[PATCH 15/29] perf annotate: Fix jump target outside of function address range

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org,
	Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Chris Riyder <chris.ryder@arm.com>,
	Kim Phillips <kim.phillips@arm.com>,
	Markus Trippelsdorf <markus@trippelsdorf.de>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	"Naveen N . Rao" <naveen.n.rao@linux.vnet.ibm.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Taeung Song <treeze.taeung@gmail.com>,
	linuxppc-dev@lists.ozlabs.org,
	Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 15/29] perf annotate: Fix jump target outside of function address range
Date: Tue, 20 Dec 2016 14:03:44 -0300	[thread overview]
Message-ID: <20161220170358.4350-16-acme@kernel.org> (raw)
In-Reply-To: <20161220170358.4350-1-acme@kernel.org>

From: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>

If jump target is outside of function range, perf is not handling it
correctly. Especially when target address is lesser than function start
address, target offset will be negative. But, target address declared to
be unsigned, converts negative number into 2's complement. See below
example. Here target of 'jumpq' instruction at 34cf8 is 34ac0 which is
lesser than function start address(34cf0).

        34ac0 - 34cf0 = -0x230 = 0xfffffffffffffdd0

Objdump output:

  0000000000034cf0 <__sigaction>:
  __GI___sigaction():
    34cf0: lea    -0x20(%rdi),%eax
    34cf3: cmp    -bashx1,%eax
    34cf6: jbe    34d00 <__sigaction+0x10>
    34cf8: jmpq   34ac0 <__GI___libc_sigaction>
    34cfd: nopl   (%rax)
    34d00: mov    0x386161(%rip),%rax        # 3bae68 <_DYNAMIC+0x2e8>
    34d07: movl   -bashx16,%fs:(%rax)
    34d0e: mov    -bashxffffffff,%eax
    34d13: retq

perf annotate before applying patch:

  __GI___sigaction  /usr/lib64/libc-2.22.so
           lea    -0x20(%rdi),%eax
           cmp    -bashx1,%eax
        v  jbe    10
        v  jmpq   fffffffffffffdd0
           nop
    10:    mov    _DYNAMIC+0x2e8,%rax
           movl   -bashx16,%fs:(%rax)
           mov    -bashxffffffff,%eax
           retq

perf annotate after applying patch:

  __GI___sigaction  /usr/lib64/libc-2.22.so
           lea    -0x20(%rdi),%eax
           cmp    -bashx1,%eax
        v  jbe    10
        ^  jmpq   34ac0 <__GI___libc_sigaction>
           nop
    10:    mov    _DYNAMIC+0x2e8,%rax
           movl   -bashx16,%fs:(%rax)
           mov    -bashxffffffff,%eax
           retq

Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Chris Riyder <chris.ryder@arm.com>
Cc: Kim Phillips <kim.phillips@arm.com>
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Taeung Song <treeze.taeung@gmail.com>
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/1480953407-7605-3-git-send-email-ravi.bangoria@linux.vnet.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/ui/browsers/annotate.c |  5 +++--
 tools/perf/util/annotate.c        | 14 +++++++++-----
 tools/perf/util/annotate.h        |  5 +++--
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/tools/perf/ui/browsers/annotate.c b/tools/perf/ui/browsers/annotate.c
index ec7a30fad149..ba36aac340bc 100644
--- a/tools/perf/ui/browsers/annotate.c
+++ b/tools/perf/ui/browsers/annotate.c
@@ -215,7 +215,7 @@ static void annotate_browser__write(struct ui_browser *browser, void *entry, int
 			ui_browser__set_color(browser, color);
 		if (dl->ins.ops && dl->ins.ops->scnprintf) {
 			if (ins__is_jump(&dl->ins)) {
-				bool fwd = dl->ops.target.offset > (u64)dl->offset;
+				bool fwd = dl->ops.target.offset > dl->offset;
 
 				ui_browser__write_graph(browser, fwd ? SLSMG_DARROW_CHAR :
 								    SLSMG_UARROW_CHAR);
@@ -245,7 +245,8 @@ static bool disasm_line__is_valid_jump(struct disasm_line *dl, struct symbol *sy
 {
 	if (!dl || !dl->ins.ops || !ins__is_jump(&dl->ins)
 	    || !disasm_line__has_offset(dl)
-	    || dl->ops.target.offset >= symbol__size(sym))
+	    || dl->ops.target.offset < 0
+	    || dl->ops.target.offset >= (s64)symbol__size(sym))
 		return false;
 
 	return true;
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index 590244e5781e..c81a3950a7fe 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -230,10 +230,12 @@ static int jump__parse(struct arch *arch __maybe_unused, struct ins_operands *op
 	else
 		ops->target.addr = strtoull(ops->raw, NULL, 16);
 
-	if (s++ != NULL)
+	if (s++ != NULL) {
 		ops->target.offset = strtoull(s, NULL, 16);
-	else
-		ops->target.offset = UINT64_MAX;
+		ops->target.offset_avail = true;
+	} else {
+		ops->target.offset_avail = false;
+	}
 
 	return 0;
 }
@@ -241,7 +243,7 @@ static int jump__parse(struct arch *arch __maybe_unused, struct ins_operands *op
 static int jump__scnprintf(struct ins *ins, char *bf, size_t size,
 			   struct ins_operands *ops)
 {
-	if (!ops->target.addr)
+	if (!ops->target.addr || ops->target.offset < 0)
 		return ins__raw_scnprintf(ins, bf, size, ops);
 
 	return scnprintf(bf, size, "%-6.6s %" PRIx64, ins->name, ops->target.offset);
@@ -1209,9 +1211,11 @@ static int symbol__parse_objdump_line(struct symbol *sym, struct map *map,
 	if (dl == NULL)
 		return -1;
 
-	if (dl->ops.target.offset == UINT64_MAX)
+	if (!disasm_line__has_offset(dl)) {
 		dl->ops.target.offset = dl->ops.target.addr -
 					map__rip_2objdump(map, sym->start);
+		dl->ops.target.offset_avail = true;
+	}
 
 	/* kcore has no symbols, so add the call target name */
 	if (dl->ins.ops && ins__is_call(&dl->ins) && !dl->ops.target.name) {
diff --git a/tools/perf/util/annotate.h b/tools/perf/util/annotate.h
index 87e4cadc5d27..09776b5af991 100644
--- a/tools/perf/util/annotate.h
+++ b/tools/perf/util/annotate.h
@@ -24,7 +24,8 @@ struct ins_operands {
 		char	*raw;
 		char	*name;
 		u64	addr;
-		u64	offset;
+		s64	offset;
+		bool	offset_avail;
 	} target;
 	union {
 		struct {
@@ -68,7 +69,7 @@ struct disasm_line {
 
 static inline bool disasm_line__has_offset(const struct disasm_line *dl)
 {
-	return dl->ops.target.offset != UINT64_MAX;
+	return dl->ops.target.offset_avail;
 }
 
 void disasm_line__free(struct disasm_line *dl);
-- 
2.9.3

next prev parent reply	other threads:[~2016-12-20 17:09 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-20 17:03 [GIT PULL 00/29] perf/core improvements and fixes Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 01/29] perf tools: Move headers check into bash script Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 02/29] perf sched timehist: Split is_idle_sample() Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 03/29] perf sched timehist: Introduce struct idle_time_data Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 04/29] perf sched timehist: Save callchain when entering idle Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 05/29] perf sched timehist: Skip non-idle events when necessary Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 06/29] perf sched timehist: Add -I/--idle-hist option Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 07/29] perf sched timehist: Show callchains for idle stat Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 08/29] perf tools: Remove some needless __maybe_unused Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 09/29] perf mem: Fix --all-user/--all-kernel options Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 10/29] perf evsel: Use variable instead of repeating lengthy FD macro Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 11/29] perf thread_map: Add thread_map__remove function Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 12/29] perf evsel: Allow to ignore missing pid Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 13/29] perf record: Force ignore_missing_thread for uid option Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 14/29] perf annotate: Support jump instruction with target as second operand Arnaldo Carvalho de Melo
2016-12-20 17:03 ` Arnaldo Carvalho de Melo [this message]
2016-12-20 17:03 ` [PATCH 16/29] tools lib bpf: Sync {tools,}/include/uapi/linux/bpf.h Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 17/29] tools lib bpf: use __u32 from linux/types.h Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 18/29] tools lib bpf: Add flags to bpf_create_map() Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 19/29] samples/bpf: Make samples more libbpf-centric Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 20/29] samples/bpf: Make perf_event_read() static Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 21/29] perf trace: Check if MAP_32BIT is defined (again) Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 22/29] perf bench futex: Fix lock-pi help string Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 23/29] perf annotate: Don't throw error for zero length symbols Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 24/29] perf diff: Do not overwrite valid build id Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 25/29] samples/bpf: Switch over to libbpf Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 26/29] tools lib bpf: Add bpf_prog_{attach,detach} Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 27/29] samples/bpf: Be consistent with bpf_load_program bpf_insn parameter Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 28/29] samples/bpf: Remove perf_event_open() declaration Arnaldo Carvalho de Melo
2016-12-20 17:03 ` [PATCH 29/29] samples/bpf: Move open_raw_sock to separate header Arnaldo Carvalho de Melo
2016-12-20 19:15 ` [GIT PULL 00/29] perf/core improvements and fixes Ingo Molnar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ec7a30fad14 dfblob:ba36aac340b dfblob:590244e5781
dfblob:c81a3950a7f dfblob:87e4cadc5d2 dfblob:09776b5af99 )
 OR (
bs:"[PATCH 15/29] perf annotate: Fix jump target outside of function address range" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161220170358.4350-16-acme@kernel.org \
    --to=acme@kernel.org \
    --cc=acme@redhat.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=chris.ryder@arm.com \
    --cc=kim.phillips@arm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=markus@trippelsdorf.de \
    --cc=mhiramat@kernel.org \
    --cc=mingo@kernel.org \
    --cc=naveen.n.rao@linux.vnet.ibm.com \
    --cc=peterz@infradead.org \
    --cc=ravi.bangoria@linux.vnet.ibm.com \
    --cc=treeze.taeung@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).