Re: probes that access userspace

Re: probes that access userspace

[Frank Ch. Eigler]

kevinrs wrote:

> Especially when considering syscall tapset there are times when it
> is useful to access the value referenced by a user space
> pointer. [...]

> Is dwarf able to provide enough information to accurately detect a
> user space pointer reference? [...]

No, there appears to be no such qualification data in the debuginfo at
all.  IIRC, the preprocessor makes __user go away before the compiler
ever sees it.

> [...]  If this is not possible, I think it would be useful to
> enhance the language such that a probe script could explicitly
> notify the translator of a user space pointer access [...]

Perhaps.  Other than the system call interfaces, is this difficulty
likely to arise often elsewhere?

> This will be especially beneficial for scripts probing user-space
> apps. Eventually, when SystemTap supports user-space probes, the
> translator will need to know how to follow pointers in user space.

Not quite.  For user-level probes, there is no ambiguity: every
pointer dereference is in user space.

- FChE

Re: probes that access userspace

[Kevin Stafford]

Frank Ch. Eigler wrote:

>>[...]  If this is not possible, I think it would be useful to
>>enhance the language such that a probe script could explicitly
>>notify the translator of a user space pointer access [...]
>>    
>>
>Perhaps.  Other than the system call interfaces, is this difficulty
>likely to arise often elsewhere?
>
>[...] For user-level probes, there is no ambiguity: every
>pointer dereference is in user space.
>  
>
Being that for user-level probes, every pointer dereference is in user 
space, I believe
it is certain that this difficulty will arise elsewhere.

-- 
Kevin Stafford
DES 2 | MS 2M3
Beaverton - OR
Linux Technology Center
IBM Systems & Technology
Phone: 1-503-578-3039
Email: kevinrs@us.ibm.com

Re: probes that access userspace

[Frank Ch. Eigler]

Hi -

On Fri, Oct 14, 2005 at 12:11:15PM -0700, Kevin Stafford wrote:
> >>[...]  If this is not possible, I think it would be useful to
> >>enhance the language such that a probe script could explicitly
> >>notify the translator of a user space pointer access [...]
> >>   
> >Perhaps.  Other than the system call interfaces, is this difficulty
> >likely to arise often elsewhere?
> >
> >[...] For user-level probes, there is no ambiguity: every
> >pointer dereference is in user space.
>
> Being that for user-level probes, every pointer dereference is in
> user space, I believe it is certain that this difficulty will arise
> elsewhere.

Perhaps I was being unclear.  The "difficulty" I was referring to was
the ambiguity in whether an ordinary or special dereference operation
is required for any given $var->field expression.  It is this
ambiguity that could be resolved by the user via a language extension,
and it is this ambiguity that does not exist for variables that show
up in user-level probes.


- FChE

Re: probes that access userspace

[Jim Keniston]

On Fri, 2005-10-14 at 09:23, Frank Ch. Eigler wrote:
> kevinrs wrote:
> 
> > Especially when considering syscall tapset there are times when it
> > is useful to access the value referenced by a user space
> > pointer. [...]
> 
> > Is dwarf able to provide enough information to accurately detect a
> > user space pointer reference? [...]
> 
> No, there appears to be no such qualification data in the debuginfo at
> all.  IIRC, the preprocessor makes __user go away before the compiler
> ever sees it.

That's my understanding as well.

> 
> > [...]  If this is not possible, I think it would be useful to
> > enhance the language such that a probe script could explicitly
> > notify the translator of a user space pointer access [...]
> 
> Perhaps.  Other than the system call interfaces, is this difficulty
> likely to arise often elsewhere?

Almost certainly.  According to cscope, there are over 8700 uses of
__user in the kernel source.  This should not be a surprise if you
consider that the whole point of an OS is to implement system calls.

> 
> > This will be especially beneficial for scripts probing user-space
> > apps. Eventually, when SystemTap supports user-space probes, the
> > translator will need to know how to follow pointers in user space.
> 
> Not quite.  For user-level probes, there is no ambiguity: every
> pointer dereference is in user space.

Correct, there's no ambiguity.  So you're not likely to need a "-> into
user-space" operator when probing user apps.  The trickier problem of
making safe refs to user space from (kernel-space) probe handlers
remains, though.

> 
> - FChE
> 

Jim

Re: probes that access userspace

[Roland McGrath]

> > No, there appears to be no such qualification data in the debuginfo at
> > all.  IIRC, the preprocessor makes __user go away before the compiler
> > ever sees it.
> 
> That's my understanding as well.

It's certainly possible to do a compiler extension to express __user in the
DWARF type info.  I've considered it, and can discuss it further with the
compiler folks.  That solution is a long-term prospect--it would be
unlikely to happen by GCC 4.1, and might never be backported to compilers
like RHEL4's.  

However, we've also gotten the opinion from at least one kernel developer
that relying on __user annotations is still insufficiently paranoid.  That
is, they might be missing from some kernel source, and so any time you
access a pointer you are taking your fate in your own hands since it might
be an unannotated user-mode pointer.  I'm not sure there is anything more
to be done about that concern than state the caveat.


Thanks,
Roland

Re: probes that access userspace

[Kevin Stafford]

[-- Attachment #1: Type: text/plain, Size: 150 bytes --]


-- 
Kevin Stafford
DES 2 | MS 2M3
Beaverton - OR
Linux Technology Center
IBM Systems & Technology
Phone: 1-503-578-3039
Email: kevinrs@us.ibm.com




[-- Attachment #2: Re: probes that access userspace --]
[-- Type: message/rfc822, Size: 1839 bytes --]

From: Kevin Stafford <kevinrs@us.ibm.com>
To: "Frank Ch. Eigler" <fche@redhat.com>
Subject: Re: probes that access userspace
Date: Fri, 14 Oct 2005 14:10:53 -0700
Message-ID: <43501EDD.2070003@us.ibm.com>

Frank Ch. Eigler wrote:

>Hi -
>
>[...]
>
>>Being that for user-level probes, every pointer dereference is in
>>user space, I believe it is certain that this difficulty will arise
>>elsewhere.
>>    
>>
>
>Perhaps I was being unclear.  The "difficulty" I was referring to was
>the ambiguity in whether an ordinary or special dereference operation
>is required for any given $var->field expression.
>
Understood. The "difficulty" I was referring to was the necessity to 
write embedded
C auxiliary functions to access user-space pointer arguments.

>[...]It is this ambiguity that could be resolved by the user via a 
>language extension, and it is this ambiguity that does not exist for 
>variables that show up in user-level probes.
>  
>
Agreed. A language extension would require the script writer to know 
where the
pointer was looking, thus eliminating any ambiguity or difficulty. Do we 
agree that
this would be a useful mechanism for user-level probes and the syscall 
tapset, among
possible others?

>- FChE
>
>  
>


-- 
Kevin Stafford
DES 2 | MS 2M3
Beaverton - OR
Linux Technology Center
IBM Systems & Technology
Phone: 1-503-578-3039
Email: kevinrs@us.ibm.com

probes that access userspace

[Kevin Stafford]

Especially when considering syscall tapset there are times when it is 
useful to access
the value referenced by a user space pointer. In probe script language, 
such an attempt
(i.e. $userspace_struct->member) will cause a pointer dereference fault. 
Thus it is
necessary to write a function to dig the value out of the pointer 
manually. Ex:

_get_user_ptr_val($userspace_struct,member) _get_user_ptr_val

function _get_user_ptr_val(u_addr,mem) %{
   [...]
   copy_from_user(..., THIS->u_addr, ...);
   [...]
%}

Is dwarf able to provide enough information to accurately detect a user 
space pointer
reference? If so, is it possible to teach the translator to bring 
references of user
space into the kernel automagically? Such a mechanism would relieve the 
user/tapset
author from writing an embedded C function for every pointer they wanted 
to look at.
The current implementation does not support such behavior.

If this is not possible, I think it would be useful to enhance the 
language such that
a probe script could explicitly notify the translator of a user space 
pointer access
(perhaps *var for scalars & *struct=>mem for structs). This will be 
especially
beneficial for scripts probing user-space apps. Eventually, when 
SystemTap supports
user-space probes, the translator will need to know how to follow 
pointers in user space.

-- 
Kevin Stafford
DES 2 | MS 2M3
Beaverton - OR
Linux Technology Center
IBM Systems & Technology
Phone: 1-503-578-3039
Email: kevinrs@us.ibm.com