From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Namhyung Kim <namhyung@kernel.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>,
Jiri Olsa <jolsa@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Ian Rogers <irogers@google.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Ingo Molnar <mingo@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-perf-users@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Stephane Eranian <eranian@google.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
linux-toolchains@vger.kernel.org,
linux-trace-devel@vger.kernel.org
Subject: Re: [PATCH 33/48] perf dwarf-aux: Check allowed DWARF Ops
Date: Tue, 7 Nov 2023 18:32:07 +0900 [thread overview]
Message-ID: <20231107183207.2e3aded5985f699fdb3bcd16@kernel.org> (raw)
In-Reply-To: <20231012035111.676789-34-namhyung@kernel.org>
On Wed, 11 Oct 2023 20:50:56 -0700
Namhyung Kim <namhyung@kernel.org> wrote:
> The DWARF location expression can be fairly complex and it'd be hard
> to match it with the condition correctly. So let's be conservative
> and only allow simple expressions. For now it just checks the first
> operation in the list. The following operations looks ok:
>
> * DW_OP_stack_value
> * DW_OP_deref_size
> * DW_OP_deref
> * DW_OP_piece
>
> To refuse complex (and unsupported) location expressions, add
> check_allowed_ops() to compare the rest of the list. It seems earlier
> result contained those unsupported expressions. For example, I found
> some local struct variable is placed like below.
>
> <2><43d1517>: Abbrev Number: 62 (DW_TAG_variable)
> <43d1518> DW_AT_location : 15 byte block: 91 50 93 8 91 78 93 4 93 84 8 91 68 93 4
> (DW_OP_fbreg: -48; DW_OP_piece: 8;
> DW_OP_fbreg: -8; DW_OP_piece: 4;
> DW_OP_piece: 1028;
> DW_OP_fbreg: -24; DW_OP_piece: 4)
>
> Another example is something like this.
>
> 0057c8be ffffffffffffffff ffffffff812109f0 (base address)
> 0057c8ce ffffffff812112b5 ffffffff812112c8 (DW_OP_breg3 (rbx): 0;
> DW_OP_constu: 18446744073709551612;
> DW_OP_and;
> DW_OP_stack_value)
>
> It should refuse them. After the change, the stat shows:
>
> Annotate data type stats:
> total 294, ok 158 (53.7%), bad 136 (46.3%)
> -----------------------------------------------------------
> 30 : no_sym
> 32 : no_mem_ops
> 53 : no_var
> 14 : no_typeinfo
> 7 : bad_offset
>
The code itself looks good to me.
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
If this fixes the previous patch in the same series (this seems a fix for the
main usecase), please make it to a single patch.
Thank you,
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
> ---
> tools/perf/util/dwarf-aux.c | 44 +++++++++++++++++++++++++++++++++----
> 1 file changed, 40 insertions(+), 4 deletions(-)
>
> diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
> index 7f3822d08ab7..093d7e82b333 100644
> --- a/tools/perf/util/dwarf-aux.c
> +++ b/tools/perf/util/dwarf-aux.c
> @@ -1305,6 +1305,34 @@ static bool match_var_offset(Dwarf_Die *die_mem, struct find_var_data *data,
> return true;
> }
>
> +static bool check_allowed_ops(Dwarf_Op *ops, size_t nops)
> +{
> + /* The first op is checked separately */
> + ops++;
> + nops--;
> +
> + /*
> + * It needs to make sure if the location expression matches to the given
> + * register and offset exactly. Thus it rejects any complex expressions
> + * and only allows a few of selected operators that doesn't change the
> + * location.
> + */
> + while (nops) {
> + switch (ops->atom) {
> + case DW_OP_stack_value:
> + case DW_OP_deref_size:
> + case DW_OP_deref:
> + case DW_OP_piece:
> + break;
> + default:
> + return false;
> + }
> + ops++;
> + nops--;
> + }
> + return true;
> +}
> +
> /* Only checks direct child DIEs in the given scope. */
> static int __die_find_var_reg_cb(Dwarf_Die *die_mem, void *arg)
> {
> @@ -1332,25 +1360,31 @@ static int __die_find_var_reg_cb(Dwarf_Die *die_mem, void *arg)
> /* Local variables accessed using frame base register */
> if (data->is_fbreg && ops->atom == DW_OP_fbreg &&
> data->offset >= (int)ops->number &&
> + check_allowed_ops(ops, nops) &&
> match_var_offset(die_mem, data, data->offset, ops->number))
> return DIE_FIND_CB_END;
>
> /* Only match with a simple case */
> if (data->reg < DWARF_OP_DIRECT_REGS) {
> - if (ops->atom == (DW_OP_reg0 + data->reg) && nops == 1)
> + /* pointer variables saved in a register 0 to 31 */
> + if (ops->atom == (DW_OP_reg0 + data->reg) &&
> + check_allowed_ops(ops, nops))
> return DIE_FIND_CB_END;
>
> /* Local variables accessed by a register + offset */
> if (ops->atom == (DW_OP_breg0 + data->reg) &&
> + check_allowed_ops(ops, nops) &&
> match_var_offset(die_mem, data, data->offset, ops->number))
> return DIE_FIND_CB_END;
> } else {
> + /* pointer variables saved in a register 32 or above */
> if (ops->atom == DW_OP_regx && ops->number == data->reg &&
> - nops == 1)
> + check_allowed_ops(ops, nops))
> return DIE_FIND_CB_END;
>
> /* Local variables accessed by a register + offset */
> if (ops->atom == DW_OP_bregx && data->reg == ops->number &&
> + check_allowed_ops(ops, nops) &&
> match_var_offset(die_mem, data, data->offset, ops->number2))
> return DIE_FIND_CB_END;
> }
> @@ -1412,7 +1446,8 @@ static int __die_find_var_addr_cb(Dwarf_Die *die_mem, void *arg)
> if (data->addr < ops->number)
> continue;
>
> - if (match_var_offset(die_mem, data, data->addr, ops->number))
> + if (check_allowed_ops(ops, nops) &&
> + match_var_offset(die_mem, data, data->addr, ops->number))
> return DIE_FIND_CB_END;
> }
> return DIE_FIND_CB_SIBLING;
> @@ -1501,7 +1536,8 @@ int die_get_cfa(Dwarf *dwarf, u64 pc, int *preg, int *poffset)
> return -1;
>
> if (!dwarf_cfi_addrframe(cfi, pc, &frame) &&
> - !dwarf_frame_cfa(frame, &ops, &nops) && nops == 1) {
> + !dwarf_frame_cfa(frame, &ops, &nops) &&
> + check_allowed_ops(ops, nops)) {
> *preg = reg_from_dwarf_op(ops);
> *poffset = offset_from_dwarf_op(ops);
> return 0;
> --
> 2.42.0.655.g421f12c284-goog
>
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next prev parent reply other threads:[~2023-11-07 9:32 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-12 3:50 [RFC 00/48] perf tools: Introduce data type profiling (v1) Namhyung Kim
2023-10-12 3:50 ` [PATCH 01/48] perf annotate: Move raw_comment and raw_func_start Namhyung Kim
2023-10-12 3:50 ` [PATCH 02/48] perf annotate: Check if operand has multiple regs Namhyung Kim
2023-11-27 19:05 ` Arnaldo Carvalho de Melo
2023-10-12 3:50 ` [PATCH 03/48] perf tools: Add util/debuginfo.[ch] files Namhyung Kim
2023-10-12 3:50 ` [PATCH 04/48] perf dwarf-aux: Fix die_get_typename() for void * Namhyung Kim
2023-11-04 10:52 ` Masami Hiramatsu
2023-10-12 3:50 ` [PATCH 05/48] perf dwarf-aux: Move #ifdef code to the header file Namhyung Kim
2023-11-04 10:59 ` Masami Hiramatsu
2023-10-12 3:50 ` [PATCH 06/48] perf dwarf-aux: Add die_get_scopes() helper Namhyung Kim
2023-11-05 9:50 ` Masami Hiramatsu
2023-10-12 3:50 ` [PATCH 07/48] perf dwarf-aux: Add die_find_variable_by_reg() helper Namhyung Kim
2023-11-05 9:48 ` Masami Hiramatsu
2023-10-12 3:50 ` [PATCH 08/48] perf dwarf-aux: Factor out __die_get_typename() Namhyung Kim
2023-11-05 9:07 ` Masami Hiramatsu
2023-11-06 4:01 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 09/48] perf dwarf-regs: Add get_dwarf_regnum() Namhyung Kim
2023-11-05 8:36 ` Masami Hiramatsu
2023-11-06 4:12 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 10/48] perf annotate-data: Add find_data_type() Namhyung Kim
2023-10-12 3:50 ` [PATCH 11/48] perf annotate-data: Add dso->data_types tree Namhyung Kim
2023-10-12 3:50 ` [PATCH 12/48] perf annotate: Factor out evsel__get_arch() Namhyung Kim
2023-10-12 3:50 ` [PATCH 13/48] perf annotate: Add annotate_get_insn_location() Namhyung Kim
2023-10-23 16:38 ` Arnaldo Carvalho de Melo
2023-10-24 19:10 ` Namhyung Kim
2023-10-26 5:26 ` Namhyung Kim
2023-10-26 19:37 ` Arnaldo Carvalho de Melo
2023-10-12 3:50 ` [PATCH 14/48] perf annotate: Implement hist_entry__get_data_type() Namhyung Kim
2023-10-12 3:50 ` [PATCH 15/48] perf report: Add 'type' sort key Namhyung Kim
2023-10-23 16:53 ` Arnaldo Carvalho de Melo
2023-10-24 19:11 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 16/48] perf report: Support data type profiling Namhyung Kim
2023-10-12 3:50 ` [PATCH 17/48] perf annotate-data: Add member field in the data type Namhyung Kim
2023-10-12 3:50 ` [PATCH 18/48] perf annotate-data: Update sample histogram for type Namhyung Kim
2023-10-12 3:50 ` [PATCH 19/48] perf report: Add 'typeoff' sort key Namhyung Kim
2023-10-12 3:50 ` [PATCH 20/48] perf report: Add 'symoff' " Namhyung Kim
2023-10-12 3:50 ` [PATCH 21/48] perf annotate: Add --data-type option Namhyung Kim
2023-10-12 3:50 ` [PATCH 22/48] perf annotate: Add --type-stat option for debugging Namhyung Kim
2023-10-23 17:28 ` Arnaldo Carvalho de Melo
2023-10-23 17:40 ` Arnaldo Carvalho de Melo
2023-10-24 19:12 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 23/48] perf annotate: Add --insn-stat " Namhyung Kim
2023-10-12 3:50 ` [PATCH 24/48] perf annotate-data: Parse 'lock' prefix from llvm-objdump Namhyung Kim
2023-10-12 3:50 ` [PATCH 25/48] perf annotate-data: Handle macro fusion on x86 Namhyung Kim
2023-10-12 3:50 ` [PATCH 26/48] perf annotate-data: Handle array style accesses Namhyung Kim
2023-10-12 3:50 ` [PATCH 27/48] perf annotate-data: Add stack operation pseudo type Namhyung Kim
2023-10-12 3:50 ` [PATCH 28/48] perf dwarf-aux: Add die_find_variable_by_addr() Namhyung Kim
2023-11-06 15:25 ` Masami Hiramatsu
2023-11-09 5:36 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 29/48] perf annotate-data: Handle PC-relative addressing Namhyung Kim
2023-10-12 3:50 ` [PATCH 30/48] perf annotate-data: Support global variables Namhyung Kim
2023-10-12 3:50 ` [PATCH 31/48] perf dwarf-aux: Add die_get_cfa() Namhyung Kim
2023-11-07 0:50 ` Masami Hiramatsu
2023-11-08 5:28 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 32/48] perf annotate-data: Support stack variables Namhyung Kim
2023-10-12 3:50 ` [PATCH 33/48] perf dwarf-aux: Check allowed DWARF Ops Namhyung Kim
2023-11-07 9:32 ` Masami Hiramatsu [this message]
2023-11-08 5:34 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 34/48] perf dwarf-aux: Add die_collect_vars() Namhyung Kim
2023-11-08 10:52 ` Masami Hiramatsu
2023-11-09 5:05 ` Namhyung Kim
2023-10-12 3:50 ` [PATCH 35/48] perf dwarf-aux: Handle type transfer for memory access Namhyung Kim
2023-11-08 10:57 ` Masami Hiramatsu
2023-10-12 3:50 ` [PATCH 36/48] perf annotate-data: Introduce struct data_loc_info Namhyung Kim
2023-12-03 16:22 ` Athira Rajeev
2023-12-05 0:10 ` Namhyung Kim
2023-12-05 7:17 ` Athira Rajeev
2023-10-12 3:51 ` [PATCH 37/48] perf map: Add map__objdump_2rip() Namhyung Kim
2023-10-12 3:51 ` [PATCH 38/48] perf annotate: Add annotate_get_basic_blocks() Namhyung Kim
2023-10-12 3:51 ` [PATCH 39/48] perf annotate-data: Maintain variable type info Namhyung Kim
2023-10-12 3:51 ` [PATCH 40/48] perf annotate-data: Add update_insn_state() Namhyung Kim
2023-10-12 3:51 ` [PATCH 41/48] perf annotate-data: Handle global variable access Namhyung Kim
2023-10-12 3:51 ` [PATCH 42/48] perf annotate-data: Handle call instructions Namhyung Kim
2023-10-12 3:51 ` [PATCH 43/48] perf annotate-data: Implement instruction tracking Namhyung Kim
2023-10-12 3:51 ` [PATCH 44/48] perf annotate: Parse x86 segment register location Namhyung Kim
2023-10-12 3:51 ` [PATCH 45/48] perf annotate-data: Handle this-cpu variables in kernel Namhyung Kim
2023-10-12 3:51 ` [PATCH 46/48] perf annotate-data: Track instructions with a this-cpu variable Namhyung Kim
2023-10-12 3:51 ` [PATCH 47/48] perf annotate-data: Add stack canary type Namhyung Kim
2023-10-12 3:51 ` [PATCH 48/48] perf annotate-data: Add debug message Namhyung Kim
2023-10-12 6:03 ` [RFC 00/48] perf tools: Introduce data type profiling (v1) Ingo Molnar
2023-10-12 16:19 ` Namhyung Kim
2023-10-12 18:33 ` Ingo Molnar
2023-10-12 20:45 ` Namhyung Kim
2023-10-12 9:11 ` Peter Zijlstra
2023-10-12 16:41 ` Namhyung Kim
[not found] ` <CADzB+2mu98v9EUsA1Y-wVDSrXT2kznKi87Tb6QdN5y4mMFNsyg@mail.gmail.com>
2023-10-25 5:58 ` Namhyung Kim
2023-10-12 9:15 ` Peter Zijlstra
2023-10-12 16:52 ` Namhyung Kim
2023-10-13 14:15 ` Arnaldo Carvalho de Melo
2023-10-23 21:58 ` Andi Kleen
2023-10-24 19:16 ` Namhyung Kim
2023-10-25 2:09 ` Andi Kleen
2023-10-25 5:51 ` Namhyung Kim
2023-10-25 20:01 ` Andi Kleen
2023-11-08 17:12 ` Joe Mario
2023-11-09 4:48 ` Namhyung Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231107183207.2e3aded5985f699fdb3bcd16@kernel.org \
--to=mhiramat@kernel.org \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=eranian@google.com \
--cc=irogers@google.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-toolchains@vger.kernel.org \
--cc=linux-trace-devel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).