On Mon, Feb 24, 2025 at 08:22:50PM -0800, Ian Rogers wrote: > On Mon, Feb 24, 2025 at 7:20 PM Namhyung Kim <namhyung@xxxxxxxxxx> wrote: > > > > On Wed, Feb 19, 2025 at 10:56:49AM -0800, Ian Rogers wrote: > > > This work builds on the clean up of system call tables and removal of > > > libaudit by Charlie Jenkins <charlie@xxxxxxxxxxxx>. > > > > > > The system call table in perf trace is used to map system call numbers > > > to names and vice versa. Prior to these changes, a single table > > > matching the perf binary's build was present. The table would be > > > incorrect if tracing say a 32-bit binary from a 64-bit version of > > > perf, the names and numbers wouldn't match. > > > > > > Change the build so that a single system call file is built and the > > > potentially multiple tables are identifiable from the ELF machine type > > > of the process being examined. To determine the ELF machine type, the > > > executable's header is read from /proc/pid/exe with fallbacks to using > > > the perf's binary type when unknown. > > > > Hmm.. then this is limited to live mode and potentially detect wrong > > machine type if it reads an old data, right? > > > > Also IIUC fallback to the perf binary means it cannot use cross-machine > > table. For example, it cannot process data from ARM64 on x86, no? It > > seems it should use perf_env.arch. > > The perf env arch is kind of horrid. On x86 it has the value x86 and > then there is an extra 64bit flag, who knows how x32 should be encoded > - but we barely support x32 as-is. I'd rather we added a new feature > for the e_machine/e_flags of the executable and worked with those, but > it is kind of weird with doing system wide mode. I didn't want to drag > that into this patch series anyway as there is already enough here. Right, I don't know how to handle x32 properly. Maybe we can just ignore it for now. But anyway looking at /proc/PID for recorded data doesn't seem correct. Can you please add a flag to do that only from trace__run() and just use EM_HOST for trace__replay()? Later, we may need to add a misc flag or so to PERF_RECORD_FORK (and PERF_RECORD_COMM with MISC_COMM_EXEC) to indicate non-standard ABI for a new thread. But it's not clear how to make it arch-independent. > > > One more concern is BPF. The BPF should know about the ABI of the > > current process so that it can augment the syscall arguments correctly. > > Currently it only checks the syscall number but it can be different on > > 32-bit and 64-bit. > > That's right. This change is trying to clean up > tools/perf/util/syscalltbl.c and the perf trace usage. I didn't go as > far as making BPF programs pair system call number with e_machine and > e_flags, there is enough here and the behavior after these patches > matches the behavior before - that is to assume the system call ABI > matches that of the perf binary. Right, the next step would be adding a BPF kfunc to identify the current ABI. Thanks, Namhyung
