1cfd01eb60
In some cases, compilers don't set the location expression in DWARF
precisely. For instance, it may assign a variable to a register after
copying it from a different register. Then it should use the register
for the new type but still uses the old register. This makes hard to
track the type information properly.
This is an example I found in __tcp_transmit_skb(). The first argument
(sk) of this function is a pointer to sock and there's a variable (tp)
for tcp_sock.
static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
int clone_it, gfp_t gfp_mask, u32 rcv_nxt)
{
...
struct tcp_sock *tp;
BUG_ON(!skb || !tcp_skb_pcount(skb));
tp = tcp_sk(sk);
prior_wstamp = tp->tcp_wstamp_ns;
tp->tcp_wstamp_ns = max(tp->tcp_wstamp_ns, tp->tcp_clock_cache);
...
So it basically calls tcp_sk(sk) to get the tcp_sock pointer from sk.
But it turned out to be the same value because tcp_sock embeds sock as
the first member. The sk is located in reg5 (RDI) and tp is in reg3
(RBX). The offset of tcp_wstamp_ns is 0x748 and tcp_clock_cache is
0x750. So you need to use RBX (reg3) to access the fields in the
tcp_sock. But the code used RDI (reg5) as it has the same value.
$ pahole --hex -C tcp_sock vmlinux | grep -e 748 -e 750
u64 tcp_wstamp_ns; /* 0x748 0x8 */
u64 tcp_clock_cache; /* 0x750 0x8 */
And this is the disassembly of the part of the function.
<__tcp_transmit_skb>:
...
44: mov %rdi, %rbx
47: mov 0x748(%rdi), %rsi
4e: mov 0x750(%rdi), %rax
55: cmp %rax, %rsi
Because compiler put the debug info to RBX, it only knows RDI is a
pointer to sock and accessing those two fields resulted in error
due to offset being beyond the type size.
-----------------------------------------------------------
find data type for 0x748(reg5) at __tcp_transmit_skb+0x63
CU for net/ipv4/tcp_output.c (die:0x817f543)
frame base: cfa=0 fbreg=6
scope: [1/1] (die:81aac3e)
bb: [0 - 30]
var [0] -0x98(stack) type='struct tcp_out_options' size=0x28 (die:0x81af3df)
var [5] reg8 type='unsigned int' size=0x4 (die:0x8180ed6)
var [5] reg2 type='unsigned int' size=0x4 (die:0x8180ed6)
var [5] reg1 type='int' size=0x4 (die:0x818059e)
var [5] reg4 type='struct sk_buff*' size=0x8 (die:0x8181360)
var [5] reg5 type='struct sock*' size=0x8 (die:0x8181a0c) <<<--- the first argument ('sk' at %RDI)
mov [19] reg8 -> -0xa8(stack) type='unsigned int' size=0x4 (die:0x8180ed6)
mov [20] stack canary -> reg0
mov [29] reg0 -> -0x30(stack) stack canary
bb: [36 - 3e]
mov [36] reg4 -> reg15 type='struct sk_buff*' size=0x8 (die:0x8181360)
bb: [44 - 63]
mov [44] reg5 -> reg3 type='struct sock*' size=0x8 (die:0x8181a0c) <<<--- calling tcp_sk()
var [47] reg3 type='struct tcp_sock*' size=0x8 (die:0x819eead) <<<--- new variable ('tp' at %RBX)
var [4e] reg4 type='unsigned long long' size=0x8 (die:0x8180edd)
mov [58] reg4 -> -0xc0(stack) type='unsigned long long' size=0x8 (die:0x8180edd)
chk [63] reg5 offset=0x748 ok=1 kind=1 (struct sock*) : offset bigger than size <<<--- access with old variable
final result: offset bigger than size
While it's a fault in the compiler, we could work around this issue by
using the type of new variable when it's copied directly. So I've added
copied_from field in the register state to track those direct register
to register copies. After that new register gets a new type and the old
register still has the same type, it'll update (copy it back) the type
of the old register.
For example, if we can update type of reg5 at __tcp_transmit_skb+0x47,
we can find the target type of the instruction at 0x63 like below:
-----------------------------------------------------------
find data type for 0x748(reg5) at __tcp_transmit_skb+0x63
...
bb: [44 - 63]
mov [44] reg5 -> reg3 type='struct sock*' size=0x8 (die:0x8181a0c)
var [47] reg3 type='struct tcp_sock*' size=0x8 (die:0x819eead)
var [47] copyback reg5 type='struct tcp_sock*' size=0x8 (die:0x819eead) <<<--- here
mov [47] 0x748(reg5) -> reg4 type='unsigned long long' size=0x8 (die:0x8180edd)
mov [4e] 0x750(reg5) -> reg0 type='unsigned long long' size=0x8 (die:0x8180edd)
mov [58] reg4 -> -0xc0(stack) type='unsigned long long' size=0x8 (die:0x8180edd)
chk [63] reg5 offset=0x748 ok=1 kind=1 (struct tcp_sock*) : Good! <<<--- new type
found by insn track: 0x748(reg5) type-offset=0x748
final result: type='struct tcp_sock' size=0xa98 (die:0x819eeb2)
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20240821232628.353177-5-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
294 lines
7.6 KiB
C
294 lines
7.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _PERF_ANNOTATE_DATA_H
|
|
#define _PERF_ANNOTATE_DATA_H
|
|
|
|
#include <errno.h>
|
|
#include <linux/compiler.h>
|
|
#include <linux/rbtree.h>
|
|
#include <linux/types.h>
|
|
#include "dwarf-regs.h"
|
|
#include "annotate.h"
|
|
|
|
#ifdef HAVE_DWARF_SUPPORT
|
|
#include "debuginfo.h"
|
|
#endif
|
|
|
|
struct annotated_op_loc;
|
|
struct debuginfo;
|
|
struct evsel;
|
|
struct hist_browser_timer;
|
|
struct hist_entry;
|
|
struct map_symbol;
|
|
struct thread;
|
|
|
|
#define pr_debug_dtp(fmt, ...) \
|
|
do { \
|
|
if (debug_type_profile) \
|
|
pr_info(fmt, ##__VA_ARGS__); \
|
|
else \
|
|
pr_debug3(fmt, ##__VA_ARGS__); \
|
|
} while (0)
|
|
|
|
enum type_state_kind {
|
|
TSR_KIND_INVALID = 0,
|
|
TSR_KIND_TYPE,
|
|
TSR_KIND_PERCPU_BASE,
|
|
TSR_KIND_CONST,
|
|
TSR_KIND_POINTER,
|
|
TSR_KIND_CANARY,
|
|
};
|
|
|
|
/**
|
|
* struct annotated_member - Type of member field
|
|
* @node: List entry in the parent list
|
|
* @children: List head for child nodes
|
|
* @type_name: Name of the member type
|
|
* @var_name: Name of the member variable
|
|
* @offset: Offset from the outer data type
|
|
* @size: Size of the member field
|
|
*
|
|
* This represents a member type in a data type.
|
|
*/
|
|
struct annotated_member {
|
|
struct list_head node;
|
|
struct list_head children;
|
|
char *type_name;
|
|
char *var_name;
|
|
int offset;
|
|
int size;
|
|
};
|
|
|
|
/**
|
|
* struct type_hist_entry - Histogram entry per offset
|
|
* @nr_samples: Number of samples
|
|
* @period: Count of event
|
|
*/
|
|
struct type_hist_entry {
|
|
int nr_samples;
|
|
u64 period;
|
|
};
|
|
|
|
/**
|
|
* struct type_hist - Type histogram for each event
|
|
* @nr_samples: Total number of samples in this data type
|
|
* @period: Total count of the event in this data type
|
|
* @offset: Array of histogram entry
|
|
*/
|
|
struct type_hist {
|
|
u64 nr_samples;
|
|
u64 period;
|
|
struct type_hist_entry addr[];
|
|
};
|
|
|
|
/**
|
|
* struct annotated_data_type - Data type to profile
|
|
* @node: RB-tree node for dso->type_tree
|
|
* @self: Actual type information
|
|
* @nr_histogram: Number of histogram entries
|
|
* @histograms: An array of pointers to histograms
|
|
*
|
|
* This represents a data type accessed by samples in the profile data.
|
|
*/
|
|
struct annotated_data_type {
|
|
struct rb_node node;
|
|
struct annotated_member self;
|
|
int nr_histograms;
|
|
struct type_hist **histograms;
|
|
};
|
|
|
|
extern struct annotated_data_type unknown_type;
|
|
extern struct annotated_data_type stackop_type;
|
|
extern struct annotated_data_type canary_type;
|
|
|
|
/**
|
|
* struct data_loc_info - Data location information
|
|
* @arch: CPU architecture info
|
|
* @thread: Thread info
|
|
* @ms: Map and Symbol info
|
|
* @ip: Instruction address
|
|
* @var_addr: Data address (for global variables)
|
|
* @cpumode: CPU execution mode
|
|
* @op: Instruction operand location (regs and offset)
|
|
* @di: Debug info
|
|
* @fbreg: Frame base register
|
|
* @fb_cfa: Whether the frame needs to check CFA
|
|
* @type_offset: Final offset in the type
|
|
*/
|
|
struct data_loc_info {
|
|
/* These are input field, should be filled by caller */
|
|
struct arch *arch;
|
|
struct thread *thread;
|
|
struct map_symbol *ms;
|
|
u64 ip;
|
|
u64 var_addr;
|
|
u8 cpumode;
|
|
struct annotated_op_loc *op;
|
|
struct debuginfo *di;
|
|
|
|
/* These are used internally */
|
|
int fbreg;
|
|
bool fb_cfa;
|
|
|
|
/* This is for the result */
|
|
int type_offset;
|
|
};
|
|
|
|
/**
|
|
* struct annotated_data_stat - Debug statistics
|
|
* @total: Total number of entry
|
|
* @no_sym: No symbol or map found
|
|
* @no_insn: Failed to get disasm line
|
|
* @no_insn_ops: The instruction has no operands
|
|
* @no_mem_ops: The instruction has no memory operands
|
|
* @no_reg: Failed to extract a register from the operand
|
|
* @no_dbginfo: The binary has no debug information
|
|
* @no_cuinfo: Failed to find a compile_unit
|
|
* @no_var: Failed to find a matching variable
|
|
* @no_typeinfo: Failed to get a type info for the variable
|
|
* @invalid_size: Failed to get a size info of the type
|
|
* @bad_offset: The access offset is out of the type
|
|
*/
|
|
struct annotated_data_stat {
|
|
int total;
|
|
int no_sym;
|
|
int no_insn;
|
|
int no_insn_ops;
|
|
int no_mem_ops;
|
|
int no_reg;
|
|
int no_dbginfo;
|
|
int no_cuinfo;
|
|
int no_var;
|
|
int no_typeinfo;
|
|
int invalid_size;
|
|
int bad_offset;
|
|
int insn_track;
|
|
};
|
|
extern struct annotated_data_stat ann_data_stat;
|
|
|
|
#ifdef HAVE_DWARF_SUPPORT
|
|
/*
|
|
* Type information in a register, valid when @ok is true.
|
|
* The @caller_saved registers are invalidated after a function call.
|
|
*/
|
|
struct type_state_reg {
|
|
Dwarf_Die type;
|
|
u32 imm_value;
|
|
bool ok;
|
|
bool caller_saved;
|
|
u8 kind;
|
|
u8 copied_from;
|
|
};
|
|
|
|
/* Type information in a stack location, dynamically allocated */
|
|
struct type_state_stack {
|
|
struct list_head list;
|
|
Dwarf_Die type;
|
|
int offset;
|
|
int size;
|
|
bool compound;
|
|
u8 kind;
|
|
};
|
|
|
|
/* FIXME: This should be arch-dependent */
|
|
#ifdef __powerpc__
|
|
#define TYPE_STATE_MAX_REGS 32
|
|
#else
|
|
#define TYPE_STATE_MAX_REGS 16
|
|
#endif
|
|
|
|
/*
|
|
* State table to maintain type info in each register and stack location.
|
|
* It'll be updated when new variable is allocated or type info is moved
|
|
* to a new location (register or stack). As it'd be used with the
|
|
* shortest path of basic blocks, it only maintains a single table.
|
|
*/
|
|
struct type_state {
|
|
/* state of general purpose registers */
|
|
struct type_state_reg regs[TYPE_STATE_MAX_REGS];
|
|
/* state of stack location */
|
|
struct list_head stack_vars;
|
|
/* return value register */
|
|
int ret_reg;
|
|
/* stack pointer register */
|
|
int stack_reg;
|
|
};
|
|
|
|
/* Returns data type at the location (ip, reg, offset) */
|
|
struct annotated_data_type *find_data_type(struct data_loc_info *dloc);
|
|
|
|
/* Update type access histogram at the given offset */
|
|
int annotated_data_type__update_samples(struct annotated_data_type *adt,
|
|
struct evsel *evsel, int offset,
|
|
int nr_samples, u64 period);
|
|
|
|
/* Release all data type information in the tree */
|
|
void annotated_data_type__tree_delete(struct rb_root *root);
|
|
|
|
/* Release all global variable information in the tree */
|
|
void global_var_type__tree_delete(struct rb_root *root);
|
|
|
|
int hist_entry__annotate_data_tty(struct hist_entry *he, struct evsel *evsel);
|
|
|
|
bool has_reg_type(struct type_state *state, int reg);
|
|
struct type_state_stack *findnew_stack_state(struct type_state *state,
|
|
int offset, u8 kind,
|
|
Dwarf_Die *type_die);
|
|
void set_stack_state(struct type_state_stack *stack, int offset, u8 kind,
|
|
Dwarf_Die *type_die);
|
|
struct type_state_stack *find_stack_state(struct type_state *state,
|
|
int offset);
|
|
bool get_global_var_type(Dwarf_Die *cu_die, struct data_loc_info *dloc,
|
|
u64 ip, u64 var_addr, int *var_offset,
|
|
Dwarf_Die *type_die);
|
|
bool get_global_var_info(struct data_loc_info *dloc, u64 addr,
|
|
const char **var_name, int *var_offset);
|
|
void pr_debug_type_name(Dwarf_Die *die, enum type_state_kind kind);
|
|
|
|
#else /* HAVE_DWARF_SUPPORT */
|
|
|
|
static inline struct annotated_data_type *
|
|
find_data_type(struct data_loc_info *dloc __maybe_unused)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline int
|
|
annotated_data_type__update_samples(struct annotated_data_type *adt __maybe_unused,
|
|
struct evsel *evsel __maybe_unused,
|
|
int offset __maybe_unused,
|
|
int nr_samples __maybe_unused,
|
|
u64 period __maybe_unused)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
static inline void annotated_data_type__tree_delete(struct rb_root *root __maybe_unused)
|
|
{
|
|
}
|
|
|
|
static inline void global_var_type__tree_delete(struct rb_root *root __maybe_unused)
|
|
{
|
|
}
|
|
|
|
static inline int hist_entry__annotate_data_tty(struct hist_entry *he __maybe_unused,
|
|
struct evsel *evsel __maybe_unused)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
#endif /* HAVE_DWARF_SUPPORT */
|
|
|
|
#ifdef HAVE_SLANG_SUPPORT
|
|
int hist_entry__annotate_data_tui(struct hist_entry *he, struct evsel *evsel,
|
|
struct hist_browser_timer *hbt);
|
|
#else
|
|
static inline int hist_entry__annotate_data_tui(struct hist_entry *he __maybe_unused,
|
|
struct evsel *evsel __maybe_unused,
|
|
struct hist_browser_timer *hbt __maybe_unused)
|
|
{
|
|
return -1;
|
|
}
|
|
#endif /* HAVE_SLANG_SUPPORT */
|
|
|
|
#endif /* _PERF_ANNOTATE_DATA_H */
|