Re: [PATCH v2 6/7] perf annotate: Support BPF JIT disassembly via genelf

Linux Perf Users
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: bpf@vger.kernel.org, linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v2 6/7] perf annotate: Support BPF JIT disassembly via genelf
Date: Tue, 09 Jun 2026 07:22:46 +0000	[thread overview]
Message-ID: <20260609072247.5AD0A1F0089A@smtp.kernel.org> (raw)
In-Reply-To: <20260609070732.545416-7-irogers@google.com>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Objdump fails to disassemble the temporary BPF ELF file because of an address range mismatch between the ELF file's hardcoded text section and objdump's `--start-address` boundary.
--

commit 515b53823b20255d2b911e2440f76dd5f76eaf39
Author: Ian Rogers <irogers@google.com>

perf annotate: Support BPF JIT disassembly via genelf

For in-memory BPF DSOs (DSO_BINARY_TYPE__BPF_PROG_INFO), write the
JITted instruction buffer to a temporary ELF file on disk using the
existing genelf framework (jit_write_elf). Reroute disassembly to
this temporary ELF file, allowing objdump and libasm to disassemble it
natively. Clean up the temporary file afterward.

> diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
> index 42af3603fdffd..0648afd1b5f31 100644
> --- a/tools/perf/util/disasm.c
> +++ b/tools/perf/util/disasm.c
[ ... ]
> +#ifdef HAVE_LIBELF_SUPPORT
> +#include <unistd.h>
> +#include "dwarf-regs.h"
> +static int symbol__create_bpf_temp_elf(const char *filename, struct symbol *sym,
> +				       struct annotate_args *args,
> +				       char *tmp_elf, size_t tmp_elf_sz)
> +{
[ ... ]
> +	if (tmp_fd >= 0) {
> +		uint16_t e_machine = args->arch ? args->arch->id.e_machine : EM_HOST;
> +
> +		if (jit_write_elf(tmp_fd, e_machine, map__rip_2objdump(map, sym->start),
> +				  sym->name, buf, buf_len,
> +				  NULL, 0, NULL, 0, 0) == 0) {

[Severity: Medium]
Will this cause objdump to misalign or truncate the disassembly?

When symbol__create_bpf_temp_elf() calls jit_write_elf(), it passes
map__rip_2objdump(map, sym->start) as the load_addr argument, but
jit_write_elf() explicitly ignores this argument:

tools/perf/util/genelf.c:jit_write_elf() {
    ...
    int
    jit_write_elf(int fd, uint16_t e_machine, uint64_t load_addr __maybe_unused, const char *sym,
    ...
}

Instead, jit_write_elf() hardcodes the .text section VMA to
GEN_ELF_TEXT_OFFSET (typically 128 bytes).

Later, when symbol__disassemble_objdump() invokes objdump, it uses
--start-address and --stop-address derived from the symbol's start and end
addresses:

tools/perf/util/disasm.c:symbol__disassemble_objdump() {
    ...
	err = asprintf(&command,
		 "%s %s%s --start-address=0x%016" PRIx64
		 " --stop-address=0x%016" PRIx64
    ...
}

For BPF DSOs, these addresses typically map to the range [0, csize]. However,
the actual instructions inside the generated ELF are placed at
[GEN_ELF_TEXT_OFFSET, GEN_ELF_TEXT_OFFSET + csize].

If the BPF program is smaller than GEN_ELF_TEXT_OFFSET, does objdump end up
outputting nothing? If it is larger, could this result in objdump reading
misaligned and truncated instructions that no longer match the performance
samples?

As a side note, it appears that any test added later in the series might
silently pass if it only blindly greps for offsets in objdump's output, which
would mask this offset and truncation corruption.

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260609070732.545416-1-irogers@google.com?part=6

next prev parent reply	other threads:[~2026-06-09  7:22 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-09  7:07 [PATCH v2 0/7] perf annotate: Add elfutils libasm disassembler support Ian Rogers
2026-06-09  7:07 ` [PATCH v2 1/7] tools build: Add feature check for elfutils libasm Ian Rogers
2026-06-09  7:21   ` sashiko-bot
2026-06-09  7:07 ` [PATCH v2 2/7] perf build: Add build support and capability " Ian Rogers
2026-06-09  7:19   ` sashiko-bot
2026-06-09  7:07 ` [PATCH v2 3/7] perf annotate: Implement elfutils libasm disassembler backend Ian Rogers
2026-06-09  7:07 ` [PATCH v2 4/7] perf annotate: Add --disassembler command-line option Ian Rogers
2026-06-09  7:07 ` [PATCH v2 5/7] perf test: Enhance annotate test coverage and isolate config Ian Rogers
2026-06-09  7:15   ` sashiko-bot
2026-06-09  7:07 ` [PATCH v2 6/7] perf annotate: Support BPF JIT disassembly via genelf Ian Rogers
2026-06-09  7:22   ` sashiko-bot [this message]
2026-06-09  7:07 ` [PATCH v2 7/7] perf test: Add BPF JIT annotation test coverage for all disassemblers Ian Rogers
2026-06-09  7:18   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260609072247.5AD0A1F0089A@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=irogers@google.com \
    --cc=linux-perf-users@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox