perf tool with grsec

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

perf tool with grsec

Postby voron » Mon Nov 16, 2015 3:34 am

Hello,

I'm trying to use kernel tool perf with grsec patch. It seems statring from kernels with tracefs it is broken
Code: Select all
mail perf # ./perf test
 1: vmlinux symtab matches kallsyms                          : FAILED!
 2: detect openat syscall event                              : FAILED!
 3: detect openat syscall event on all cpus                  : FAILED!
 4: read samples using the mmap interface                    : FAILED!
 5: parse events tests                                       :Can't open event dir: No such file or directory
Can't open event dir: No such file or directory
  Warning: [cfg80211:cfg80211_rx_unprot_mlme_mgmt] function __le16_to_cpup not defined
  Warning: [cfg80211:cfg80211_rx_mlme_mgmt] function __le16_to_cpup not defined
  Warning: [cfg80211:cfg80211_tx_mlme_mgmt] function __le16_to_cpup not defined
  Warning: [ras:mc_event] function mc_event_error_type not defined
  Warning: [libata:ata_qc_complete_internal] function libata_trace_parse_qc_flags not defined
  Warning: [libata:ata_qc_complete_failed] function libata_trace_parse_qc_flags not defined
  Warning: [libata:ata_qc_complete_done] function libata_trace_parse_qc_flags not defined
  Warning: [libata:ata_eh_link_autopsy] function libata_trace_parse_eh_action not defined
  Warning: [libata:ata_eh_link_autopsy_qc] function libata_trace_parse_qc_flags not defined
  Warning: [scsi:scsi_dispatch_cmd_start] function scsi_trace_parse_cdb not defined
  Warning: [scsi:scsi_dispatch_cmd_error] function scsi_trace_parse_cdb not defined
  Warning: [scsi:scsi_dispatch_cmd_done] function scsi_trace_parse_cdb not defined
  Warning: [scsi:scsi_dispatch_cmd_timeout] function scsi_trace_parse_cdb not defined
  Warning: [jbd2:jbd2_run_stats] function jiffies_to_msecs not defined
  Warning: [jbd2:jbd2_checkpoint_stats] function jiffies_to_msecs not defined
  Warning: Error: expected type 5 but read 4
  Warning: Error: expected type 5 but read 4
  Warning: [timer:hrtimer_start] unknown op '{'
  Warning: [timer:hrtimer_expire_entry] unknown op '{'
 FAILED!
 6: x86 rdpmc test                                           : Ok
 7: Validate PERF_RECORD_* events & perf_sample fields       : Ok
 8: Test perf pmu format parsing                             : Ok
 9: Test dso data read                                       : Ok
10: Test dso data cache                                      : Ok
11: Test dso data reopen                                     : Ok
12: roundtrip evsel->name check                              : Ok
13: Check parsing of sched tracepoints fields                : Ok
14: Generate and check syscalls:sys_enter_openat event fields: FAILED!
15: struct perf_event_attr setup                             : Ok
16: Test matching and linking multiple hists                 : Ok
17: Try 'import perf' in python, checking link problems      : Ok
18: Test breakpoint overflow signal handler                  : Ok
19: Test breakpoint overflow sampling                        : Ok
20: Test number of exit event of a simple workload           : Ok
21: Test software clock events have valid period values      : Ok
22: Test converting perf time to TSC                         : (not supported) Ok
23: Test object code reading                                 : FAILED!
24: Test sample parsing                                      : Ok
25: Test using a dummy software event to keep tracking       : Ok
26: Test parsing with no sample_id_all bit set               : Ok
27: Test dwarf unwind                                        : Ok
28: Test filtering hist entries                              : Ok
29: Test mmap thread lookup                                  : Ok
30: Test thread mg sharing                                   : Ok
31: Test output sorting of hist entries                      : Ok
32: Test cumulation of child hist entries                    : Ok
33: Test tracking with sched_switch                          : Ok
34: Filter fds with revents mask in a fdarray                : Ok
35: Add fd to a fdarray, making it autogrow                  : Ok
36: Test kmod_path__parse function                           : Ok
37: Test thread map                                          : Ok
mail perf #
mail perf # uname -r
4.2.5-grsec
mail perf # gradm -S
The RBAC system is currently disabled.
mail perf #./perf top
perf: Segmentation fault                                                                                                                                                                                                                                                       
-------- backtrace --------
./perf[0x5095eb]
/lib64/libc.so.6(+0x35330)[0x3941fa5d330]
./perf[0x436000]
./perf(cmd_top+0xdfd)[0x437e3d]
./perf[0x46eb65]
./perf(main+0x610)[0x41d090]
/lib64/libc.so.6(__libc_start_main+0xf6)[0x3941fa49aa6]
./perf[0x41d1a9]

My grsec-kernel config
Code: Select all
mail perf # zgrep -i GRKERN /proc/config.gz
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
CONFIG_GRKERNSEC_CONFIG_CUSTOM=y
CONFIG_GRKERNSEC_PROC_GID=1001
# CONFIG_GRKERNSEC_KMEM is not set
CONFIG_GRKERNSEC_IO=y
# CONFIG_GRKERNSEC_BPF_HARDEN is not set
CONFIG_GRKERNSEC_PERF_HARDEN=y
CONFIG_GRKERNSEC_RAND_THREADSTACK=y
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
CONFIG_GRKERNSEC_KSTACKOVERFLOW=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODHARDEN=y
CONFIG_GRKERNSEC_HIDESYM=y
# CONFIG_GRKERNSEC_RANDSTRUCT is not set
CONFIG_GRKERNSEC_KERN_LOCKOUT=y
# CONFIG_GRKERNSEC_NO_RBAC is not set
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
# CONFIG_GRKERNSEC_SYMLINKOWN is not set
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_SYSFS_RESTRICT=y
# CONFIG_GRKERNSEC_ROFS is not set
CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_RENAME=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_CHROOT_INITRD is not set
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_SIGNAL is not set
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_HARDEN_PTRACE=y
CONFIG_GRKERNSEC_PTRACE_READEXEC=y
# CONFIG_GRKERNSEC_SETXID is not set
CONFIG_GRKERNSEC_HARDEN_IPC=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=1004
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1003
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1002
CONFIG_GRKERNSEC_DENYUSB=y
# CONFIG_GRKERNSEC_DENYUSB_FORCE is not set
# CONFIG_GRKERNSEC_SYSCTL is not set
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
mail perf #

On next 4.2.6 kernel with same config but without grsec perf works fine
Code: Select all
mail ~ # perf test
 1: vmlinux symtab matches kallsyms                          : FAILED!
 2: detect openat syscall event                              : Ok
 3: detect openat syscall event on all cpus                  : Ok
 4: read samples using the mmap interface                    : Ok
 5: parse events tests                                       :  Warning: [cfg80211:cfg80211_rx_unprot_mlme_mgmt] function __le16_to_cpup not defined
  Warning: [cfg80211:cfg80211_rx_mlme_mgmt] function __le16_to_cpup not defined
  Warning: [cfg80211:cfg80211_tx_mlme_mgmt] function __le16_to_cpup not defined
  Warning: [ras:mc_event] function mc_event_error_type not defined
  Warning: [libata:ata_qc_complete_internal] function libata_trace_parse_qc_flags not defined
  Warning: [libata:ata_qc_complete_failed] function libata_trace_parse_qc_flags not defined
  Warning: [libata:ata_qc_complete_done] function libata_trace_parse_qc_flags not defined
  Warning: [libata:ata_eh_link_autopsy] function libata_trace_parse_eh_action not defined
  Warning: [libata:ata_eh_link_autopsy_qc] function libata_trace_parse_qc_flags not defined
  Warning: [scsi:scsi_dispatch_cmd_start] function scsi_trace_parse_cdb not defined
  Warning: [scsi:scsi_dispatch_cmd_error] function scsi_trace_parse_cdb not defined
  Warning: [scsi:scsi_dispatch_cmd_done] function scsi_trace_parse_cdb not defined
  Warning: [scsi:scsi_dispatch_cmd_timeout] function scsi_trace_parse_cdb not defined
  Warning: [jbd2:jbd2_run_stats] function jiffies_to_msecs not defined
  Warning: [jbd2:jbd2_checkpoint_stats] function jiffies_to_msecs not defined
  Warning: [timer:hrtimer_start] unknown op '{'
  Warning: [timer:hrtimer_expire_entry] unknown op '{'
 Ok
 6: x86 rdpmc test                                           : Ok
 7: Validate PERF_RECORD_* events & perf_sample fields       : Ok
 8: Test perf pmu format parsing                             : Ok
 9: Test dso data read                                       : Ok
10: Test dso data cache                                      : Ok
11: Test dso data reopen                                     : Ok
12: roundtrip evsel->name check                              : Ok
13: Check parsing of sched tracepoints fields                : Ok
14: Generate and check syscalls:sys_enter_openat event fields: Ok
15: struct perf_event_attr setup                             : (omitted) Ok
16: Test matching and linking multiple hists                 : Ok
17: Try 'import perf' in python, checking link problems      : FAILED!
18: Test breakpoint overflow signal handler                  : Ok
19: Test breakpoint overflow sampling                        : Ok
20: Test number of exit event of a simple workload           : Ok
21: Test software clock events have valid period values      : Ok
22: Test converting perf time to TSC                         : (not supported) Ok
23: Test object code reading                                 : FAILED!
24: Test sample parsing                                      : Ok
25: Test using a dummy software event to keep tracking       : Ok
26: Test parsing with no sample_id_all bit set               : Ok
27: Test dwarf unwind                                        : Ok
28: Test filtering hist entries                              : Ok
29: Test mmap thread lookup                                  : Ok
30: Test thread mg sharing                                   : Ok
31: Test output sorting of hist entries                      : Ok
32: Test cumulation of child hist entries                    : Ok
33: Test tracking with sched_switch                          : Ok
34: Filter fds with revents mask in a fdarray                : Ok
35: Add fd to a fdarray, making it autogrow                  : Ok
36: Test kmod_path__parse function                           : Ok
37: Test thread map                                          : Ok
mail ~ # uname -r
4.2.6


I'm executing perf only from root and do not need non-privileged usage. Is it possible to use such powerful profiling tool with fresh kernels and grsec ?
voron
 
Posts: 22
Joined: Mon May 29, 2006 8:54 am

Return to grsecurity support