From: Ingo Molnar <mingo@kernel.org>
To: Pawel Moll <pawel.moll@arm.com>
Cc: Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Richard Cochran <richardcochran@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Peter Zijlstra <peterz@infradead.org>,
Paul Mackerras <paulus@samba.org>,
John Stultz <john.stultz@linaro.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>
Subject: Re: [PATCH 2/2] perf: Userspace software event and ioctl
Date: Fri, 26 Sep 2014 13:23:12 +0200 [thread overview]
Message-ID: <20140926112312.GB9870@gmail.com> (raw)
In-Reply-To: <1411728487.3852.9.camel@hornet>
* Pawel Moll <pawel.moll@arm.com> wrote:
> On Thu, 2014-09-25 at 19:33 +0100, Ingo Molnar wrote:
> > > How would we select tasks that can write to a given buffer? Maybe an
> > > ioctl() on a perf fd? Something like this?
> > >
> > > ioctl(perf_fd, PERF_EVENT_IOC_ENABLE_UEVENT, pid);
> > > ioctl(perf_fd, PERF_EVENT_IOC_DISABLE_UEVENT, pid);
> >
> > No, I think there's a simpler way: this should be a regular
> > perf_attr flag, which defaults to '0' (tasks cannot do this),
> > but which can be set to 1 if the profiler explicitly allows
> > such event injection.
>
> As in: allows *all* tasks to inject the data? Are you sure we
> don't want more fine-grained control, in particular per task?
Yeah. If the profiler allows it, then any task that is being
traced can inject data.
More finegrained control might be useful if there's a
justification for it, but only if this basic, most useful model
is implemented. Too finegrained control will just make it
unusable. So please keep it simple and useful.
> If we have two buffers, both created with the "injecting
> allowed" flag, do we inject a given uevent into both of them?
Yes, and that semantics is desired: if I run two globally tracing
apps, independent of each other, both ought to get the events if
they ask for them.
> > I.e. whether user-events are allowed is controlled by the
> > profiling/tracing context, via the regular perf syscall. It
> > would propagate into the perf context, so it would be easy to
> > check at event generation time.
>
> It would definitely be the profiling/tracing tools that would
> decide if the injection is allowed, no question about that. I
> just feel that it should be able to select the tasks that can
> do that, not just flip a big switch saying "everyone is
> welcome". [...]
But that's the point: our main problem right now is too little
data (not enough apps generating interesting events), not too
much data.
So lets concentrate on the task of getting events to us as easily
as possible first. If in the far future we are overwhelmed with
events, and tools want to do some filtering on them, by all means
we can implement it - but don't impose it straight away.
> [...] Other question is: should a non-root context be able to
> receive events from root processes? Wouldn't it be a security
> hole (for example, it could be used as a kind of covert
> channel)? Maybe we should do what ptrace does? As in: if a task
> can ptrace another task, it can also receive uevents from it.
So, by default a non-root context will not be able to
profile/trace a root owned task already, it cannot generate per
CPU events for example. So this already handled at event/buffer
creation time. Plus if a task gains privilege (via suid exec)
then we already zap its perf context IIRC.
Should be double checked, but the important part is to make it to
willing tracing apps as easy as possible. Lets worry about the
'too much data' case later, otherwise we _guarantee_ that this
interface won't take off and apps, tools and people won't use it,
ok?
Thanks,
Ingo
next prev parent reply other threads:[~2014-09-26 11:23 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-18 14:34 [PATCH 0/2] perf: User/kernel time correlation and event generation Pawel Moll
2014-09-18 14:34 ` [PATCH 1/2] perf: Add sampling of the raw monotonic clock Pawel Moll
2014-09-29 15:28 ` Peter Zijlstra
2014-09-29 15:45 ` Pawel Moll
2014-09-18 14:34 ` [PATCH 2/2] perf: Userspace software event and ioctl Pawel Moll
2014-09-23 17:02 ` Pawel Moll
2014-09-24 7:49 ` Ingo Molnar
2014-09-25 17:20 ` Pawel Moll
2014-09-25 18:33 ` Ingo Molnar
2014-09-26 10:48 ` Pawel Moll
2014-09-26 11:23 ` Ingo Molnar [this message]
2014-09-26 11:26 ` Pawel Moll
2014-09-26 11:31 ` Ingo Molnar
2014-09-27 17:14 ` Frederic Weisbecker
2014-09-29 14:52 ` Pawel Moll
2014-09-29 15:32 ` Peter Zijlstra
2014-09-29 15:53 ` Pawel Moll
2014-11-03 14:48 ` Tomeu Vizoso
2014-11-03 15:04 ` Pawel Moll
2014-09-18 15:02 ` [PATCH 0/2] perf: User/kernel time correlation and event generation Christopher Covington
2014-09-18 15:07 ` Pawel Moll
2014-09-18 15:48 ` Christopher Covington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140926112312.GB9870@gmail.com \
--to=mingo@kernel.org \
--cc=acme@kernel.org \
--cc=john.stultz@linaro.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=paulus@samba.org \
--cc=pawel.moll@arm.com \
--cc=peterz@infradead.org \
--cc=richardcochran@gmail.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox