From: Ian Rogers <irogers@google.com>
To: irogers@google.com, acme@kernel.org, namhyung@kernel.org
Cc: adrian.hunter@intel.com, gmx@google.com, james.clark@linaro.org,
jolsa@kernel.org, linux-kernel@vger.kernel.org,
linux-perf-users@vger.kernel.org, mingo@redhat.com,
peterz@infradead.org
Subject: [PATCH v9 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes
Date: Thu, 4 Jun 2026 10:28:45 -0700 [thread overview]
Message-ID: <20260604172850.683329-1-irogers@google.com> (raw)
In-Reply-To: <20260520063050.3917261-1-irogers@google.com>
This patch series introduces the new 'perf inject --aslr' feature to
remap virtual memory addresses or drop physical memory event leaks
when profile record data is shared between machines. Bundled with this
feature is a bug fix inside the core map tracking tool that hardens
perf session analysis against concurrent lookup data races.
Detailed Mechanism of MMAP Mapping and ASLR virtual Address Allocation:
The ASLR tool virtualizes the address space of the recorded processes by
intercepting MMAP and MMAP2 events to build a consistent translation
database, which is subsequently used to rewrite sample addresses.
It maintains two primary lookup databases using hash maps:
1. 'remap_addresses': Maps an original mapping key to its new remapped
base address. The key uses a topological invariant coordinates:
(machine, dso, invariant). The invariant is computed as (start - pgoff)
for DSO-backed mappings. This invariant remains constant even when
perf's internal overlap-resolution splits a VMA into fragmented
pieces, ensuring split maps resolve consistently back to the same
remapped base.
2. 'top_addresses': Tracks the allocation state per process (machine, pid).
It maintains 'remapped_max' (the highest allocated address in the
virtualized space) and 'orig_last_end' (the end address of the last
processed original mapping).
For each MMAP/MMAP2 event:
- We look up the DSO and invariant key in 'remap_addresses'. If found, we
reuse the translation, preserving the offset within the mapping.
- If not found, we allocate a new remapped address space:
- If the new mapping is contiguous to the previous one in the original
address space (start == orig_last_end), we place it contiguously in
the remapped space. This is critical to preserve the contiguity of
mappings for downstream merging (e.g. symbols split by HugeTLB, or
anonymous .bss segments adjacent to initialized data).
- If not contiguous, we insert a 1-page gap (using page_size) from the
previous maximum allocated address to prevent accidental merging of
unrelated VMAs.
- The event's start address (and pgoff for kernel maps) is rewritten,
and the event is delegated to the output writer.
To remain strictly conservative and guarantee security, the tool
scrubs breakpoint addresses (bp_addr) from all synthesized stream
headers, completely drops PERF_RECORD_TEXT_POKE events to prevent
absolute immediate pointer operands leaks, and drops unsupported
complex payloads (such as user register stacks, raw tracepoints, and
hardware AUX tracing frames).
Verification is reinforced with shell test ('inject_aslr.sh').
Prerequisite Bug Fix (Patch 1). During development, a core map
indexing issue was identified and resolved to prevent concurrent
lookup data races during session analysis.
Changes since v8:
- Split the large "Add aslr tool" commit into two patches:
- Patch 2: Add ASLR tool infrastructure and MMAP tracking
- Patch 3: Implement sample address remapping
- Address Sashiko and internal feedback.
Ian Rogers (5):
perf maps: Add maps__mutate_mapping
perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking
perf inject/aslr: Implement sample address remapping
perf test: Add inject ASLR test
perf aslr: Strip sample registers
tools/perf/builtin-inject.c | 70 +-
tools/perf/tests/shell/inject_aslr.sh | 517 ++++++++++
tools/perf/util/Build | 1 +
tools/perf/util/aslr.c | 1263 +++++++++++++++++++++++++
tools/perf/util/aslr.h | 41 +
tools/perf/util/machine.c | 32 +-
tools/perf/util/maps.c | 77 ++
tools/perf/util/maps.h | 3 +
tools/perf/util/symbol-elf.c | 41 +-
tools/perf/util/symbol.c | 17 +-
10 files changed, 2029 insertions(+), 33 deletions(-)
create mode 100755 tools/perf/tests/shell/inject_aslr.sh
create mode 100644 tools/perf/util/aslr.c
create mode 100644 tools/perf/util/aslr.h
--
2.54.0.1032.g2f8565e1d1-goog
next prev parent reply other threads:[~2026-06-04 17:28 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 22:05 [PATCH v1 1/2] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-04-24 22:05 ` [PATCH v1 2/2] perf test: Add inject ASLR test Ian Rogers
2026-04-24 22:47 ` sashiko-bot
2026-04-24 22:36 ` [PATCH v1 1/2] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses sashiko-bot
2026-04-25 2:05 ` [PATCH v2 " Ian Rogers
2026-04-25 2:05 ` [PATCH v2 2/2] perf test: Add inject ASLR test Ian Rogers
2026-05-04 3:51 ` [PATCH v3 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-04 3:51 ` [PATCH v3 1/4] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-04 3:51 ` [PATCH v3 2/4] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-04 3:51 ` [PATCH v3 3/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-04 4:51 ` sashiko-bot
2026-05-04 3:51 ` [PATCH v3 4/4] perf test: Add inject ASLR test Ian Rogers
2026-05-04 5:02 ` sashiko-bot
2026-05-04 7:29 ` [PATCH v4 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-04 7:29 ` [PATCH v4 1/4] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-04 7:29 ` [PATCH v4 2/4] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-04 7:29 ` [PATCH v4 3/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-04 8:39 ` sashiko-bot
2026-05-04 7:29 ` [PATCH v4 4/4] perf test: Add inject ASLR test Ian Rogers
2026-05-04 8:48 ` sashiko-bot
2026-05-04 8:23 ` [PATCH v4 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-06 0:45 ` [PATCH v5 0/5] " Ian Rogers
2026-05-06 0:45 ` [PATCH v5 1/5] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-06 13:22 ` Arnaldo Carvalho de Melo
2026-05-06 16:16 ` Ian Rogers
2026-05-06 0:45 ` [PATCH v5 2/5] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-06 0:45 ` [PATCH v5 3/5] perf symbols: Fix map removal sequence inside dso__process_kernel_symbol() Ian Rogers
2026-05-06 1:45 ` sashiko-bot
2026-05-06 0:45 ` [PATCH v5 4/5] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-06 2:40 ` sashiko-bot
2026-05-06 18:52 ` Namhyung Kim
2026-05-06 20:01 ` Ian Rogers
2026-05-06 0:45 ` [PATCH v5 5/5] perf test: Add inject ASLR test Ian Rogers
2026-05-07 15:58 ` James Clark
2026-05-07 16:17 ` Ian Rogers
2026-05-08 10:42 ` James Clark
2026-05-08 10:49 ` James Clark
2026-05-08 8:27 ` [PATCH v6 0/6] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-08 8:27 ` [PATCH v6 1/6] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-08 8:27 ` [PATCH v6 2/6] perf tool: Missing delegate_tool schedstat delegates and dont_split_sample_group Ian Rogers
2026-05-08 8:27 ` [PATCH v6 3/6] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-08 10:57 ` James Clark
2026-05-08 20:37 ` sashiko-bot
2026-05-11 7:07 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 4/6] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-08 21:22 ` sashiko-bot
2026-05-11 7:32 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 5/6] perf test: Add inject ASLR test Ian Rogers
2026-05-08 13:29 ` James Clark
2026-05-08 14:29 ` James Clark
2026-05-11 7:34 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 6/6] perf aslr: Strip sample registers Ian Rogers
2026-05-08 21:49 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 0/4] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-05-19 8:08 ` [PATCH v7 1/4] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-19 8:38 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 2/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-19 9:14 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 3/4] perf test: Add inject ASLR test Ian Rogers
2026-05-19 8:08 ` [PATCH v7 4/4] perf aslr: Strip sample registers Ian Rogers
2026-05-19 9:55 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 0/4] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-05-20 6:30 ` [PATCH v8 1/4] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-20 7:06 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 2/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-20 7:50 ` sashiko-bot
2026-05-23 14:44 ` kernel test robot
2026-05-20 6:30 ` [PATCH v8 3/4] perf test: Add inject ASLR test Ian Rogers
2026-05-20 8:02 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 4/4] perf aslr: Strip sample registers Ian Rogers
2026-05-20 8:41 ` sashiko-bot
2026-06-04 17:28 ` Ian Rogers [this message]
2026-06-04 17:28 ` [PATCH v9 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-04 17:46 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-04 17:45 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-04 17:45 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-04 17:40 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-04 17:45 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260604172850.683329-1-irogers@google.com \
--to=irogers@google.com \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=gmx@google.com \
--cc=james.clark@linaro.org \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox