tracing collisions

micromaomao · micromaomao · commit d07afd98c5a3 · 2025-11-30T20:35:38.000Z
Signed-off-by: Tingmao Wang &lt;m@maowtm.org&gt;
diff --git a/include/trace/events/landlock.h b/include/trace/events/landlock.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright © 2025 Microsoft Corporation
+ */
+
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM landlock
+
+#if !defined(_TRACE_LANDLOCK_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_LANDLOCK_H
+
+#include <linux/tracepoint.h>
+
+struct landlock_domain_index;
+
+TRACE_EVENT(
+	landlock_domain_hash_find,
+	TP_PROTO(
+		const struct landlock_domain_index* indices_arr,
+		u32 num_indices,
+		int hash_bits,
+		const struct landlock_domain_index* elem_to_find,
+		u32 collisions_followed
+	),
+
+	TP_ARGS(indices_arr, num_indices, hash_bits, elem_to_find, collisions_followed),
+	TP_STRUCT__entry(
+		__field(const struct landlock_domain_index *, indices_arr)
+		__field(u32, num_indices)
+		__field(u32, hash_bits)
+		__field(uintptr_t, key)
+		__field(u32, collisions_followed)
+	),
+
+	TP_fast_assign(
+		__entry->indices_arr = indices_arr;
+		__entry->num_indices = num_indices;
+		__entry->hash_bits = hash_bits;
+		__entry->key = *(uintptr_t *)elem_to_find;
+		__entry->collisions_followed = collisions_followed;
+	),
+
+	TP_printk(
+		"indices_arr=%p num_indices=%u hash_bits=%u, key=%lx collisions_followed=%u",
+		__entry->indices_arr,
+		__entry->num_indices,
+		__entry->hash_bits,
+		__entry->key,
+		__entry->collisions_followed
+	)
+);
+
+#endif /* _TRACE_LANDLOCK_H */
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/security/landlock/Makefile b/security/landlock/Makefile
@@ -1,7 +1,7 @@
 obj-$(CONFIG_SECURITY_LANDLOCK) := landlock.o
 
 landlock-y := setup.o syscalls.o object.o ruleset.o \
-	cred.o task.o fs.o domain.o
+	cred.o task.o fs.o domain.o trace.o
 
 landlock-$(CONFIG_INET) += net.o
 
diff --git a/security/landlock/coalesced_hash.h b/security/landlock/coalesced_hash.h
@@ -29,16 +29,18 @@ typedef void (*set_next_collision_t)(void *elem, h_index_t next_collision);
 typedef bool (*compare_element_t)(const void *key_elem, const void *found_elem);
 typedef bool (*element_is_empty_t)(const void *elem);
 
-static inline void *h_find(const void *table, h_index_t table_size,
-			   int hash_bits, size_t elem_size,
-			   const void *elem_to_find, hash_element_t hash_elem,
-			   get_next_collision_t get_next_collision,
-			   compare_element_t compare_elem,
-			   element_is_empty_t element_is_empty)
+static inline void *
+h_find(const void *table, h_index_t table_size, int hash_bits, size_t elem_size,
+       const void *elem_to_find, h_index_t *nb_collisions_followed,
+       hash_element_t hash_elem, get_next_collision_t get_next_collision,
+       compare_element_t compare_elem, element_is_empty_t element_is_empty)
 {
 	h_index_t curr_index, next_collision;
 	const void *curr_elem;
 
+	if (nb_collisions_followed)
+		*nb_collisions_followed = 0;
+
 	if (unlikely(table_size == 0))
 		return NULL;
 
