From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v18 3/5] perf inject/aslr: Implement sample address remapping
Date: Sun, 07 Jun 2026 21:56:10 +0000 [thread overview]
Message-ID: <20260607215610.D07911F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260607213700.3563842-4-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Incorrect byte-swapping logic corrupts cross-endian ASLR injection output and map lookups.
--
commit 6c75b55c8896e5addaf1feb2b5e93b62c2cc71dd
Author: Ian Rogers <irogers@google.com>
perf inject/aslr: Implement sample address remapping
Add the sample address remapping logic to the ASLR tool. This patch
implements aslr_tool__process_sample, which parses sample events,
remaps IPs, ADDRs, callchains, and branch stacks using the mappings
collected from metadata events.
> diff --git a/tools/perf/util/aslr.c b/tools/perf/util/aslr.c
> index e45f68c604937..03944677ddfcc 100644
> --- a/tools/perf/util/aslr.c
> +++ b/tools/perf/util/aslr.c
[ ... ]
> @@ -602,13 +657,413 @@ static int aslr_tool__process_sample(const struct perf_tool *tool,
[ ... ]
> +#define REMAP_U64(addr_field) \
> + do { \
> + u64 remapped; \
> + if (CHECK_BOUNDS(1, 1)) { \
> + ret = -EFAULT; \
> + goto out_put; \
> + } \
> + remapped = aslr_tool__remap_address(aslr, thread, cpumode, addr_field); \
> + if (orig_needs_swap) \
> + remapped = bswap_64(remapped); \
> + out_array[j++] = remapped; \
> + i++; \
> + } while (0)
[Severity: High]
Since perf_session__process_event() applies perf_event__all64_swap() to
PERF_RECORD_SAMPLE payloads, converting all 64-bit words in
event->sample.array to native endianness before the tool processes them,
will applying bswap_64() here write a corrupted foreign-endian address into
the output buffer?
The output perf.data file is emitted with a native header, so downstream
readers wouldn't know to swap these values back.
[ ... ]
> + for (u64 cntr = 0; cntr < nr; cntr++) {
> + if (CHECK_BOUNDS(1, 1)) {
> + ret = -EFAULT;
> + goto out_put;
> + }
> + addr = in_array[i++];
> + if (addr >= PERF_CONTEXT_MAX) {
> + out_array[j++] = orig_needs_swap ? bswap_64(addr) : addr;
[Severity: High]
Could this logic result in callchain context markers being incorrectly swapped
to foreign endianness before they are written to the output event buffer?
[ ... ]
> + if (sample_type & PERF_SAMPLE_BRANCH_STACK) {
> + u64 nr;
> +
> + if (CHECK_BOUNDS(1, 1)) {
> + ret = -EFAULT;
> + goto out_put;
> + }
> + nr = in_array[i];
> + COPY_U64();
> +
> + if (evsel->core.attr.branch_sample_type & PERF_SAMPLE_BRANCH_HW_INDEX)
> + COPY_U64(); /* hw_idx */
> +
> + if (nr > (ULLONG_MAX / 3)) {
> + ret = -EFAULT;
> + goto out_put;
> + }
> + if (nr * 3 > max_i - i || nr * 3 > max_j - j) {
> + ret = -EFAULT;
> + goto out_put;
> + }
> + for (u64 cntr = 0; cntr < nr; cntr++) {
> + u64 from = in_array[i++];
> + u64 to = in_array[i++];
> +
> + if (orig_needs_swap) {
> + from = bswap_64(from);
> + to = bswap_64(to);
> + }
> +
> + from = aslr_tool__remap_address(aslr, thread, sample->cpumode, from);
> + to = aslr_tool__remap_address(aslr, thread, sample->cpumode, to);
[Severity: High]
If the from and to addresses are swapped to foreign endianness before calling
aslr_tool__remap_address(), wouldn't this pass invalid addresses to the thread
map lookup, causing it to silently fail and bypass ASLR remapping for branch
stacks?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260607213700.3563842-1-irogers@google.com?part=3
next prev parent reply other threads:[~2026-06-07 21:56 UTC|newest]
Thread overview: 169+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 22:05 [PATCH v1 1/2] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-04-24 22:05 ` [PATCH v1 2/2] perf test: Add inject ASLR test Ian Rogers
2026-04-24 22:47 ` sashiko-bot
2026-04-24 22:36 ` [PATCH v1 1/2] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses sashiko-bot
2026-04-25 2:05 ` [PATCH v2 " Ian Rogers
2026-04-25 2:05 ` [PATCH v2 2/2] perf test: Add inject ASLR test Ian Rogers
2026-05-04 3:51 ` [PATCH v3 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-04 3:51 ` [PATCH v3 1/4] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-04 3:51 ` [PATCH v3 2/4] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-04 3:51 ` [PATCH v3 3/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-04 4:51 ` sashiko-bot
2026-05-04 3:51 ` [PATCH v3 4/4] perf test: Add inject ASLR test Ian Rogers
2026-05-04 5:02 ` sashiko-bot
2026-05-04 7:29 ` [PATCH v4 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-04 7:29 ` [PATCH v4 1/4] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-04 7:29 ` [PATCH v4 2/4] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-04 7:29 ` [PATCH v4 3/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-04 8:39 ` sashiko-bot
2026-05-04 7:29 ` [PATCH v4 4/4] perf test: Add inject ASLR test Ian Rogers
2026-05-04 8:48 ` sashiko-bot
2026-05-04 8:23 ` [PATCH v4 0/4] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-06 0:45 ` [PATCH v5 0/5] " Ian Rogers
2026-05-06 0:45 ` [PATCH v5 1/5] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-06 13:22 ` Arnaldo Carvalho de Melo
2026-05-06 16:16 ` Ian Rogers
2026-05-06 0:45 ` [PATCH v5 2/5] perf tool: Fix missing schedstat delegates and dont_split_sample_group in delegate_tool Ian Rogers
2026-05-06 0:45 ` [PATCH v5 3/5] perf symbols: Fix map removal sequence inside dso__process_kernel_symbol() Ian Rogers
2026-05-06 1:45 ` sashiko-bot
2026-05-06 0:45 ` [PATCH v5 4/5] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-06 2:40 ` sashiko-bot
2026-05-06 18:52 ` Namhyung Kim
2026-05-06 20:01 ` Ian Rogers
2026-05-06 0:45 ` [PATCH v5 5/5] perf test: Add inject ASLR test Ian Rogers
2026-05-07 15:58 ` James Clark
2026-05-07 16:17 ` Ian Rogers
2026-05-08 10:42 ` James Clark
2026-05-08 10:49 ` James Clark
2026-05-08 8:27 ` [PATCH v6 0/6] perf tools: Add inject --aslr feature and prerequisite robustness fixes Ian Rogers
2026-05-08 8:27 ` [PATCH v6 1/6] perf sched: Add missing mmap2 handler in timehist Ian Rogers
2026-05-08 8:27 ` [PATCH v6 2/6] perf tool: Missing delegate_tool schedstat delegates and dont_split_sample_group Ian Rogers
2026-05-08 8:27 ` [PATCH v6 3/6] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-08 10:57 ` James Clark
2026-05-08 20:37 ` sashiko-bot
2026-05-11 7:07 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 4/6] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-08 21:22 ` sashiko-bot
2026-05-11 7:32 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 5/6] perf test: Add inject ASLR test Ian Rogers
2026-05-08 13:29 ` James Clark
2026-05-08 14:29 ` James Clark
2026-05-11 7:34 ` Namhyung Kim
2026-05-08 8:27 ` [PATCH v6 6/6] perf aslr: Strip sample registers Ian Rogers
2026-05-08 21:49 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 0/4] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-05-19 8:08 ` [PATCH v7 1/4] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-19 8:38 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 2/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-19 9:14 ` sashiko-bot
2026-05-19 8:08 ` [PATCH v7 3/4] perf test: Add inject ASLR test Ian Rogers
2026-05-19 8:08 ` [PATCH v7 4/4] perf aslr: Strip sample registers Ian Rogers
2026-05-19 9:55 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 0/4] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-05-20 6:30 ` [PATCH v8 1/4] perf maps: Add maps__mutate_mapping Ian Rogers
2026-05-20 7:06 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 2/4] perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses Ian Rogers
2026-05-20 7:50 ` sashiko-bot
2026-05-23 14:44 ` kernel test robot
2026-05-20 6:30 ` [PATCH v8 3/4] perf test: Add inject ASLR test Ian Rogers
2026-05-20 8:02 ` sashiko-bot
2026-05-20 6:30 ` [PATCH v8 4/4] perf aslr: Strip sample registers Ian Rogers
2026-05-20 8:41 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-04 17:28 ` [PATCH v9 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-04 17:46 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-04 17:45 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-04 17:45 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-04 17:40 ` sashiko-bot
2026-06-04 17:28 ` [PATCH v9 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-04 17:45 ` sashiko-bot
2026-06-05 6:06 ` [PATCH v10 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-05 6:06 ` [PATCH v10 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-05 6:20 ` sashiko-bot
2026-06-05 6:06 ` [PATCH v10 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-05 6:06 ` [PATCH v10 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-05 6:30 ` sashiko-bot
2026-06-05 6:06 ` [PATCH v10 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-05 6:13 ` sashiko-bot
2026-06-05 6:06 ` [PATCH v10 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-05 18:52 ` [PATCH v11 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-05 18:52 ` [PATCH v11 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-05 19:06 ` sashiko-bot
2026-06-05 18:52 ` [PATCH v11 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-05 19:07 ` sashiko-bot
2026-06-05 18:52 ` [PATCH v11 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-05 18:52 ` [PATCH v11 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-05 18:52 ` [PATCH v11 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-05 19:24 ` [PATCH v12 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-05 19:24 ` [PATCH v12 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-05 19:24 ` [PATCH v12 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-05 19:38 ` sashiko-bot
2026-06-05 19:24 ` [PATCH v12 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-05 19:24 ` [PATCH v12 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-05 19:24 ` [PATCH v12 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-05 19:48 ` [PATCH v13 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-05 19:48 ` [PATCH v13 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-05 19:48 ` [PATCH v13 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-05 20:06 ` sashiko-bot
2026-06-05 19:48 ` [PATCH v13 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-05 19:48 ` [PATCH v13 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-05 19:48 ` [PATCH v13 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-05 20:04 ` sashiko-bot
2026-06-05 20:56 ` [PATCH v14 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-05 20:56 ` [PATCH v14 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-05 20:56 ` [PATCH v14 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-05 21:12 ` sashiko-bot
2026-06-05 20:56 ` [PATCH v14 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-05 23:17 ` sashiko-bot
2026-06-05 20:56 ` [PATCH v14 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-05 21:05 ` sashiko-bot
2026-06-05 20:56 ` [PATCH v14 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-06 7:21 ` [PATCH v15 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-06 7:21 ` [PATCH v15 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-06 7:21 ` [PATCH v15 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-06 7:38 ` sashiko-bot
2026-06-06 7:21 ` [PATCH v15 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-06 7:36 ` sashiko-bot
2026-06-06 7:21 ` [PATCH v15 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-06 7:31 ` sashiko-bot
2026-06-06 7:21 ` [PATCH v15 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-06 7:38 ` sashiko-bot
2026-06-06 15:14 ` [PATCH v16 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-06 15:14 ` [PATCH v16 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-06 15:14 ` [PATCH v16 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-06 15:31 ` sashiko-bot
2026-06-06 15:14 ` [PATCH v16 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-06 15:30 ` sashiko-bot
2026-06-06 15:14 ` [PATCH v16 4/5] perf test: Add inject ASLR test Ian Rogers
2026-06-06 15:14 ` [PATCH v16 5/5] perf aslr: Strip sample registers Ian Rogers
2026-06-06 15:33 ` sashiko-bot
2026-06-07 6:09 ` [PATCH v17 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-07 6:09 ` [PATCH v17 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-07 6:09 ` [PATCH v17 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-07 8:27 ` sashiko-bot
2026-06-07 6:09 ` [PATCH v17 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-07 6:27 ` sashiko-bot
2026-06-07 6:09 ` [PATCH v17 4/5] perf aslr: Strip sample registers Ian Rogers
2026-06-07 6:27 ` sashiko-bot
2026-06-07 6:09 ` [PATCH v17 5/5] perf test: Add inject ASLR test Ian Rogers
2026-06-07 6:18 ` sashiko-bot
2026-06-07 21:36 ` [PATCH v18 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-07 21:36 ` [PATCH v18 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-07 21:55 ` sashiko-bot
2026-06-07 21:36 ` [PATCH v18 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-07 21:52 ` sashiko-bot
2026-06-07 21:36 ` [PATCH v18 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-07 21:56 ` sashiko-bot [this message]
2026-06-07 21:36 ` [PATCH v18 4/5] perf aslr: Strip sample registers Ian Rogers
2026-06-07 21:52 ` sashiko-bot
2026-06-07 21:37 ` [PATCH v18 5/5] perf test: Add inject ASLR test Ian Rogers
2026-06-08 5:48 ` [PATCH v19 0/5] perf tools: Add inject --aslr feature, early maps loading, and decoupling fixes Ian Rogers
2026-06-08 5:48 ` [PATCH v19 1/5] perf maps: Add maps__mutate_mapping Ian Rogers
2026-06-08 5:48 ` [PATCH v19 2/5] perf inject/aslr: Add ASLR tool infrastructure and MMAP tracking Ian Rogers
2026-06-08 5:48 ` [PATCH v19 3/5] perf inject/aslr: Implement sample address remapping Ian Rogers
2026-06-08 6:00 ` sashiko-bot
2026-06-08 5:48 ` [PATCH v19 4/5] perf aslr: Strip sample registers Ian Rogers
2026-06-08 5:48 ` [PATCH v19 5/5] perf test: Add inject ASLR test Ian Rogers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260607215610.D07911F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox