From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v7 4/4] perf aslr: Strip sample registers
Date: Tue, 19 May 2026 09:55:11 +0000 [thread overview]
Message-ID: <20260519095512.09691C2BCB3@smtp.kernel.org> (raw)
In-Reply-To: <20260519080824.3329601-5-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 4 potential issue(s) to consider:
- [High] Modifying `evsel->core.attr.sample_type` before input event processing corrupts the raw event stream parser.
- [Low] Build failure due to undeclared `ASLR_SUPPORTED_SAMPLE_TYPE` identifier.
- [Low] Commit message discrepancy regarding the handling of ABI words.
- [Low] Error masking in `aslr_tool__cache_orig_attrs` hides out-of-memory errors.
--
commit 828b37c8e32f7fe3bd6173589afcab0ed6408c51
Author: Ian Rogers <irogers@google.com>
perf aslr: Strip sample registers
This commit refactors the ASLR tool to strip register dumps from sample
events rather than dropping the entire sample. It scrubs incoming attribute
events and attempts to keep downstream parsers synchronized.
> and output sample ABI words are safely overwritten to
> PERF_SAMPLE_REGS_ABI_NONE.
This isn't a bug, but the commit message states that the ABI words are
overwritten to PERF_SAMPLE_REGS_ABI_NONE. However, the code in
aslr_tool__process_sample() skips writing to the output array entirely,
stripping the ABI words and register payloads rather than overwriting them.
Is this description accurate?
> diff --git a/tools/perf/builtin-inject.c b/tools/perf/builtin-inject.c
> index 8fe924e730a16..4bafccf7dae40 100644
> --- a/tools/perf/builtin-inject.c
> +++ b/tools/perf/builtin-inject.c
[ ... ]
> @@ -2783,7 +2794,18 @@ int cmd_inject(int argc, const char **argv)
> struct evsel *evsel;
>
> evlist__for_each_entry(inject.session->evlist, evsel) {
> + ret = aslr_tool__cache_orig_attrs(tool, evsel);
> + if (ret) {
> + pr_err("Failed to cache original attributes: %d\n", ret);
> + goto out_delete;
> + }
> +
> + /* Strip the registers and unknown flags natively inside memory! */
> evsel->core.attr.sample_type &= ASLR_SUPPORTED_SAMPLE_TYPE;
This macro is removed from tools/perf/util/aslr.c in this patch and doesn't
appear to be relocated to a shared header. Will this cause a build failure
due to an undeclared identifier?
> + evsel__reset_sample_bit(evsel, REGS_USER);
> + evsel__reset_sample_bit(evsel, REGS_INTR);
> + evsel->core.attr.sample_regs_user = 0;
> + evsel->core.attr.sample_regs_intr = 0;
During trace ingestion, the core parser relies on evsel->core.attr.sample_type
to deserialize raw binary samples linearly.
If the register bits are cleared prematurely from the in-memory evsel here in
cmd_inject() (before __cmd_inject() executes perf_session__process_events()),
the parser will expect no register data and skip extracting those fields.
If the raw sample contains subsequent trailing fields like
PERF_SAMPLE_STACK_USER, will the unskipped raw register bytes physically
present in the stream be misinterpreted as those trailing fields?
Could this result in out-of-bounds memory reads and -EFAULT errors,
effectively aborting trace processing for files recorded with registers?
> diff --git a/tools/perf/util/aslr.c b/tools/perf/util/aslr.c
> index d0b1b33377fd2..ef6ba6fa5ff45 100644
> --- a/tools/perf/util/aslr.c
> +++ b/tools/perf/util/aslr.c
[ ... ]
> @@ -1097,10 +1122,34 @@ void aslr_tool__delete(struct perf_tool *tool)
[ ... ]
> +int aslr_tool__cache_orig_attrs(struct perf_tool *tool, struct evsel *evsel)
> +{
> + struct delegate_tool *del_tool = container_of(tool, struct delegate_tool, tool);
> + struct aslr_tool *aslr = container_of(del_tool, struct aslr_tool, tool);
> + struct aslr_evsel_priv *priv = zalloc(sizeof(*priv));
> +
> + if (!priv)
> + return -ENOMEM;
> +
> + priv->orig_sample_type = evsel->core.attr.sample_type;
> + priv->orig_sample_regs_user = evsel->core.attr.sample_regs_user;
> + priv->orig_sample_regs_intr = evsel->core.attr.sample_regs_intr;
> +
> + if (hashmap__add(&aslr->evsel_orig_attrs, evsel, priv) != 0) {
> + free(priv);
> + return -EEXIST;
> + }
> + return 0;
> +}
If memory allocation fails for the new bucket or entry inside hashmap__add(),
it will return -ENOMEM.
Since the code assumes any non-zero return indicates the entry already exists
and unconditionally returns -EEXIST, does this unintentionally mask legitimate
memory exhaustion errors during tool initialization?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260519080824.3329601-1-irogers@google.com?part=4
next prev parent reply other threads:[~2026-05-19 9:55 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 22:05 [PATCH v1 1/2] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-04-24 22:05 ` [PATCH v1 2/2] perf test: Add inject ASLR test Ian Rogers
2026-04-24 22:47 ` sashiko-bot
2026-04-24 22:36 ` [PATCH v1 1/2] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses sashiko-bot
2026-04-25 2:05 ` [PATCH v2 " Ian Rogers
2026-04-25 2:05 ` [PATCH v2 2/2] perf test: Add inject ASLR test Ian Rogers
2026-05-04 3:51 ` [PATCH v3 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-04 3:51 ` [PATCH v3 1/4] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-04 3:51 ` [PATCH v3 2/4] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-04 3:51 ` [PATCH v3 3/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-04 4:51 ` sashiko-bot
2026-05-04 3:51 ` [PATCH v3 4/4] perf test: Add inject ASLR test Ian Rogers
2026-05-04 5:02 ` sashiko-bot
2026-05-04 7:29 ` [PATCH v4 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-04 7:29 ` [PATCH v4 1/4] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-04 7:29 ` [PATCH v4 2/4] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-04 7:29 ` [PATCH v4 3/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-04 8:39 ` sashiko-bot
2026-05-04 7:29 ` [PATCH v4 4/4] perf test: Add inject ASLR test Ian Rogers
2026-05-04 8:48 ` sashiko-bot
2026-05-04 8:23 ` [PATCH v4 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-06 0:45 ` [PATCH v5 0/5] " Ian Rogers
2026-05-06 0:45 ` [PATCH v5 1/5] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-06 13:22 ` Arnaldo Carvalho de Melo
2026-05-06 16:16 ` Ian Rogers
2026-05-06 0:45 ` [PATCH v5 2/5] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-06 0:45 ` [PATCH v5 3/5] perf symbols: Fix map removal sequence inside dso__process_kernel_symbol() Ian Rogers
2026-05-06 1:45 ` sashiko-bot
2026-05-06 0:45 ` [PATCH v5 4/5] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-06 2:40 ` sashiko-bot
2026-05-06 18:52 ` Namhyung Kim
2026-05-06 20:01 ` Ian Rogers
2026-05-06 0:45 ` [PATCH v5 5/5] perf test: Add inject ASLR test Ian Rogers
2026-05-07 15:58 ` James Clark
2026-05-07 16:17 ` Ian Rogers
2026-05-08 10:42 ` James Clark
2026-05-08 10:49 ` James Clark
2026-05-08 8:27 ` [PATCH v6 0/6] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-08 8:27 ` [PATCH v6 1/6] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-08 8:27 ` [PATCH v6 2/6] perf tool: Missing delegate_tool schedstat delegates and dont_split_sample_group Ian Rogers
2026-05-08 8:27 ` [PATCH v6 3/6] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-08 10:57 ` James Clark
2026-05-08 20:37 ` sashiko-bot
2026-05-11 7:07 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 4/6] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-08 21:22 ` sashiko-bot
2026-05-11 7:32 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 5/6] perf test: Add inject ASLR test Ian Rogers
2026-05-08 13:29 ` James Clark
2026-05-08 14:29 ` James Clark
2026-05-11 7:34 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 6/6] perf aslr: Strip sample registers Ian Rogers
2026-05-08 21:49 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 0/4] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-05-19 8:08 ` [PATCH v7 1/4] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-19 8:38 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 2/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-19 9:14 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 3/4] perf test: Add inject ASLR test Ian Rogers
2026-05-19 8:08 ` [PATCH v7 4/4] perf aslr: Strip sample registers Ian Rogers
2026-05-19 9:55 ` sashiko-bot [this message]
2026-05-20 6:30 ` [PATCH v8 0/4] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-05-20 6:30 ` [PATCH v8 1/4] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-20 7:06 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 2/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-20 7:50 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 3/4] perf test: Add inject ASLR test Ian Rogers
2026-05-20 8:02 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 4/4] perf aslr: Strip sample registers Ian Rogers
2026-05-20 8:41 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260519095512.09691C2BCB3@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox