lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150430145834.GA5694@naverao1-tp.in.ibm.com>
Date:	Thu, 30 Apr 2015 20:28:34 +0530
From:	"Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
To:	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
Cc:	acme@...nel.org, linux-kernel@...r.kernel.org,
	srikar@...ux.vnet.ibm.com
Subject: Re: [PATCH] perf probe: Ignore tail calls to probed functions

[CC'ing Srikar]

On 2015/04/30 10:06PM, Masami Hiramatsu wrote:
> On 2015/04/30 20:42, Naveen N. Rao wrote:
> > perf probe currently errors out if there are any tail calls to probed
> > functions:
> > 
> > [root@...l71be]# perf probe do_fork
> > Failed to find probe point in any functions.
> >   Error: Failed to add events.
> > 
> > Fix this by teaching perf to ignore tail calls.
> 
> Hmm, why just ignore it, can't we use it?
> Also, could you show us how the result will be changed with this?

Without patch:

[root@...l71be perf]# ./perf probe -v do_fork
probe-definition(0): do_fork symbol:do_fork file:(null) line:0 offset:0 
return:0 lazy:(null)
0 arguments
Looking at the vmlinux_path (7 entries long)
symsrc__init: build id mismatch for /boot/vmlinux.
Using /usr/lib/debug/lib/modules/3.10.0-201.el7.ppc64/vmlinux for 
symbols
Open Debuginfo file: 
/usr/lib/debug/lib/modules/3.10.0-201.el7.ppc64/vmlinux
Try to find probe point from debuginfo.
found inline addr: 0xc0000000000bb9b0
Probe point found: do_fork+0
found inline addr: 0xc0000000000bbe20
Probe point found: kernel_thread+48
found inline addr: 0xc0000000000bbe5c
Probe point found: sys_fork+28
found inline addr: 0xc0000000000bbfac
Probe point found: sys_vfork+44
found inline addr: 0xc0000000000bc27c
Failed to find probe point in any functions.
An error occurred in debuginfo analysis (-2).
  Error: Failed to add events. Reason: No such file or directory (Code: 
  -2)

With patch:

[root@...l71be perf]# ./perf probe -v do_fork
probe-definition(0): do_fork symbol:do_fork file:(null) line:0 offset:0 
return:0 lazy:(null)
0 arguments
Looking at the vmlinux_path (7 entries long)
symsrc__init: build id mismatch for /boot/vmlinux.
Using /usr/lib/debug/lib/modules/3.10.0-201.el7.ppc64/vmlinux for 
symbols
Open Debuginfo file: 
/usr/lib/debug/lib/modules/3.10.0-201.el7.ppc64/vmlinux
Try to find probe point from debuginfo.
found inline addr: 0xc0000000000bb9b0
Probe point found: do_fork+0
found inline addr: 0xc0000000000bbe20
Probe point found: kernel_thread+48
found inline addr: 0xc0000000000bbe5c
Probe point found: sys_fork+28
found inline addr: 0xc0000000000bbfac
Probe point found: sys_vfork+44
found inline addr: 0xc0000000000bc27c
Ignoring tail call from SyS_clone
Found 4 probe_trace_events.
Opening /sys/kernel/debug/tracing/kprobe_events write=1
No kprobe blacklist support, ignored
Added new events:
Writing event: p:probe/do_fork _text+768432
Failed to write event: Invalid argument
  Error: Failed to add events. Reason: Invalid argument (Code: -22)

[Ignore the error about failure to write event - this kernel is missing 
a patch to resolve _text properly]

The reason to ignore tail calls is that the address does not belong to 
any function frame. In the example above, the address in SyS_clone is 
0xc0000000000bc27c, but looking at the debug-info:

 <1><830081>: Abbrev Number: 133 (DW_TAG_subprogram)
    <830083>   DW_AT_external    : 1	
    <830083>   DW_AT_name        : (indirect string, offset: 0x3cea3): SyS_clone	
    <830087>   DW_AT_decl_file   : 7	
    <830088>   DW_AT_decl_line   : 1689	
    <83008a>   DW_AT_prototyped  : 1	
    <83008a>   DW_AT_type        : <0x8110eb>	
    <83008e>   DW_AT_low_pc      : 0xc0000000000bc270	
    <830096>   DW_AT_high_pc     : 0xc	
    <83009e>   DW_AT_frame_base  : 1 byte block: 9c 	(DW_OP_call_frame_cfa)
    <8300a0>   DW_AT_GNU_all_call_sites: 1	
    <8300a0>   DW_AT_sibling     : <0x830178>	
<snip>
 <3><830147>: Abbrev Number: 125 (DW_TAG_GNU_call_site)
    <830148>   DW_AT_low_pc      : 0xc0000000000bc27c	
    <830150>   DW_AT_GNU_tail_call: 1	
    <830150>   DW_AT_abstract_origin: <0x82e7e1>

The frame ends at 0xc0000000000bc27c. I suppose this is why this 
particular call is a "tail" call. FWIW, systemtap seems to ignore these 
as well and requires users to explicitly place probes at these call 
sites if necessary. I print out the caller so that users know.

