- 14 May, 2014 3 commits
-
-
Denys Vlasenko authored
Before this patch, instructions such as div, mul, shifts with count in CL, cmpxchg are mishandled. This patch adds vex prefix handling. In particular, it avoids colliding with register operand encoded in vex.vvvv field. Since we need to avoid two possible register operands, the selection of scratch register needs to be from at least three registers. After looking through a lot of CPU docs, it looks like the safest choice is SI,DI,BX. Selecting BX needs care to not collide with implicit use of BX by cmpxchg8b. Test-case: #include <stdio.h> static const char *const pass[] = { "FAIL", "pass" }; long two = 2; void test1(void) { long ax = 0, dx = 0; asm volatile("\n" " xor %%edx,%%edx\n" " lea 2(%%edx),%%eax\n" // We divide 2 by 2. Result (in eax) should be 1: " probe1: .globl probe1\n" " divl two(%%rip)\n" // If we have a bug (eax mangled on entry) the result will be 2, // because eax gets restored by probe machinery. : "=a" (ax), "=d" (dx) /*out*/ : "0" (ax), "1" (dx) /*in*/ : "memory" /*clobber*/ ); dprintf(2, "%s: %s\n", __func__, pass[ax == 1] ); } long val2 = 0; void test2(void) { long old_val = val2; long ax = 0, dx = 0; asm volatile("\n" " mov val2,%%eax\n" // eax := val2 " lea 1(%%eax),%%edx\n" // edx := eax+1 // eax is equal to val2. cmpxchg should store edx to val2: " probe2: .globl probe2\n" " cmpxchg %%edx,val2(%%rip)\n" // If we have a bug (eax mangled on entry), val2 will stay unchanged : "=a" (ax), "=d" (dx) /*out*/ : "0" (ax), "1" (dx) /*in*/ : "memory" /*clobber*/ ); dprintf(2, "%s: %s\n", __func__, pass[val2 == old_val + 1] ); } long val3[2] = {0,0}; void test3(void) { long old_val = val3[0]; long ax = 0, dx = 0; asm volatile("\n" " mov val3,%%eax\n" // edx:eax := val3 " mov val3+4,%%edx\n" " mov %%eax,%%ebx\n" // ecx:ebx := edx:eax + 1 " mov %%edx,%%ecx\n" " add $1,%%ebx\n" " adc $0,%%ecx\n" // edx:eax is equal to val3. cmpxchg8b should store ecx:ebx to val3: " probe3: .globl probe3\n" " cmpxchg8b val3(%%rip)\n" // If we have a bug (edx:eax mangled on entry), val3 will stay unchanged. // If ecx:edx in mangled, val3 will get wrong value. : "=a" (ax), "=d" (dx) /*out*/ : "0" (ax), "1" (dx) /*in*/ : "cx", "bx", "memory" /*clobber*/ ); dprintf(2, "%s: %s\n", __func__, pass[val3[0] == old_val + 1 && val3[1] == 0] ); } int main(int argc, char **argv) { test1(); test2(); test3(); return 0; } Before this change all tests fail if probe{1,2,3} are probed. Signed-off-by:Denys Vlasenko <dvlasenk@redhat.com> Reviewed-by:
Jim Keniston <jkenisto@us.ibm.com> Signed-off-by:
Oleg Nesterov <oleg@redhat.com>
-
Denys Vlasenko authored
It is possible to replace rip-relative addressing mode with addressing mode of the same length: (reg+disp32). This eliminates the need to fix up immediate and correct for changing instruction length. And we can kill arch_uprobe->def.riprel_target. Signed-off-by:
-
Oleg Nesterov authored
Hugh says: The one I noticed was that it forgets all about memcg (because it was copied from KSM, and there the replacement page has already been charged to a memcg). See how mm/memory.c do_anonymous_page() does a mem_cgroup_charge_anon(). Hopefully not a big problem, uprobes is a system-wide thing and only root can insert the probes. But I agree, should be fixed anyway. Add mem_cgroup_{un,}charge_anon() into uprobe_write_opcode(). To simplify the error handling (and avoid the new "uncharge" label) the patch also moves anon_vma_prepare() up before we alloc/charge the new page. While at it fix the comment about ->mmap_sem, it is held for write. Suggested-by:Hugh Dickins <hughd@google.com> Signed-off-by:
-
- 05 May, 2014 1 commit
-
-
Ingo Molnar authored
Merge branch 'uprobes/core' of git://git.kernel.org/pub/scm/linux/kernel/git/oleg/misc into perf/uprobes Pull uprobes updates from Oleg Nesterov: "This hopefully completes the previous 'fix the handling of relative jmp/call's' series, all changes except the last 3 unrelated fixes try to address TODO's mentioned in the changelogs." Signed-off-by:
Ingo Molnar <mingo@kernel.org>
-
- 01 May, 2014 3 commits
-
-
Ingo Molnar authored
Merge tag 'perf-core-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/jolsa/perf into perf/core Pull perf/core improvements and fixes from Jiri Olsa: * Wire up perf_regs and unwind support for ARM64 (Jean Pihet) * Move u64_swap union to its single user's header, evsel.h (Borislav Petkov) * Fix for s390 to properly parse tracepoints plus test code (Alexander Yarygin) * Handle EINTR error for readn/writen (Namhyung Kim) Signed-off-by:
Jiri Olsa <jolsa@kernel.org> Signed-off-by:
-
Ingo Molnar authored
Conflicts: tools/perf/arch/x86/tests/dwarf-unwind.c Signed-off-by: -
Ingo Molnar authored
Merge tag 'perf-urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/jolsa/perf into perf/urgent Pull perf/urgent fixes from Jiri Olsa: * Fix perf to use non-executable stack, again (Mathias Krause) * Remove extra '/' character in events file path (Xia Kaixu) * Search for modules in %s/lib/modules/%s (Richard Yao) * Build related fixies plus static build test (Jiri Olsa) * Fix stack map lookup in dwarf unwind test (Jiri Olsa) Signed-off-by:
-
- 30 Apr, 2014 28 commits
-
-
Oleg Nesterov authored
valid_vma() rejects the VM_SHARED vmas, but this still allows to insert a probe into the MAP_SHARED but not VM_MAYWRITE vma. Currently this is fine, such a mapping doesn't really differ from the private read-only mmap except mprotect(PROT_WRITE) won't work. However, get_user_pages(FOLL_WRITE | FOLL_FORCE) doesn't allow to COW in this case, and it would be safer to follow the same conventions as mm even if currently this happens to work. After the recent cda540ac "mm: get_user_pages(write,force) refuse to COW in shared areas" only uprobes can insert an anon page into the shared file-backed area, lets stop this and change valid_vma() to check VM_MAYSHARE instead. Signed-off-by:
-
Oleg Nesterov authored
uprobe_perf_open()->uprobe_apply() can fail, but this error is wrongly ignored. Change uprobe_perf_open() to do uprobe_perf_close() and return the error code in this case. Change uprobe_perf_close() to propogate the error from uprobe_apply() as well, although it should not fail. Signed-off-by:
Steven Rostedt <rostedt@goodmis.org> Acked-by:
Srikar Dronamraju <srikar@linux.vnet.ibm.com>
-
Oleg Nesterov authored
Preparation. Move uprobe_perf_close() up before uprobe_perf_open() to avoid the forward declaration in the next patch and make it readable. Signed-off-by:
-
Oleg Nesterov authored
Ignoring the "correction" logic riprel_pre_xol() and riprel_post_xol() are very similar but look quite differently. 1. Add the "UPROBE_FIX_RIP_AX | UPROBE_FIX_RIP_CX" check at the start of riprel_pre_xol(), like the same check in riprel_post_xol(). 2. Add the trivial scratch_reg() helper which returns the address of scratch register pre_xol/post_xol need to change. 3. Change these functions to use the new helper and avoid copy-and-paste under if/else branches. Signed-off-by:
-
Oleg Nesterov authored
default_pre_xol_op() passes ¤t->utask->autask to riprel_pre_xol() and this is just ugly because it still needs to load current->utask to read ->vaddr. Remove this argument, change riprel_pre_xol() to use current->utask. Signed-off-by:
-
Oleg Nesterov authored
handle_riprel_insn(), pre_xol_rip_insn() and handle_riprel_post_xol() look confusing and inconsistent. Rename them into riprel_analyze(), riprel_pre_xol(), and riprel_post_xol() respectively. No changes in compiled code. Signed-off-by:
-
Oleg Nesterov authored
Now that UPROBE_FIX_IP/UPROBE_FIX_CALL are mutually exclusive we can use a single "fix_ip_or_call" enum instead of 2 fix_* booleans. This way the logic looks more understandable and clean to me. While at it, join "case 0xea" with other "ip is correct" ret/lret cases. Also change default_post_xol_op() to use "else if" for the same reason. Signed-off-by: -
Oleg Nesterov authored
The only insn which could have both UPROBE_FIX_IP and UPROBE_FIX_CALL was 0xe8 "call relative", and now it is handled by branch_xol_ops. So we can change default_post_xol_op(UPROBE_FIX_CALL) to simply push the address of next insn == utask->vaddr + insn.length, just we need to record insn.length into the new auprobe->def.ilen member. Note: if/when we teach branch_xol_ops to support jcxz/loopz we can remove the "correction" logic, UPROBE_FIX_IP can use the same address. Signed-off-by: -
