From: Ingo Molnar <mingo@elte.hu>
To: Li Zefan <lizf@cn.fujitsu.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Steven Rostedt <rostedt@goodmis.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Tom Zanussi <tzanussi@gmail.com>, Jason Baron <jbaron@redhat.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 4/6] perf_counter: Add PERF_COUNTER_IOC_SET_FILTER ioctl
Date: Tue, 8 Sep 2009 08:52:27 +0200 [thread overview]
Message-ID: <20090908065227.GA6505@elte.hu> (raw)
In-Reply-To: <4AA5AA0F.4060104@cn.fujitsu.com>
* Li Zefan <lizf@cn.fujitsu.com> wrote:
> Peter Zijlstra wrote:
> > On Mon, 2009-09-07 at 18:48 +0200, Ingo Molnar wrote:
> >> * Peter Zijlstra <peterz@infradead.org> wrote:
> >>
> >>> On Mon, 2009-09-07 at 16:13 +0800, Li Zefan wrote:
> >>>> Allow to set profile filter via ioctl.
> >>> Hrm,.. not at all sure about this.. what are the ABI implications?
> >> I think the ABI should be fine if it's always a sub-set of C syntax.
> >> That would be C expressions initially. Hm?
> >
> > Right, so I've no clue what filter expressions look like, and the
> > changelog doesn't help us at all. It doesn't mention its a well
> > considered decision to henceforth freeze the expression syntax.
> >
> > Of course, since filters so far only work with tracepoint things, and
> > since you can only come by tracepoint things through debugfs, and since
> > anything debugfs is basically a free-for-all ABI-less world, we might be
> > good, but then this is a very ill-defined ioctl() indeed.
> >
> > So please, consider this well -- there might not be a second chance.
> >
>
> Ok, the expressions are:
>
> 1. S = opr1 op opr2 (op: ==, !=, <, <=, >, >=.
> opr1 should be a field in the format file)
> 2. E = S1 op S2 (op: ||, &&)
> 3. E = E1 op E2 (op: ||, &&)
> 4. () can be used
>
> I don't the syntax will be changed, but we may extend it, like
> adding not ! operator. Like, for a func ptr, besides
> "func==0xccee4400", we may want to allow "func==foo". Those
> extentions are ok for the ABI, right?
Yeah - extensions (new operators, control structures, etc.) are fine
- incompatible changes are not. So as long as we stick to the C
syntax the ABI is: 'be a sub-set of C' - and that's easy to ensure
in the long run. Needs to be added prominently in form of comments,
etc.
It would also be useful for security engines: a filter attached to a
security probe point (or syscalls) would allow the runtime shaping
of security policy - to unprivileged user-space. If filters get
inherited by child tasks and if child tasks are not allowed to make
filters more permissive (i.e. if they can only add filters) that
would be an excellent tool for safe sandboxing like Google Chrome's
sandbox.
Btw., could we define the ABI in a way to allow not just expressions
in the future, but small C-syntax scripts too? I.e. in the long run
these filters could do dprobes alike safe scripting, injected by
unprivileged user-space and parsed/validated and executed in the
kernel.
It could also be useful for network filtering rules, etc. - and
everyone knows C syntax so it has an easy learning curve.
Do you see where i'm going? Filter expressions are a _very_ powerful
concept not just to tracing, and we want to spread it to more places
in the kernel. Perfcounters are a natural first hop - just lets keep
future options open too.
Ingo
next prev parent reply other threads:[~2009-09-08 6:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-07 8:11 [PATCH 0/6] perf trace: Add filter support Li Zefan
2009-09-07 8:12 ` [PATCH 1/6] tracing/filters: refactor subsystem filter code Li Zefan
2009-09-07 8:12 ` [PATCH 2/6] tracing/profile: Add filter support Li Zefan
2009-09-08 2:01 ` Frederic Weisbecker
2009-09-08 2:24 ` Frederic Weisbecker
2009-09-08 8:35 ` Peter Zijlstra
2009-09-08 12:33 ` Frederic Weisbecker
2009-09-07 8:13 ` [PATCH 3/6] tracing/syscalls: Add profile " Li Zefan
2009-09-07 8:13 ` [PATCH 4/6] perf_counter: Add PERF_COUNTER_IOC_SET_FILTER ioctl Li Zefan
2009-09-07 16:44 ` Peter Zijlstra
2009-09-07 16:48 ` Ingo Molnar
2009-09-07 16:55 ` Peter Zijlstra
2009-09-08 0:49 ` Li Zefan
2009-09-08 6:52 ` Ingo Molnar [this message]
2009-09-08 8:37 ` Peter Zijlstra
2009-09-08 7:01 ` Tom Zanussi
2009-09-09 2:18 ` Li Zefan
2009-09-10 4:45 ` Tom Zanussi
2009-09-10 23:01 ` Randy Dunlap
2009-09-11 4:08 ` Tom Zanussi
2009-09-07 8:13 ` [PATCH 5/6] perf trace: increase MAX_EVENT_LENGTH Li Zefan
2009-09-07 8:14 ` [PATCH 6/6] perf trace: Add filter support Li Zefan
2009-09-08 0:02 ` [PATCH 0/6] " Frederic Weisbecker
2009-09-08 1:06 ` Li Zefan
2009-09-08 2:12 ` Frederic Weisbecker
2009-09-08 6:53 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090908065227.GA6505@elte.hu \
--to=mingo@elte.hu \
--cc=fweisbec@gmail.com \
--cc=jbaron@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tzanussi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.