From: Beau Belgrave <beaub@linux.microsoft.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-trace-devel@vger.kernel.org
Subject: Re: [RFC PATCH] udiag - User mode to trace_event (ftrace, perf, eBPF) ABI
Date: Tue, 3 Aug 2021 15:52:00 -0700 [thread overview]
Message-ID: <20210803225200.GA2792@kbox> (raw)
In-Reply-To: <20210803171743.36115d4c@oasis.local.home>
On Tue, Aug 03, 2021 at 05:17:43PM -0400, Steven Rostedt wrote:
>
> Hi Beau,
>
> BTW, feel free to Cc LKML too (linux-kernel@vger.kernel.org)
>
>
> On Tue, 27 Jul 2021 12:35:35 -0700
> Beau Belgrave <beaub@linux.microsoft.com> wrote:
>
> > User mode processes that require emitting diagnostic data are currently
> > limited to using uprobes to get data into trace_events. The udiag ABI
> > offers a way for user mode processes to write diagnostic data to
> > trace_events much faster than the uprobe die chain handler.
> >
> > In addition a shared page is exposed out to registered user processes
> > that is used to enable single branch checking for if the trace_event is
> > being traced. This allows equivalent overhead as a uprobe site when
> > tracing is not enabled.
> >
> > User processes register a trace_event to use via a device exposed at
> > /dev/udiag. System owners can write udev rules to decide the security
> > boundary. udiag is limited to only a page size worth of trace_events
> > that are isolated and put under the udiag subsystem. User processes
> > write events out via /dev/udiag. This allows for many languages and
> > processes to contribute the same events regardless of where in the code
> > the event was generated. This allows common code to be shared and
> > centrally processed on the machine within a eBPF program regardless how
> > the code has evolved as long as the data within the event follows the
> > same data format as before.
> >
> > An example of this is common error conditions that can happen across a
> > suite of processes. A single eBPF program can watch for the single event
> > across all processes, regardless of binary location or language used to
> > create the process. Once problems are found, additional eBPF programs
> > can be launched to impose further tracing, run mitigations, etc.
> >
> > Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
> >
>
> Can you provide user space code that would show a use case of this
> implementation. Understanding exactly what is expected on the user side
> will help tremendously with understanding the kernel side.
>
> Thanks,
>
> -- Steve
Sure thing, and thanks for the reply! I appreciate it.
For clarity, would you like a resend with the user mode code in the
description or would you like an in-thread example?
Thanks,
-Beau
next prev parent reply other threads:[~2021-08-03 22:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-27 19:35 [RFC PATCH] udiag - User mode to trace_event (ftrace, perf, eBPF) ABI Beau Belgrave
2021-08-03 21:17 ` Steven Rostedt
2021-08-03 22:52 ` Beau Belgrave [this message]
2021-08-04 0:17 ` Steven Rostedt
2021-08-04 16:37 ` Beau Belgrave
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210803225200.GA2792@kbox \
--to=beaub@linux.microsoft.com \
--cc=linux-trace-devel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.