Oleg Nesterov authored
Extract the "push return address" code from branch_emulate_op() into the new simple helper, push_ret_address(). It will have more users. Signed-off-by: -
Oleg Nesterov authored
handle_riprel_insn() assumes that nobody else could modify ->fixups before. This is correct but fragile, change it to use "|=". Also make ->fixups u8, we are going to add the new members into the union. It is not clear why UPROBE_FIX_RIP_.X lived in the upper byte, redefine them so that they can fit into u8. Signed-off-by: -
Oleg Nesterov authored
Finally we can move arch_uprobe->fixups/rip_rela_target_address into the new "def" struct and place this struct in the union, they are only used by default_xol_ops paths. The patch also renames rip_rela_target_address to riprel_target just to make this name shorter. Signed-off-by:
-
Oleg Nesterov authored
UPROBE_FIX_SETF is only needed to handle "popf" correctly but it is processed by the generic arch_uprobe_post_xol() code. This doesn't allows us to make ->fixups private for default_xol_ops. 1 Change default_post_xol_op(UPROBE_FIX_SETF) to set ->saved_tf = T. "popf" always reads the flags from stack, it doesn't matter if TF was set or not before single-step. Ignoring the naming, this is even more logical, "saved_tf" means "owned by application" and we do not own this flag after "popf". 2. Change arch_uprobe_post_xol() to save ->saved_tf into the local "bool send_sigtrap" before ->post_xol(). 3. Change arch_uprobe_post_xol() to ignore UPROBE_FIX_SETF and just check ->saved_tf after ->post_xol(). With this patch ->fixups and ->rip_rela_target_address are only used by default_xol_ops hooks, we are ready to remove them from the common part of arch_uprobe. Signed-off-by:
-
Oleg Nesterov authored
014940ba "uprobes/x86: Send SIGILL if arch_uprobe_post_xol() fails" changed arch_uprobe_post_xol() to use arch_uprobe_abort_xol() if ->post_xol fails. This was correct and helped to avoid the additional complications, we need to clear X86_EFLAGS_TF in this case. However, now that we have uprobe_xol_ops->abort() hook it would be better to avoid arch_uprobe_abort_xol() here. ->post_xol() should likely do what ->abort() does anyway, we should not do the same work twice. Currently only handle_riprel_post_xol() can be called twice, this is unnecessary but safe. Still this is not clean and can lead to the problems in future. Change arch_uprobe_post_xol() to clear X86_EFLAGS_TF and restore ->ip by hand and avoid arch_uprobe_abort_xol(). This temporary uglifies the usage of autask.saved_tf, we will cleanup this later. Signed-off-by:
-
Oleg Nesterov authored
arch_uprobe_abort_xol() calls handle_riprel_post_xol() even if auprobe->ops != default_xol_ops. This is fine correctness wise, only default_pre_xol_op() can set UPROBE_FIX_RIP_AX|UPROBE_FIX_RIP_CX and otherwise handle_riprel_post_xol() is nop. But this doesn't look clean and this doesn't allow us to move ->fixups into the union in arch_uprobe. Move this handle_riprel_post_xol() call into the new default_abort_op() hook and change arch_uprobe_abort_xol() accordingly. Signed-off-by:
-
Oleg Nesterov authored
Currently this doesn't matter, the only ->pre_xol() hook can't fail, but we need to fix arch_uprobe_pre_xol() anyway. If ->pre_xol() fails we should not change regs->ip/flags, we should just return the error to make restart actually possible. Signed-off-by:
-
Oleg Nesterov authored
is_64bit_mm() assumes that mm->context.ia32_compat means the 32-bit instruction set, this is not true if the task is TIF_X32. Change set_personality_ia32() to initialize mm->context.ia32_compat by TIF_X32 or TIF_IA32 instead of 1. This allows to fix is_64bit_mm() without affecting other users, they all treat ia32_compat as "bool". TIF_ in ->ia32_compat looks a bit strange, but this is grep-friendly and avoids the new define's. Signed-off-by:
-
Oleg Nesterov authored
