lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201102172712.0c9859124835089d80dc2348@kernel.org>
Date:   Mon, 2 Nov 2020 17:27:12 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Mark Wielaard <mark@...mp.org>, Namhyung Kim <namhyung@...nel.org>,
        Stephane Eranian <eranian@...gle.com>,
        linux-toolchains@...r.kernel.org,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>, Jiri Olsa <jolsa@...nel.org>,
        Ian Rogers <irogers@...gle.com>,
        "Phillips, Kim" <kim.phillips@....com>,
        Mark Rutland <mark.rutland@....com>,
        Andi Kleen <andi@...stfloor.org>,
        Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: Additional debug info to aid cacheline analysis

Hi,

On Fri, 30 Oct 2020 11:10:04 +0100
Peter Zijlstra <peterz@...radead.org> wrote:

> On Fri, Oct 30, 2020 at 10:16:49AM +0100, Mark Wielaard wrote:
> > Hi Namhyung,
> > 
> > On Fri, Oct 30, 2020 at 02:26:19PM +0900, Namhyung Kim wrote:
> > > On Thu, Oct 8, 2020 at 6:38 PM Mark Wielaard <mark@...mp.org> wrote:
> > > > GCC using -fvar-tracking and -fvar-tracking-assignments is pretty good
> > > > at keeping track of where variables are held (in memory or registers)
> > > > when in the program, even through various optimizations.
> > > >
> > > > -fvar-tracking-assignments is the default with -g -O2.
> > > > Except for the upstream linux kernel code. Most distros enable it
> > > > again, but you do want to enable it by hand when building from the
> > > > upstream linux git repo.
> > > 
> > > Please correct me if I'm wrong.  This seems to track local variables.
> > > But I'm not sure it's enough for this purpose as we want to know
> > > types of any memory references (not directly from a variable).
> > > 
> > > Let's say we have a variable like below:
> > > 
> > >   struct xxx a;
> > > 
> > >   a.b->c->d++;
> > > 
> > > And we have a sample where 'd' is updated, then how can we know
> > > it's from the variable 'a'?  Maybe we don't need to know it, but we
> > > should know it accesses the 'd' field in the struct 'c'.
> > > 
> > > Probably we can analyze the asm code and figure out it's from 'a'
> > > and accessing 'd' at the moment.  I'm curious if there's a way in
> > > the DWARF to help this kind of work.
> > 
> > DWARF does have that information, but it stores it in a way that is
> > kind of opposite to how you want to access it. Given a variable and an
> > address, you can easily get the location where that variable is
> > stored. But if you want to map back from a given (memory) location and
> > address to the variable, that is more work.
> 
> The principal idea in this thread doesn't care about the address of the
> variables. The idea was to get the data type and member information from
> the instruction.
> 
> So in the above example: a.b->c->d++; what we'll end up with is
> something like:
> 
> 	inc	8(%rax)
> 
> Where %rax contains c, and the offset of d in c is 8.

For this simple case, it is possible.

This offset information is stored in the DWARF as a data-structure type
information. (perf-probe uses it to find how to get the given local var's
fields)

So if we do this off-line, I think it is possible if it is recorded with
instruction-pointers. For each place, we can do

 - decode instruction and get the access address. 
 - get var assignment of %rax at that IP.
 - get type information of var and find the field from offset.

However, the problem is that if the DWARF has only assignment of "a",
we need to decode the function body. (and usually this happens)

func() {
 struct xxx a;
 ...
 a.b->c->d++;
}

In this case, only "a" is the local variable. So DWARF records assignment of
"a", not "b" nor "c" (since those are not a name of variables, just a name
of fields). GCC may generate something like

 mov	16(%rsp),%rdx	// rdx = a.b
 mov	8(%rdx),%rax		// rax = b->c
 inc	8(%rax)		// c->d++

GCC only knows "a" is 0(%rsp), there is no other "assignments". Thus we need
to backtrace the %rax from the hit ip address until known assignment register
appears.

Note that if there is a loop, we have to trace it back too, but it's more hard,

func() {
 struct yyy a;
 int i;
 ...
 for (i = 0; i < 100; i++)
   a.b->c[i]++;
}

In this case, GCC will optimize "i" out and make an end-address.
(This is what GCC -O2 generated)

0000000000001190 <func>:
{
    1190:       f3 0f 1e fa             endbr64 
        struct yyy a = *_a;
    1194:       48 8b 57 10             mov    0x10(%rdi),%rdx
        for (i = 0; i < 100; i++)
    1198:       48 8d 42 08             lea    0x8(%rdx),%rax
    119c:       48 81 c2 98 01 00 00    add    $0x198,%rdx
    11a3:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
                a.b->c[i]++;
    11a8:       83 00 01                addl   $0x1,(%rax)
        for (i = 0; i < 100; i++)
    11ab:       48 83 c0 04             add    $0x4,%rax
    11af:       48 39 d0                cmp    %rdx,%rax
    11b2:       75 f4                   jne    11a8 <func+0x18>
}
    11b4:       c3                      retq   

If we ignore the array support, this can be simplified as

    1194:       48 8b 57 10             mov    0x10(%rdi),%rdx
    1198:       48 8d 42 08             lea    0x8(%rdx),%rax
    11a8:       83 00 01                addl   $0x1,(%rax)

and maybe able to decode it.

Thank you,

> So what we want to (easily) find for that instruction is c::d.
> 
> So given any instruction with a memop (either load or store) we want to
> find: type::member.
> 
> 


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