@@ -54,6 +56,8 @@ static inline void *h_find(const void *table, h_index_t table_size,
 	next_collision = get_next_collision(curr_elem);
 	while (next_collision != curr_index) {
 		curr_index = next_collision;
+		if (nb_collisions_followed)
+			(*nb_collisions_followed)++;
 		curr_elem = table + curr_index * elem_size;
 		if (compare_elem(elem_to_find, curr_elem))
 			return (void *)curr_elem;
@@ -332,61 +336,74 @@ static inline void h_insert(struct h_insert_scratch *scratch, const void *elem,
  * empty (i.e. not used).  Empty elements are not returned by find.  If
  * the zero value of @elem_type is not "empty", the caller must set all
  * the slots to empty before using the table.
+ * @trace_find: A function that traces the number of collisions
+ * followed during a find operation, given paramemters:
+ *   const @elem_type *table,
+ *   h_index_t table_size,
+ *   int hash_bits,
+ *   const @elem_type *elem_to_find,
+ *   h_index_t *collisions_followed.
  */
-#define DEFINE_COALESCED_HASH_TABLE(elem_type, table_func_prefix, key_member,  \
-				    next_collision_member, hash_expr,          \
-				    is_empty_expr)                             \
-	static inline h_index_t table_func_prefix##_hash_elem(                 \
-		const void *_elem, h_index_t table_size, int hash_bits)        \
-	{                                                                      \
-		const elem_type *elem = _elem;                                 \
-		return hash_expr;                                              \
-	}                                                                      \
-	static inline h_index_t table_func_prefix##_get_next_collision(        \
-		const void *elem)                                              \
-	{                                                                      \
-		return ((const elem_type *)elem)->next_collision_member;       \
-	}                                                                      \
-	static inline void table_func_prefix##_set_next_collision(             \
-		void *elem, h_index_t next_collision)                          \
-	{                                                                      \
-		((elem_type *)elem)->next_collision_member = next_collision;   \
-	}                                                                      \
-	static inline bool table_func_prefix##_compare_elem(                   \
-		const void *key_elem, const void *found_elem)                  \
-	{                                                                      \
-		const elem_type *key = key_elem;                               \
-		const elem_type *found = found_elem;                           \
-		return key->key_member.data == found->key_member.data;         \
-	}                                                                      \
-	static inline bool table_func_prefix##_element_is_empty(               \
-		const void *_elem)                                             \
-	{                                                                      \
-		const elem_type *elem = _elem;                                 \
-		return is_empty_expr;                                          \
-	}                                                                      \
-	static inline const elem_type *table_func_prefix##_find(               \
-		const elem_type *table, h_index_t table_size, int hash_bits,   \
-		const elem_type *elem_to_find)                                 \
-	{                                                                      \
-		return h_find(table, table_size, hash_bits, sizeof(elem_type), \
-			      elem_to_find, table_func_prefix##_hash_elem,     \
-			      table_func_prefix##_get_next_collision,          \
-			      table_func_prefix##_compare_elem,                \
-			      table_func_prefix##_element_is_empty);           \
-	}                                                                      \
-	static inline void table_func_prefix##_initialize(                     \
-		elem_type *table, h_index_t table_size)                        \
-	{                                                                      \
-		h_initialize(table, table_size, sizeof(elem_type),             \
-			     table_func_prefix##_set_next_collision,           \
-			     table_func_prefix##_element_is_empty);            \
-	}                                                                      \
-	static inline void table_func_prefix##_insert(                         \
-		struct h_insert_scratch *scratch, const elem_type *elem)       \
-	{                                                                      \
-		h_insert(scratch, elem, table_func_prefix##_hash_elem,         \
-			 table_func_prefix##_get_next_collision,               \
-			 table_func_prefix##_set_next_collision,               \
-			 table_func_prefix##_element_is_empty);                \
+#define DEFINE_COALESCED_HASH_TABLE(elem_type, table_func_prefix, key_member, \
+				    next_collision_member, hash_expr,         \
+				    is_empty_expr, trace_find)                \
+	static inline h_index_t table_func_prefix##_hash_elem(                \
+		const void *_elem, h_index_t table_size, int hash_bits)       \
+	{                                                                     \
+		const elem_type *elem = _elem;                                \
+		return hash_expr;                                             \
+	}                                                                     \
+	static inline h_index_t table_func_prefix##_get_next_collision(       \
+		const void *elem)                                             \
+	{                                                                     \
+		return ((const elem_type *)elem)->next_collision_member;      \
+	}                                                                     \
+	static inline void table_func_prefix##_set_next_collision(            \
+		void *elem, h_index_t next_collision)                         \
+	{                                                                     \
+		((elem_type *)elem)->next_collision_member = next_collision;  \
+	}                                                                     \
+	static inline bool table_func_prefix##_compare_elem(                  \
+		const void *key_elem, const void *found_elem)                 \
+	{                                                                     \
+		const elem_type *key = key_elem;                              \
+		const elem_type *found = found_elem;                          \
+		return key->key_member.data == found->key_member.data;        \
+	}                                                                     \
+	static inline bool table_func_prefix##_element_is_empty(              \
+		const void *_elem)                                            \
+	{                                                                     \
+		const elem_type *elem = _elem;                                \
+		return is_empty_expr;                                         \
+	}                                                                     \
+	static inline const elem_type *table_func_prefix##_find(              \
+		const elem_type *table, h_index_t table_size, int hash_bits,  \
+		const elem_type *elem_to_find)                                \
+	{                                                                     \
+		h_index_t collisions_followed;                                \
+		const elem_type *result = h_find(                             \
+			table, table_size, hash_bits, sizeof(elem_type),      \
+			elem_to_find, &collisions_followed,                   \
+			table_func_prefix##_hash_elem,                        \
+			table_func_prefix##_get_next_collision,               \
+			table_func_prefix##_compare_elem,                     \
+			table_func_prefix##_element_is_empty);                \
+		trace_find(table, table_size, hash_bits, elem_to_find,        \
+			   collisions_followed);                              \
+		return result;                                                \
+	}                                                                     \
+	static inline void table_func_prefix##_initialize(                    \
+		elem_type *table, h_index_t table_size)                       \
+	{                                                                     \
+		h_initialize(table, table_size, sizeof(elem_type),            \
+			     table_func_prefix##_set_next_collision,          \
+			     table_func_prefix##_element_is_empty);           \
+	}                                                                     \
+	static inline void table_func_prefix##_insert(                        \
+		struct h_insert_scratch *scratch, const elem_type *elem)      \
+	{                                                                     \
+		h_insert(scratch, elem, table_func_prefix##_hash_elem,        \
+			 table_func_prefix##_get_next_collision,              \
+			 table_func_prefix##_set_next_collision,              \
+			 table_func_prefix##_element_is_empty);               \
 	}
diff --git a/security/landlock/domain.h b/security/landlock/domain.h
@@ -18,6 +18,7 @@
 #include <linux/refcount.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
+#include <trace/events/landlock.h>
 
 #include "access.h"
 #include "ruleset.h"
@@ -198,7 +199,8 @@ static inline int get_hash_bits(const u32 table_size)
 DEFINE_COALESCED_HASH_TABLE(struct landlock_domain_index, dom_hash, key,
 			    next_collision,
 			    dom_index_hash_func(elem, table_size, hash_bits),
-			    dom_index_is_empty(elem))
+			    dom_index_is_empty(elem),
+			    trace_landlock_domain_hash_find)
 
 struct landlock_domain *
 landlock_alloc_domain(const struct landlock_domain *sizes);
diff --git a/security/landlock/trace.c b/security/landlock/trace.c
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Landlock - Tracepoints
+ *
+ * Copyright © 2025 Microsoft Corporation
+ * Copyright © 2025 Tingmao Wang <m@maowtm.org>
+ */
+
+#define CREATE_TRACE_POINTS
+#include <trace/events/landlock.h>