Add the suitable ifdef's around good_insns_* arrays. We do not want to add the ugly ifdef's into their only user, uprobe_init_insn(), so the "#else" branch simply defines them as NULL. This doesn't generate the extra code, gcc is smart enough, although the code is fine even if it could not detect that (without CONFIG_IA32_EMULATION) is_64bit_mm() is __builtin_constant_p(). The patch looks more complicated because it also moves good_insns_64 up close to good_insns_32. Signed-off-by:
-
Oleg Nesterov authored
Change uprobe_init_insn() to make insn_complete() == T, this makes other insn_get_*() calls unnecessary. Signed-off-by:
-
Oleg Nesterov authored
1. Extract the ->ia32_compat check from 64bit validate_insn_bits() into the new helper, is_64bit_mm(), it will have more users. TODO: this checks is actually wrong if mm owner is X32 task, we need another fix which changes set_personality_ia32(). TODO: even worse, the whole 64-or-32-bit logic is very broken and the fix is not simple, we need the nontrivial changes in the core uprobes code. 2. Kill validate_insn_bits() and change its single caller to use uprobe_init_insn(is_64bit_mm(mm). Signed-off-by:
-
Oleg Nesterov authored
validate_insn_32bits() and validate_insn_64bits() are very similar, turn them into the single uprobe_init_insn() which has the additional "bool x86_64" argument which can be passed to insn_init() and used to choose between good_insns_64/good_insns_32. Also kill UPROBE_FIX_NONE, it has no users. Note: the current code doesn't use ifdef's consistently, good_insns_64 depends on CONFIG_X86_64 but good_insns_32 is unconditional. This patch removes ifdef around good_insns_64, we will add it back later along with the similar one for good_insns_32. Signed-off-by:
-
Denys Vlasenko authored
All branch insns on x86 can be prefixed with the operand-size override prefix, 0x66. It was only ever useful for performing jumps to 32-bit offsets in 16-bit code segments. In 32-bit code, such instructions are useless since they cause IP truncation to 16 bits, and in case of call insns, they save only 16 bits of return address and misalign the stack pointer as a "bonus". In 64-bit code, such instructions are treated differently by Intel and AMD CPUs: Intel ignores the prefix altogether, AMD treats them the same as in 32-bit mode. Before this patch, the emulation code would execute the instructions as if they have no 0x66 prefix. With this patch, we refuse to attach uprobes to such insns. Signed-off-by:
Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Signed-off-by:
-
Jiri Olsa authored
Previous commit 'perf x86: Fix perf to use non-executable stack, again' moved stack map into MAP__VARIABLE map type again. Fixing the dwarf unwind test stack map lookup appropriately. Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com> Cc: David Ahern <dsahern@gmail.com> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Jean Pihet <jean.pihet@linaro.org> Link: http://lkml.kernel.org/n/tip-ttzyhbe4zls24z7ednkmhvxl@git.kernel.orgSigned-off-by:
-
Mathias Krause authored
arch/x86/tests/regs_load.S is missing the linker note about the stack requirements, therefore making the linker fall back to an executable stack. As this object gets linked against the final perf binary, it'll needlessly end up with an executable stack. Fix this by adding the appropriate linker note. Also add a global linker flag to prevent future regressions, as suggested by Jiri. This way perf won't get an executable stack even if we fail to add the .GNU-stack linker note to future assembler files. Though, doing so might create regressions the other way around, when (statically) linking against libraries needing an executable stack. But, apparently, regressing in that direction is wanted as it is an indicator of poor code quality -- or just missing linker notes. Fixes: 3c8b06f9 ("perf tests x86: Introduce perf_regs_load function") Signed-off-by:
Mathias Krause <minipli@googlemail.com> Acked-by:
-
Xia Kaixu authored
The array debugfs_known_mountpoints[] will cause extra '/' character output. Remove it. pre: $ perf probe -l /sys/kernel/debug//tracing/uprobe_events file does not exist - please rebuild kernel with CONFIG_UPROBE_EVENTS. post: $ perf probe -l /sys/kernel/debug/tracing/uprobe_events file does not exist - please rebuild kernel with CONFIG_UPROBE_EVENTS. Signed-off-by:
Xia Kaixu <xiakaixu@huawei.com> Acked-by:
Namhyung Kim <namhyung@kernel.org> Link: http://lkml.kernel.org/r/535B6660.2060001@huawei.comSigned-off-by:
-
Richard Yao authored
Modules installed outside of the kernel's build system should go into "%s/lib/modules/%s/extra", but at present, perf will only look at them when they are in "%s/lib/modules/%s/kernel". Lets encourage good citizenship by relaxing this requirement to "%s/lib/modules/%s". This way open source modules that are out-of-tree have no incentive to start populating a directory reserved for in-kernel modules and I can stop hex-editing my system's perf binary when profiling OSS out-of-tree modules. Feedback from Namhyung Kim correctly revealed that the hex-edits that I had been doing meant that perf was also traversing the build and source symlinks in %s/lib/modules/%s. That is undesireable, so we explicitly exclude them from traversal with a minor tweak to the traversal routine. Signed-off-by:
Richard Yao <ryao@gentoo.org> Acked-by:
-
Jiri Olsa authored
Adding test for building static perf build into the automated suite. Also available via following commands: $ make -f tests/make make_static - make_static: cd . && make -f Makefile DESTDIR=/tmp/tmp.7u5MlB4njo LDFLAGS=-static $ make -f tests/make make_static_O - make_static_O: cd . && make -f Makefile O=/tmp/tmp.Ay6r3wEmtX DESTDIR=/tmp/tmp.vK0KQwO0Vi LDFLAGS=-static Acked-by:
David Ahern <dsahern@gmail.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Corey Ashford <cjashfor@linux.vnet.ibm.com> Cc: David Ahern <dsahern@gmail.com> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Link: http://lkml.kernel.org/r/1398760413-7574-1-git-send-email-jolsa@kernel.orgSigned-off-by:
-
Jiri Olsa authored
There's false assumption in the library detection code assuming -liberty and -lz are always present once bfd is detected. The fails on Ubuntu (14.04) as reported by Ingo. Forcing the bdf dependency libraries detection any time bfd library is detected. Reported-by:
-
Jiri Olsa authored
We no longer use ALL_LDFLAGS, Replacing with LDFLAGS. Acked-by:
-
- 29 Apr, 2014 5 commits
-
-
Jean Pihet authored
This patch hooks in the perf_regs and libunwind code for ARM64. The tools/perf/arch/arm64 is created; it contains the arch specific code for DWARF unwinding. Signed-off-by:
Jean Pihet <jean.pihet@linaro.org> Acked-by:
Will Deacon <will.deacon@arm.com> Link: http://lkml.kernel.org/r/1398688353-3737-1-git-send-email-jean.pihet@linaro.orgSigned-off-by:
-
Borislav Petkov authored
... to its single user's header, evsel.h. Signed-off-by:
Borislav Petkov <bp@suse.de> Link: http://lkml.kernel.org/r/tip-9os1chjyz12upubfsjc71d99@git.kernel.orgSigned-off-by:
-
Alexander Yarygin authored
Add a s390 specific test of a hardcoded trace event with '-' in the name. Signed-off-by:
Alexander Yarygin <yarygin@linux.vnet.ibm.com> Link: http://lkml.kernel.org/r/1398440047-6641-4-git-send-email-yarygin@linux.vnet.ibm.comSigned-off-by:
-
Alexander Yarygin authored
In tests/parse-events.c test cases are declared in evlist_test[] arrays. Elements of arrays are initialized in following pattern: [i] = { .name = ..., .check = ..., }, When perf-test is running with '-v' option, 'i' variable will be printed for every existing test. However, we can't add any arch specific tests inside #ifdefs, because it will create collision between the element number inside #ifdef and the next one outside. This patch adds 'id' field in evlist_test, uses it as a test identifier and removes explicit numbering of array elements. This helps to number tests with gaps. Signed-off-by: -
Alexander Yarygin authored
Trace events potentially can have a '-' in their trace system name, e.g. kvm on s390 defines kvm-s390:* tracepoints. We could not parse them, because there was no rule for this: $ sudo ./perf top -e "kvm-s390:*" invalid or unsupported event: 'kvm-s390:*' This patch adds an extra rule to event_legacy_tracepoint which handles those cases. Without the patch, perf will not accept such tracepoints in the -e option. Signed-off-by:
Christian Borntraeger <borntraeger@de.ibm.com> Acked-by:
-
