| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Nov 2015 23:12:04 +0900 From: Namhyung Kim <namhyung@...nel.org> To: Ingo Molnar <mingo@...nel.org> Cc: Arnaldo Carvalho de Melo <acme@...nel.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Jiri Olsa <jolsa@...hat.com>, LKML <linux-kernel@...r.kernel.org>, David Ahern <dsahern@...il.com>, Kan Liang <kan.liang@...el.com>, Frederic Weisbecker <fweisbec@...il.com>, Andi Kleen <andi@...stfloor.org>, Wang Nan <wangnan0@...wei.com> Subject: Re: [PATCH 2/3] perf callchain: Stop resolving callchains after invalid address Hi Ingo, On Thu, Nov 26, 2015 at 08:43:35AM +0100, Ingo Molnar wrote: > > * Namhyung Kim <namhyung@...nel.org> wrote: > > > Unwinding optimized binaries using frame pointer gives garbage. Check > > callchain address and stop if it's under vm.mmap_min_addr sysctl value. > > > > Before: > > $ perf report --stdio --no-children -g callee > > ... > > > > 1.37% perf [kernel.vmlinux] [k] smp_call_function_single > > | > > ---smp_call_function_single > > _perf_event_enable > > perf_event_for_each_child > > perf_ioctl > > do_vfs_ioctl > > sys_ioctl > > entry_SYSCALL_64_fastpath > > __GI___ioctl > > 0 > > 0 > > 0x1c5aa70 > > 0x1c5b910 > > 0x1c5aa70 > > 0x1c5b910 > > 0x1c5aa70 > > 0x1c5b910 > > 0x1c5aa70 > > 0x1c5b910 > > 0x1c5aa70 > > 0x1c5b910 > > ... > > > > After: > > $ perf report --stdio --no-children -g callee > > ... > > > > 1.37% perf [kernel.vmlinux] [k] smp_call_function_single > > | > > ---smp_call_function_single > > _perf_event_enable > > perf_event_for_each_child > > perf_ioctl > > do_vfs_ioctl > > sys_ioctl > > entry_SYSCALL_64_fastpath > > __GI___ioctl > > In addition to that, would it make sense to terminate the callchain with an > indicator that we found something anomalous? Such an extra line: > > ... > > would not be intrusive, but would tell the informed reader that it's not a normal > ending of the call chain. > > This assumes that we can tell apart 'normal end of call chain' from 'seems to end > with garbage poiner' cases - can do we that? In case of fp unwind, I'm not sure we can determine whether it's normal end or not especially for optimized binaries. It seems kernel also can stop callchain anytime if it sees a broken frame. For dwarf unwind, I think it's also hard to tell since it can be stopped for various reasons like insufficient dump size or broken CFI, ... Thanks, Namhyung -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists