET, port: 53, addr: 192.168.86.1 }, addrlen: 16) = 0 304.650 ( 0.009 ms): systemd-resolv/1167 connect(fd: 25, uservaddr: { .family: INET, port: 53, addr: 192.168.86.1 }, addrlen: 16) = 0 318.952 ( 0.009 ms): DNS Resolver #/6524 connect(fd: 556, uservaddr: { .family: INET, port: 0, addr: 216.239.38.177 }, addrlen: 16) = 0 318.965 ( 0.003 ms): DNS Resolver #/6524 connect(fd: 556, uservaddr: { .family: UNSPEC }, addrlen: 16) = 0 318.970 ( 0.004 ms): DNS Resolver #/6524 connect(fd: 556, uservaddr: { .family: INET, port: 0, addr: 216.239.34.177 }, addrlen: 16) = 0 318.977 ( 0.002 ms): DNS Resolver #/6524 connect(fd: 556, uservaddr: { .family: UNSPEC }, addrlen: 16) = 0 You can test before/after with: # perf trace -e connect*,clo*sleep To see clock_nanosleep rqtp args as well: Before: 999.107 ( ): gnome-terminal/3285 clock_nanosleep(rqtp: { .tv_sec: 0, .tv_nsec: 0 }, rmtp: 0x7ffdd373adb0) ... 1000.228 ( ): pool-gsd-smart/3140 clock_nanosleep(rqtp: { .tv_sec: 0, .tv_nsec: 0 }, rmtp: 0x7f85b61fec90) ... 1030.375 ( ): gnome-terminal/3285 clock_nanosleep(rqtp: { .tv_sec: 0, .tv_nsec: 0 }, rmtp: 0x7ffdd373adb0) ... 1061.694 ( ): gnome-terminal/3285 clock_nanosleep(rqtp: { .tv_sec: 0, .tv_nsec: 0 }, rmtp: 0x7ffdd373adb0) ... after: 1000.198 (1000.035 ms): pool-gsd-smart/3140 clock_nanosleep(rqtp: { .tv_sec: 1, .tv_nsec: 0 }, rmtp: 0x7f85b61fec90) = 0 2000.302 (1000.036 ms): pool-gsd-smart/3140 clock_nanosleep(rqtp: { .tv_sec: 1, .tv_nsec: 0 }, rmtp: 0x7f85b61fec90) = 0 3000.410 (1000.037 ms): pool-gsd-smart/3140 clock_nanosleep(rqtp: { .tv_sec: 1, .tv_nsec: 0 }, rmtp: 0x7f85b61fec90) = 0 4000.518 (1000.035 ms): pool-gsd-smart/3140 clock_nanosleep(rqtp: { .tv_sec: 1, .tv_nsec: 0 }, rmtp: 0x7f85b61fec90 [root@five ~]# perf trace -e *sleep sleep 1.234567890 0.000 (1234.630 ms): sleep/64495 clock_nanosleep(rqtp: { .tv_sec: 1, .tv_nsec: 234567890 }, rmtp: 0x7ffdf49af4a0) = 0 [root@five ~]# - Arnaldo diff --git a/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c b/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c index cc22bccfc178229a..52c270330ae0d2f3 100644 --- a/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c +++ b/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c @@ -203,7 +203,7 @@ int sys_enter_connect(struct syscall_enter_args *args) _Static_assert(is_power_of_2(sizeof(augmented_args->saddr)), "sizeof(augmented_args->saddr) needs to be a power of two"); socklen &= sizeof(augmented_args->saddr) - 1; - bpf_probe_read_kernel(&augmented_args->saddr, socklen, sockaddr_arg); + bpf_probe_read_user(&augmented_args->saddr, socklen, sockaddr_arg); return augmented__output(args, augmented_args, len + socklen); } @@ -221,7 +221,7 @@ int sys_enter_sendto(struct syscall_enter_args *args) socklen &= sizeof(augmented_args->saddr) - 1; - bpf_probe_read_kernel(&augmented_args->saddr, socklen, sockaddr_arg); + bpf_probe_read_user(&augmented_args->saddr, socklen, sockaddr_arg); return augmented__output(args, augmented_args, len + socklen); } @@ -311,7 +311,7 @@ int sys_enter_perf_event_open(struct syscall_enter_args *args) if (augmented_args == NULL) goto failure; - if (bpf_probe_read_kernel(&augmented_args->__data, sizeof(*attr), attr) < 0) + if (bpf_probe_read_user(&augmented_args->__data, sizeof(*attr), attr) < 0) goto failure; attr_read = (const struct perf_event_attr_size *)augmented_args->__data; @@ -325,7 +325,7 @@ int sys_enter_perf_event_open(struct syscall_enter_args *args) goto failure; // Now that we read attr->size and tested it against the size limits, read it completely - if (bpf_probe_read_kernel(&augmented_args->__data, size, attr) < 0) + if (bpf_probe_read_user(&augmented_args->__data, size, attr) < 0) goto failure; return augmented__output(args, augmented_args, len + size); @@ -347,7 +347,7 @@ int sys_enter_clock_nanosleep(struct syscall_enter_args *args) if (size > sizeof(augmented_args->__data)) goto failure; - bpf_probe_read_kernel(&augmented_args->__data, size, rqtp_arg); + bpf_probe_read_user(&augmented_args->__data, size, rqtp_arg); return augmented__output(args, augmented_args, len + size); failure:
