From: Anshuman Khandual <anshuman.khandual@arm.com>
To: James Clark <james.clark@arm.com>
Cc: Mark Brown <broonie@kernel.org>, Rob Herring <robh@kernel.org>,
Marc Zyngier <maz@kernel.org>,
Suzuki Poulose <suzuki.poulose@arm.com>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, peterz@infradead.org,
acme@kernel.org, mark.rutland@arm.com, will@kernel.org,
catalin.marinas@arm.com
Subject: Re: [PATCH V5 6/7] arm64/perf: Add BRBE driver
Date: Wed, 30 Nov 2022 10:19:25 +0530 [thread overview]
Message-ID: <54d532cc-089c-0c6c-6bf4-be840bc27826@arm.com> (raw)
In-Reply-To: <25658a70-0b37-966d-e46c-f86be2a76a8e@arm.com>
On 11/29/22 21:23, James Clark wrote:
>
>
> On 07/11/2022 06:25, Anshuman Khandual wrote:
>> This adds a BRBE driver which implements all the required helper functions
>> for struct arm_pmu. Following functions are defined by this driver which
>> will configure, enable, capture, reset and disable BRBE buffer HW as and
>> when requested via perf branch stack sampling framework.
>
> Hi Anshuman,
>
> I've got a rough version of an updated test for branch stacks here [1].
> A couple of interesting things that I've noticed running it:
>
> First one is that sometimes I get (null) for the branch type. Debugging
> in GDB shows me that the type is actually type == PERF_BR_EXTEND_ABI &&
> new_type == 11. I can't see how this is possible looking at the driver
Hmm, that is strange.
brbe_fetch_perf_type() evaluates captured brbinf and extracts BRBE branch
type and later maps into perf branch types. All new perf branch types are
contained inside [PERF_BR_NEW_FAULT_ALGN = 0 .. PERF_BR_NEW_ARCH_5 = 7].
Hence wondering how '11' can be a new_type value after PERF_BR_EXTEND_ABI
switch.
> code. I think I saw this on a previous version of the patchset too but
> didn't mention it because I thought it wasn't significant, but now I see
> that something strange is going on. An interesting pattern is that they
> are always after ERET samples and go from userspace to kernel:
Unless it can be ascertained that wrong values are getting passed into the
perf ring buffer via cpuc->branches->brbe_entries[idx].[type | new_type],
the problem might be with perf report parsing the branch records ?
There are valid new branch types such as ARM64_DEBUG_DATA reported after
ERET records as well. I guess the only way to figure out the problem here
is to track the errant branch record from cpuc->branches->brbe_entries to
all the way upto perf report processing.
>
> 41992866945460 0x6e8 [0x360]: PERF_RECORD_SAMPLE(IP, 0x1): 501/501:
> 0xffff800008010118 period: 1229 addr: 0
> ... branch stack: nr:34
> .. 007a9988 -> 00000000 0 cycles P 9fbfbfbf IRQ
> .. 00000000 -> 007a9988 0 cycles P 9fbfbfbf ERET
> .. 007a9988 -> 00000000 0 cycles P 9fbfbfbf (null)
> .. 00747668 -> 007a9988 0 cycles P 9fbfbfbf CALL
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00747664 -> 00747660 0 cycles P 9fbfbfbf COND
> .. 00000000 -> 00747658 0 cycles P 9fbfbfbf ERET
> .. 00747658 -> 00000000 0 cycles P 9fbfbfbf ARM64_DEBUG_DATA
> .. 00000000 -> 00747650 0 cycles P 9fbfbfbf ERET
> .. 00747650 -> 00000000 0 cycles P 9fbfbfbf ARM64_DEBUG_DATA
> .. 00747624 -> 00747634 0 cycles P 9fbfbfbf COND
> .. 00000000 -> 007475f4 0 cycles P 9fbfbfbf ERET
> .. 007475f4 -> 00000000 0 cycles P 9fbfbfbf ARM64_DEBUG_DATA
> .. 00000000 -> 007475e8 0 cycles P 9fbfbfbf ERET
> .. 007475e8 -> 00000000 0 cycles P 9fbfbfbf (null)
> .. 004005ac -> 007475e8 0 cycles P 9fbfbfbf CALL
> .. 00000000 -> 00400564 0 cycles P 9fbfbfbf ERET
> .. 00400564 -> 00000000 0 cycles P 9fbfbfbf (null)
> .. 00000000 -> 00400564 0 cycles P 9fbfbfbf ERET
> .. thread: perf:501
> ...... dso: [kernel.kallsyms]
>
> The second one is that sometimes I get kernel addresses and RET branches
> even if the option is any_call,u. The pattern here is that it's the last
> non empty branch stack of a run, so maybe there is some disable path
> where the filters aren't configured properly:
The latest code (not posted), disables TRBE completely while reading the
branch records during PMU interrupt. Could you please apply those changes
as well, or rather just use the branch instead.
https://gitlab.arm.com/linux-arm/linux-anshuman/-/commit/ab17879711f0e61c280ed52400ccde172b67e04a
>
> armv8pmu_brbe_enable+0xc/arm64_pmu_brbe_enable+0x0/P/-/-/0/CALL
> armpmu_start+0xe0/armv8pmu_brbe_enable+0x0/P/-/-/0/IND_CALL
> armv8pmu_brbe_reset+0x18/armpmu_start+0xd0/P/-/-/0/RET
> arm64_pmu_brbe_reset+0x18/armv8pmu_brbe_reset+0x10/P/-/-/0/RET
I am wondering how the different privilege branch record leak is possible.
Because arm64_pmu_brbe_enable() should start BRBE from a clean state with
respect to privilege level filters.
void arm64_pmu_brbe_enable(struct pmu_hw_events *cpuc)
{
u64 brbfcr, brbcr;
if (brbe_disabled(cpuc))
return;
brbfcr = read_sysreg_s(SYS_BRBFCR_EL1);
brbfcr &= ~BRBFCR_EL1_BANK_MASK;
brbfcr &= ~(BRBFCR_EL1_EnI | BRBFCR_EL1_PAUSED | BRBE_FCR_MASK);
brbfcr |= (cpuc->brbfcr & BRBE_FCR_MASK);
write_sysreg_s(brbfcr, SYS_BRBFCR_EL1);
isb();
brbcr = read_sysreg_s(SYS_BRBCR_EL1);
brbcr &= ~BRBE_CR_MASK; --> Contains BRBCR_EL1_E1BRE and BRBCR_EL1_E0BRE
brbcr |= BRBCR_EL1_FZP;
brbcr |= (BRBCR_EL1_TS_PHYSICAL << BRBCR_EL1_TS_SHIFT);
brbcr |= (cpuc->brbcr & BRBE_CR_MASK);
write_sysreg_s(brbcr, SYS_BRBCR_EL1);
isb();
}
Could these samples are from a previous session ? But they should have been
flushed in armpmu_start().
static void armpmu_start(struct perf_event *event, int flags)
{
.........
if (has_branch_stack(event)) {
if (event->ctx->task && hw_events->brbe_context != event->ctx) {
armpmu->brbe_reset(hw_events);
hw_events->brbe_context = event->ctx;
}
armpmu->brbe_enable(hw_events);
hw_events->brbe_users++;
}
.........
}
>
>
> [1]:
> https://gitlab.arm.com/linux-arm/linux-jc/-/commit/7260b7bef06ac161eac88d05266e8c5c303d9881
next prev parent reply other threads:[~2022-11-30 4:49 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 6:25 [PATCH V5 0/7] arm64/perf: Enable branch stack sampling Anshuman Khandual
2022-11-07 6:25 ` [PATCH V5 1/7] arm64/perf: Add BRBE registers and fields Anshuman Khandual
2022-11-07 15:15 ` Mark Brown
2022-11-07 6:25 ` [PATCH V5 2/7] arm64/perf: Update struct arm_pmu for BRBE Anshuman Khandual
2022-11-09 11:30 ` Suzuki K Poulose
2022-11-18 6:39 ` Anshuman Khandual
2022-11-18 17:47 ` Mark Rutland
2022-11-29 6:06 ` Anshuman Khandual
2022-11-07 6:25 ` [PATCH V5 3/7] arm64/perf: Update struct pmu_hw_events " Anshuman Khandual
2022-11-07 6:25 ` [PATCH V5 4/7] driver/perf/arm_pmu_platform: Add support for BRBE attributes detection Anshuman Khandual
2022-11-18 18:01 ` Mark Rutland
2022-11-21 6:36 ` Anshuman Khandual
2022-11-21 11:39 ` Mark Rutland
2022-11-28 8:24 ` Anshuman Khandual
2022-11-07 6:25 ` [PATCH V5 5/7] arm64/perf: Drive BRBE from perf event states Anshuman Khandual
2022-11-18 18:15 ` Mark Rutland
2022-11-29 6:26 ` Anshuman Khandual
2022-11-07 6:25 ` [PATCH V5 6/7] arm64/perf: Add BRBE driver Anshuman Khandual
2022-11-09 3:08 ` Anshuman Khandual
2022-11-16 16:42 ` James Clark
2022-11-17 5:45 ` Anshuman Khandual
2022-11-17 10:09 ` James Clark
2022-11-18 6:14 ` Anshuman Khandual
2022-11-29 15:53 ` James Clark
2022-11-30 4:49 ` Anshuman Khandual [this message]
2022-11-30 16:56 ` James Clark
2022-12-06 17:05 ` James Clark
2022-11-07 6:25 ` [PATCH V5 7/7] arm64/perf: Enable branch stack sampling Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54d532cc-089c-0c6c-6bf4-be840bc27826@arm.com \
--to=anshuman.khandual@arm.com \
--cc=acme@kernel.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.clark@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=robh@kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).