> 
> Thank you,

Thanks for the review!
- Naveen

> 
> > 
> > Signed-off-by: Naveen N. Rao <naveen.n.rao@...ux.vnet.ibm.com>
> > ---
> > I'm seeing this with RHEL7 kernels on ppc64. The specific example in this case is do_fork:
> > 
> >    <1><82e7e1>: Abbrev Number: 118 (DW_TAG_subprogram)
> >       <82e7e2>   DW_AT_external    : 1
> >       <82e7e2>   DW_AT_name        : (indirect string, offset: 0x3dfe0): do_fork
> >       <82e7e6>   DW_AT_decl_file   : 7
> >       <82e7e7>   DW_AT_decl_line   : 1583
> >       <82e7e9>   DW_AT_prototyped  : 1
> >       <82e7e9>   DW_AT_type        : <0x8110eb>
> >       <82e7ed>   DW_AT_inline      : 1    (inlined)
> >       <82e7ee>   DW_AT_sibling     : <0x82e878>
> > 
> > <snip>
> > 
> >    <1><830081>: Abbrev Number: 133 (DW_TAG_subprogram)
> >       <830083>   DW_AT_external    : 1
> >       <830083>   DW_AT_name        : (indirect string, offset: 0x3cea3): SyS_clone
> >       <830087>   DW_AT_decl_file   : 7
> >       <830088>   DW_AT_decl_line   : 1689
> >       <83008a>   DW_AT_prototyped  : 1
> >       <83008a>   DW_AT_type        : <0x8110eb>
> >       <83008e>   DW_AT_low_pc      : 0xc0000000000bc270
> >       <830096>   DW_AT_high_pc     : 0xc
> >       <83009e>   DW_AT_frame_base  : 1 byte block: 9c (DW_OP_call_frame_cfa)
> >       <8300a0>   DW_AT_GNU_all_call_sites: 1
> >       <8300a0>   DW_AT_sibling     : <0x830178>
> > 
> > <snip>
> > 
> >    <3><830147>: Abbrev Number: 125 (DW_TAG_GNU_call_site)
> >       <830148>   DW_AT_low_pc      : 0xc0000000000bc27c
> >       <830150>   DW_AT_GNU_tail_call: 1
> >       <830150>   DW_AT_abstract_origin: <0x82e7e1>
> > 
> > 
> > - Naveen
> > 
> >  tools/perf/util/dwarf-aux.c    | 37 +++++++++++++++++++++++++++++++++++++
> >  tools/perf/util/dwarf-aux.h    |  4 ++++
> >  tools/perf/util/probe-finder.c | 12 +++++++++---
> >  3 files changed, 50 insertions(+), 3 deletions(-)
> > 
> > diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
> > index c34e024..851a76f 100644
> > --- a/tools/perf/util/dwarf-aux.c
> > +++ b/tools/perf/util/dwarf-aux.c
> > @@ -417,6 +417,43 @@ struct __addr_die_search_param {
> >  	Dwarf_Die	*die_mem;
> >  };
> >  
> > +static int __die_search_func_tail_cb(Dwarf_Die *fn_die, void *data)
> > +{
> > +	struct __addr_die_search_param *ad = data;
> > +	Dwarf_Addr addr = 0;
> > +
> > +	if (dwarf_tag(fn_die) == DW_TAG_subprogram &&
> > +	    !dwarf_highpc(fn_die, &addr) &&
> > +	    addr == ad->addr) {
> > +		memcpy(ad->die_mem, fn_die, sizeof(Dwarf_Die));
> > +		return DWARF_CB_ABORT;
> > +	}
> > +	return DWARF_CB_OK;
> > +}
> > +
> > +/**
> > + * die_find_tailfunc - Search for a non-inlined function with tail call at
> > + * given address
> > + * @cu_die: a CU DIE which including @addr
> > + * @addr: target address
> > + * @die_mem: a buffer for result DIE
> > + *
> > + * Search for a non-inlined function DIE with tail call at @addr. Stores the
> > + * DIE to @die_mem and returns it if found. Returns NULL if failed.
> > + */
> > +Dwarf_Die *die_find_tailfunc(Dwarf_Die *cu_die, Dwarf_Addr addr,
> > +				    Dwarf_Die *die_mem)
> > +{
> > +	struct __addr_die_search_param ad;
> > +	ad.addr = addr;
> > +	ad.die_mem = die_mem;
> > +	/* dwarf_getscopes can't find subprogram. */
> > +	if (!dwarf_getfuncs(cu_die, __die_search_func_tail_cb, &ad, 0))
> > +		return NULL;
> > +	else
> > +		return die_mem;
> > +}
> > +
> >  /* die_find callback for non-inlined function search */
> >  static int __die_search_func_cb(Dwarf_Die *fn_die, void *data)
> >  {
> > diff --git a/tools/perf/util/dwarf-aux.h b/tools/perf/util/dwarf-aux.h
> > index af7dbcd..c9278ed 100644
> > --- a/tools/perf/util/dwarf-aux.h
> > +++ b/tools/perf/util/dwarf-aux.h
> > @@ -82,6 +82,10 @@ extern Dwarf_Die *die_find_child(Dwarf_Die *rt_die,
> >  extern Dwarf_Die *die_find_realfunc(Dwarf_Die *cu_die, Dwarf_Addr addr,
> >  				    Dwarf_Die *die_mem);
> >  
> > +/* Search a non-inlined function with tail call at given address */
> > +Dwarf_Die *die_find_tailfunc(Dwarf_Die *cu_die, Dwarf_Addr addr,
> > +				    Dwarf_Die *die_mem);
> > +
> >  /* Search the top inlined function including given address */
> >  extern Dwarf_Die *die_find_top_inlinefunc(Dwarf_Die *sp_die, Dwarf_Addr addr,
> >  					  Dwarf_Die *die_mem);
> > diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c
> > index b5bf9d5..4cb461e 100644
> > --- a/tools/perf/util/probe-finder.c
> > +++ b/tools/perf/util/probe-finder.c
> > @@ -660,9 +660,15 @@ static int call_probe_finder(Dwarf_Die *sc_die, struct probe_finder *pf)
> >  	/* If not a real subprogram, find a real one */
> >  	if (!die_is_func_def(sc_die)) {
> >  		if (!die_find_realfunc(&pf->cu_die, pf->addr, &pf->sp_die)) {
> > -			pr_warning("Failed to find probe point in any "
> > -				   "functions.\n");
> > -			return -ENOENT;
> > +			if (die_find_tailfunc(&pf->cu_die, pf->addr, &pf->sp_die)) {
> > +				pr_warning("Ignoring tail call from %s\n",
> > +						dwarf_diename(&pf->sp_die));
> > +				return 0;
> > +			} else {
> > +				pr_warning("Failed to find probe point in any "
> > +					   "functions.\n");
> > +				return -ENOENT;
> > +			}
> >  		}
> >  	} else
> >  		memcpy(&pf->sp_die, sc_die, sizeof(Dwarf_Die));
> > 
> 
> 
> -- 
> Masami HIRAMATSU
> Linux Technology Research Center, System Productivity Research Dept.
> Center for Technology Innovation - Systems Engineering
> Hitachi, Ltd., Research & Development Group
> E-mail: masami.hiramatsu.pt@...achi.com
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