diff --git a/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c b/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c index 939ec769bf4a..cc22bccfc178 100644 --- a/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c +++ b/tools/perf/util/bpf_skel/augmented_raw_syscalls.bpf.c @@ -153,7 +153,7 @@ static inline unsigned int augmented_arg__read_str(struct augmented_arg *augmented_arg, const void *arg, unsigned int arg_len) { unsigned int augmented_len = sizeof(*augmented_arg); - int string_len = bpf_probe_read_str(&augmented_arg->value, arg_len, arg); + int string_len = bpf_probe_read_user_str(&augmented_arg->value, arg_len, arg); augmented_arg->size = augmented_arg->err = 0; /* @@ -203,7 +203,7 @@ int sys_enter_connect(struct syscall_enter_args *args) _Static_assert(is_power_of_2(sizeof(augmented_args->saddr)), "sizeof(augmented_args->saddr) needs to be a power of two"); socklen &= sizeof(augmented_args->saddr) - 1; - bpf_probe_read(&augmented_args->saddr, socklen, sockaddr_arg); + bpf_probe_read_kernel(&augmented_args->saddr, socklen, sockaddr_arg); return augmented__output(args, augmented_args, len + socklen); } @@ -221,7 +221,7 @@ int sys_enter_sendto(struct syscall_enter_args *args) socklen &= sizeof(augmented_args->saddr) - 1; - bpf_probe_read(&augmented_args->saddr, socklen, sockaddr_arg); + bpf_probe_read_kernel(&augmented_args->saddr, socklen, sockaddr_arg); return augmented__output(args, augmented_args, len + socklen); } @@ -311,7 +311,7 @@ int sys_enter_perf_event_open(struct syscall_enter_args *args) if (augmented_args == NULL) goto failure; - if (bpf_probe_read(&augmented_args->__data, sizeof(*attr), attr) < 0) + if (bpf_probe_read_kernel(&augmented_args->__data, sizeof(*attr), attr) < 0) goto failure; attr_read = (const struct perf_event_attr_size *)augmented_args->__data; @@ -325,7 +325,7 @@ int sys_enter_perf_event_open(struct syscall_enter_args *args) goto failure; // Now that we read attr->size and tested it against the size limits, read it completely - if (bpf_probe_read(&augmented_args->__data, size, attr) < 0) + if (bpf_probe_read_kernel(&augmented_args->__data, size, attr) < 0) goto failure; return augmented__output(args, augmented_args, len + size); @@ -347,7 +347,7 @@ int sys_enter_clock_nanosleep(struct syscall_enter_args *args) if (size > sizeof(augmented_args->__data)) goto failure; - bpf_probe_read(&augmented_args->__data, size, rqtp_arg); + bpf_probe_read_kernel(&augmented_args->__data, size, rqtp_arg); return augmented__output(args, augmented_args, len + size); failure: @@ -385,7 +385,7 @@ int sys_enter(struct syscall_enter_args *args) if (augmented_args == NULL) return 1; - bpf_probe_read(&augmented_args->args, sizeof(augmented_args->args), args); + bpf_probe_read_kernel(&augmented_args->args, sizeof(augmented_args->args), args); /* * Jump to syscall specific augmenter, even if the default one, @@ -406,7 +406,7 @@ int sys_exit(struct syscall_exit_args *args) if (pid_filter__has(&pids_filtered, getpid())) return 0; - bpf_probe_read(&exit_args, sizeof(exit_args), args); + bpf_probe_read_kernel(&exit_args, sizeof(exit_args), args); /* * Jump to syscall specific return augmenter, even if the default one, * "!raw_syscalls:unaugmented" that will just return 1 to return the