[PATCH v5 0/5] perf tools: Add inject --aslr feature and prerequisite robustness fixes

[Ian Rogers <irogers@google.com>]

This patch series introduces the new 'perf inject --aslr' feature to remap
virtual memory addresses or drop physical memory event leaks when profile
record data is shared between machines. Bundled with this feature are three
independent, critical bug fixes inside core event dispatching and map tracking
tools that harden perf session analysis against dynamic crashes and callchain
mapping failures.

Core Feature: 'perf inject --aslr' (Patches 4 and 5)

Transferring perf.data files across environments introduces a potential leak
of virtual address footprints, weakening Address Space Layout Randomization
(ASLR) on the originating machine. To mitigate this, we introduce the --aslr
flag into perf inject. Unknown or unhandled events are dropped conservatively,
while handled samples and branch loops undergo systematic virtual memory offset
obfuscation.

The ASLR tracking tool virtualizes process and machine namespaces using
'struct machines' to safely isolate host mappings from unprivileged KVM guest
address spaces. Memory space layouts are tracked globally per process context to
ensure linear, continuous space allocations across successive mapping runs.

To remain strictly conservative and guarantee security, the tool scrubs
breakpoint addresses (bp_addr) from all synthesized stream headers, and drops
unsupported complex payloads (such as user register stacks, raw tracepoints,
and hardware AUX tracing frames) to completely eliminate accidental address
leakage vectors.

Verification is reinforced in Patch 5 with a comprehensive POSIX shell
suite ('inject_aslr.sh'), hardened against SIGPIPE signal exits with stream
consuming awk loops and robust 'set -o pipefail' assertions. The suite includes
a dedicated scenario validating raw 'perf inject -o -' pipe stdout generation
attribute stability.

Prerequisite Bug Fixes (Patches 1, 2, and 3)

During development, three core event delegation and map indexing issues were
identified and resolved to prevent crashes and data-loss during analysis:

1. perf sched: 'timehist' registers standard MMAP, COMM, EXIT, and FORK stubs,
   but completely omitted registering MMAP2 callbacks. Because modern environments
   output maps primarily via MMAP2 frames, this caused timehist sessions to silently
   drop shared library mappings, causing dynamic callchain symbol resolutions to
   fail. Patch 1 corrects this by properly registering perf_event__process_mmap2.

2. perf tool: Patch 2 fixes missing copies of schedstat callbacks inside delegated
   wrapper tools (which caused segfaults on NULL stubs) and properly initializes/copies
   the 'dont_split_sample_group' grouping parameters to prevent stack garbage from 
   triggering silent non-leader events drops during split deliver streams.

3. perf symbols: Patch 3 resolves a deep structural map tracking desynchronization bug
   inside symbol-elf.c by re-engineering the map removal sequence order to run
   strictly BEFORE in-place virtual address mutations, preventing absolute binary
   searches (bsearch) from failing on misaligned cache array slots.

Changes since v4:
- Core Bug Fix: Introduce a new prerequisite standalone fix patch (Patch 3) that
  re-engineers map tracking removal sequence order inside symbol-elf.c to prevent
  corrupting binary search index arrays during in-place address mutations.
- Feature Core: Refactor aslr_tool__delete to cleanly clear host/guest maps and
  structures via machines__destroy_kernel_maps() to cure all destructor leaks.
- Feature Core: Integrate the 'first_kernel_mapping' state guard to protect
  kernel module file offsets (pgoff) from corruption, preventing dynamic
  symbolization resolutions dropouts.
- Feature Integration: Move breakpoint address (bp_addr) cleaning to the core
  session memory initialization startup level, natively securing both files and
  pipes while completely stripping away redundant runtime wrapper layers.
- Validation Suite: Harden grep-v filters with || true operators to protect pipelines
  from crashing under set -o pipefail on empty inputs.
- Style: Prune out and streamline commit log text clutter into concise high-level
  architectural summary overviews.

Ian Rogers (5):
  perf sched: Add missing mmap2 handler in timehist
  perf tool: Fix missing schedstat delegates and dont_split_sample_group
    in delegate_tool
  perf symbols: Fix map removal sequence inside
    dso__process_kernel_symbol()
  perf inject/aslr: Add aslr tool to remap/obfuscate virtual addresses
  perf test: Add inject ASLR test

 tools/perf/builtin-inject.c           |   31 +-
 tools/perf/builtin-sched.c            |    1 +
 tools/perf/tests/shell/inject_aslr.sh |  459 ++++++++++
 tools/perf/util/Build                 |    1 +
 tools/perf/util/aslr.c                | 1220 +++++++++++++++++++++++++
 tools/perf/util/aslr.h                |   10 +
 tools/perf/util/symbol-elf.c          |   21 +-
 tools/perf/util/tool.c                |    6 +
 8 files changed, 1743 insertions(+), 6 deletions(-)
 create mode 100755 tools/perf/tests/shell/inject_aslr.sh
 create mode 100644 tools/perf/util/aslr.c
 create mode 100644 tools/perf/util/aslr.h

-- 
2.54.0.545.g6539524ca2-goog