lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20151202095554.GA17324@gmail.com>
Date:	Wed, 2 Dec 2015 10:55:54 +0100
From:	Ingo Molnar <mingo@...nel.org>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	"Wangnan (F)" <wangnan0@...wei.com>, Jiri Olsa <jolsa@...nel.org>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	David Ahern <dsahern@...il.com>,
	Milian Wolff <milian.wolff@...b.com>,
	linux-kernel@...r.kernel.org, pi3orama <pi3orama@....com>,
	lizefan 00213767 <lizefan@...wei.com>
Subject: Re: [BUG REPORT] perf tools: x86_64: Broken calllchain when sampling
 taken at 'callq' instruction


* Peter Zijlstra <peterz@...radead.org> wrote:

> On Tue, Dec 01, 2015 at 05:11:25PM +0100, Ingo Molnar wrote:
> > 
> > * Peter Zijlstra <peterz@...radead.org> wrote:
> > 
> > > > so I think the problem here is that the RSP does not match up to the RIP. We 
> > > > can either pass along the original RIP+RSP, or the fixed up one - but what we 
> > > > do currently is that we pass along only half of it - which corrupts dwarf 
> > > > unwinding state that doesn't tolerate such errors.
> > > 
> > > Still not sure what that gets you. Then you get a sample at a known wrong 
> > > location, why would you want that?
> > 
> > Well, we'd at least get a valid call trace - which the 'mixed' one isn't? I.e. 
> > this only matters with --call-graph.
> > 
> > But yeah, with my suggestion we'd essentially fall back from cycles:pp to 
> > cycles:p, ideally we'd want to have real_rsp. Does the hardware provide that?
> 
> No, no real_rsp.
> 
> > User-space cannot compute that reliably I think, what if the 'real' instruction 
> > was manipulating RSP in more complex ways than doing a CALL?
> 
> I'm not really too aware of these asm details :/ 

So the way I understand it is that dwarf unwind relies on having consistent pairs 
of {RIP,RSP}, to be able to look at the precise instruction, look up the debuginfo 
what the function-internal stack offset at that instruction is (as there's no RBP 
frame information available so the stack offset varies).

That method really relies on having precise {RIP,RSP} pairs - it may otherwise 
lose its notion of where the next return address on the stack is, and the 
backtrace goes off into la-la-land. I suppose such broken callchains were how 
Wangnan noticed the problem?

( As a comparison, RBP based backtraces only rely on having an exact RBP available 
  as a starting point, that will define the next backtrace link and the next RBP
  value. That is why we can do the backtrace walk in the kernel. )

There are other ways a dwarf unwind can fail: for example if there's no dwarf 
debuginfo available for the binary in question, or if the stack snapshot we did is 
too small to find the next link in the backtrace. But having an off-by-few RIP is 
enough to throw the backtrace off at the very first step.

> Jiri, what is in PERF_SAMPLE_REGS_USER.IP ? from a quick reading that is 
> whatever is returned from task_pt_regs(current), not the perf_data.regs.ip field 
> which contains the corrected IP.
> 
> Should the uwinder then not use PERF_SAMPLE_REGS_USER.{IP,SP} for a consistent 
> unwind?

Yeah, if we have the real RIP belonging to that RSP value, then all should be 
golden. That way the unwinder can find the next link. (If all the other conditions 
for a successful backtrace are also there.)

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