* [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms
2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
@ 2026-06-26 21:21 ` Joe Lawrence
2026-06-26 21:21 ` [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing Joe Lawrence
2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
2 siblings, 0 replies; 5+ messages in thread
From: Joe Lawrence @ 2026-06-26 21:21 UTC (permalink / raw)
To: linux-perf-users, linux-kernel, live-patching; +Cc: Petr Mladek
Livepatch modules contain special symbols (prefixed by ".klp.sym.") that
act as relocation placeholders. Once resolved, they point to the same
addresses as the original kernel symbols they reference. [1]
These special symbols confuse the 'vmlinux symtab matches kallsyms' perf
test as kallsyms may report multiple symbols sharing a single kernel
address. For example:
kallsyms (without livepatch)
----------------------------
ffffffff81a41110 T __pfx_arch_release_task_struct
> ffffffff81a41120 T arch_release_task_struct
ffffffff81a41140 T __pfx_exit_thread
ffffffff81a41150 T exit_thread
kallsyms (with livepatch loaded)
---------------------------------
ffffffff81a41110 T __pfx_arch_release_task_struct
> ffffffff81a41120 T arch_release_task_struct
ffffffff81a41140 T __pfx_exit_thread
ffffffff81a41150 T exit_thread
> ffffffff81a41120 w .klp.sym.vmlinux.arch_release_task_struct,0 [kpatch_5_14_0_570_94_1_1_3]
When perf loads kallsyms, both symbols are inserted into the symbol
table at the same address, corrupting symbol end-address calculations
and causing test failures.
Filter out symbols prefixed with ".klp.sym." when loading kallsyms, as
they alias existing kernel symbols.
Link: https://docs.kernel.org/livepatch/module-elf-format.html#livepatch-symbols [1]
Reported-and-tested-by: Ben Procknow <bprockno@redhat.com> [downstream backport]
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
tools/perf/util/symbol.c | 4 ++--
tools/perf/util/symbol.h | 12 ++++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index cd379ced19e5..a562702b4841 100644
--- a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -880,8 +880,8 @@ static int map__process_kallsym_symbol(void *arg, const char *name,
if (!symbol_type__filter(type))
return 0;
- /* Ignore mapping symbols in kallsyms */
- if (is_ignored_kernel_symbol(name))
+ /* Ignore mapping and livepatch symbols in kallsyms */
+ if (is_ignored_kernel_symbol(name) || is_livepatch_symbol(name))
return 0;
/*
diff --git a/tools/perf/util/symbol.h b/tools/perf/util/symbol.h
index a71525335703..d0bac824c79c 100644
--- a/tools/perf/util/symbol.h
+++ b/tools/perf/util/symbol.h
@@ -8,7 +8,9 @@
#include <stdint.h>
#include <stdatomic.h>
#include <linux/list.h>
+#include <linux/livepatch_external.h>
#include <linux/rbtree.h>
+#include <linux/string.h>
#include <stdio.h>
#include <errno.h>
#include "addr_location.h"
@@ -45,6 +47,16 @@ static inline bool is_ignored_kernel_symbol(const char *str)
return str[0] == '$';
}
+/*
+ * Livepatch symbols (.klp.sym.*) are relocation placeholders whose resolved
+ * addresses alias existing kernel symbols. They carry a [module] tag which
+ * confuses module boundary tracking and symbol table lookups.
+ */
+static inline bool is_livepatch_symbol(const char *str)
+{
+ return strstarts(str, KLP_SYM_PREFIX);
+}
+
/*
* libelf 0.8.x and earlier do not support ELF_C_READ_MMAP;
* for newer versions we can use mmap to reduce memory usage:
--
2.54.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing
2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
2026-06-26 21:21 ` [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms Joe Lawrence
@ 2026-06-26 21:21 ` Joe Lawrence
2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
2 siblings, 0 replies; 5+ messages in thread
From: Joe Lawrence @ 2026-06-26 21:21 UTC (permalink / raw)
To: linux-perf-users, linux-kernel, live-patching; +Cc: Petr Mladek
Livepatch symbols (.klp.sym.*) carry a [module] tag but resolve to core
kernel text addresses. When kcore_copy__process_kallsyms() encounters
these symbols, they are treated as module symbols, pulling the
first_module_symbol down to a kernel text address.
This corrupts the module memory range used to build the kcore PT_LOAD
segments. For example, with a kpatch module containing a
".klp.sym.vmlinux.arch_release_task_struct,0" livepatch symbol loaded:
kernel symbols
...
ffffffffb4a41120 arch_release_task_struct
... ^
... | aliased by .klp.sym
... | drags first_module_symbol here
|
(43M gap) | bloated kcore segment
|
module symbols |
ffffffffc047b000 <-- correct first_module_symbol
...
...
This causes the module PT_LOAD segment to start at the .klp.sym address
and not the real first module address, bloating the kcore copy:
Baseline (no livepatch): VirtAddr ffffffffc047b000, 8.5M
Bloated (with livepatch): VirtAddr ffffffffb4a41000, 54M
Post-fix (with livepatch): VirtAddr ffffffffc047b000, 8.9M
Filter livepatch symbols early in kcore_copy__process_kallsyms() before
they can affect module boundary tracking.
Reported-by: Sashiko <sashiko-bot@kernel.org>
Link: https://sashiko.dev/#/patchset/20260624201254.472576-1-joe.lawrence@redhat.com?part=1
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
tools/perf/util/symbol-elf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 39562bdec8b9..f6f6b54da131 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -2216,6 +2216,10 @@ static int kcore_copy__process_kallsyms(void *arg, const char *name, char type,
if (!kallsyms__is_function(type))
return 0;
+ /* Ignore livepatch symbols */
+ if (is_livepatch_symbol(name))
+ return 0;
+
if (strchr(name, '[')) {
if (!kci->first_module_symbol || start < kci->first_module_symbol)
kci->first_module_symbol = start;
--
2.54.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH v2 0/2] perf symbols: skip livepatch symbols
2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
2026-06-26 21:21 ` [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms Joe Lawrence
2026-06-26 21:21 ` [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing Joe Lawrence
@ 2026-07-01 23:54 ` Namhyung Kim
2026-07-02 7:59 ` Petr Mladek
2 siblings, 1 reply; 5+ messages in thread
From: Namhyung Kim @ 2026-07-01 23:54 UTC (permalink / raw)
To: Petr Mladek; +Cc: linux-perf-users, linux-kernel, live-patching, Joe Lawrence
Hello,
On Fri, Jun 26, 2026 at 05:21:38PM -0400, Joe Lawrence wrote:
> This patchset fixes two minor perf bugs when livepatches containing
> special so-called livepatch symbols are loaded. In both cases, perf
> should ignore these symbols as they resolve as relocations to kernel
> addresses and not module space.
>
> - Patch 1 fixes `perf test 1`
> - Patch 2 fixes `perf record --kcore` bloat
>
>
> Testing notes
> =============
>
> ("perf symbols: skip livepatch symbols when loading kallsyms"):
>
> Without patch:
> ./tools/perf/perf test 1
> 1: vmlinux symtab matches kallsyms : FAILED!
>
> With patch:
> ./tools/perf/perf test 1
> 1: vmlinux symtab matches kallsyms : Ok
>
> ("perf symbols: skip livepatch symbols in kcore_copy")
>
> 1. Baseline = pre-patch perf, no livepatch
> ------------------------------------------
>
> $ ./tools/perf/perf record --kcore -a -o /tmp/baseline.data -- sleep 1
> [ perf record: Woken up 1 times to write data ]
> [ perf record: Captured and wrote 0.221 MB /tmp/baseline.data (1717 samples) ]
>
> $ tree --noreport -h /tmp/baseline.data
> /tmp/baseline.data
> |-- [ 235K] data
> `-- [ 50] kcore_dir
> |-- [ 11M] kallsyms
> |-- [ 25M] kcore
> `-- [ 1.7K] modules
>
>
> 2. Bloated kcore = pre-patch perf, with livepatch
> -------------------------------------------------
>
> $ insmod kpatch-5_14_0-570_94_1-1-3.ko
> $ ./tools/perf/perf record --kcore -a -o /tmp/klp-bloated.data -- sleep 1
> [ perf record: Woken up 1 times to write data ]
> [ perf record: Captured and wrote 0.274 MB /tmp/klp-bloated.data (2757 samples) ]
>
> $ tree --noreport -h /tmp/klp-bloated.data
> /tmp/klp-bloated.data
> |-- [ 288K] data
> `-- [ 50] kcore_dir
> |-- [ 11M] kallsyms
> |-- [ 68M] kcore
> `-- [ 1.8K] modules
>
>
> 3. Post-fix = patched perf, with livepatch
> ------------------------------------------
>
> [ kpatch-5_14_0-570_94_1-1-3.ko still loaded from test (2) ]
>
> $ ./tools/perf/perf record --kcore -a -o /tmp/postfix.data -- sleep 1
> [ perf record: Woken up 1 times to write data ]
> [ perf record: Captured and wrote 0.274 MB /tmp/postfix.data (2763 samples) ]
>
> $ tree --noreport -h /tmp/postfix.data
> /tmp/postfix.data
> |-- [ 289K] data
> `-- [ 50] kcore_dir
> |-- [ 11M] kallsyms
> |-- [ 25M] kcore
> `-- [ 1.8K] modules
>
> Changes
> =======
>
> v2:
> - Move klp symbol check into tools/perf/util/symbol.h alongside similar
> is_ignored_kernel_symbol() check [Petr]
> - Use KLP_SYM_PREFIX instead of inlining it [Petr]
> - Add similar check to kcore_copy__process_kallsyms() [Sashiko]
>
> - Note: Sashiko flagged a pre-existing off-by-one in kallsyms__parse()
> where the symbol-name loop could write past symbol_name[] on overlong
> entries. That issue is unrelated to livepatch symbols and was already
> fixed by Rui Qi's 68018df3f55e ("perf: Fix off-by-one stack buffer
> overflow in kallsyms__parse()").
Petr, are you ok with this change?
Thanks,
Namhyung
>
> v1: https://lore.kernel.org/linux-perf-users/ajzwjNncrI3Bob_o@pathway.suse.cz/T/#t
>
> Joe Lawrence (2):
> perf symbols: skip livepatch symbols when loading kallsyms
> perf symbols: skip livepatch symbols in kcore_copy kallsyms processing
>
> tools/perf/util/symbol-elf.c | 4 ++++
> tools/perf/util/symbol.c | 4 ++--
> tools/perf/util/symbol.h | 12 ++++++++++++
> 3 files changed, 18 insertions(+), 2 deletions(-)
>
> --
> 2.54.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH v2 0/2] perf symbols: skip livepatch symbols
2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
@ 2026-07-02 7:59 ` Petr Mladek
0 siblings, 0 replies; 5+ messages in thread
From: Petr Mladek @ 2026-07-02 7:59 UTC (permalink / raw)
To: Namhyung Kim; +Cc: linux-perf-users, linux-kernel, live-patching, Joe Lawrence
On Wed 2026-07-01 16:54:02, Namhyung Kim wrote:
> Hello,
>
> On Fri, Jun 26, 2026 at 05:21:38PM -0400, Joe Lawrence wrote:
> > This patchset fixes two minor perf bugs when livepatches containing
> > special so-called livepatch symbols are loaded. In both cases, perf
> > should ignore these symbols as they resolve as relocations to kernel
> > addresses and not module space.
> >
> > - Patch 1 fixes `perf test 1`
> > - Patch 2 fixes `perf record --kcore` bloat
> >
> >
> > Testing notes
> > =============
> >
> > ("perf symbols: skip livepatch symbols when loading kallsyms"):
> >
> > Without patch:
> > ./tools/perf/perf test 1
> > 1: vmlinux symtab matches kallsyms : FAILED!
> >
> > With patch:
> > ./tools/perf/perf test 1
> > 1: vmlinux symtab matches kallsyms : Ok
> >
> > ("perf symbols: skip livepatch symbols in kcore_copy")
> >
> > 1. Baseline = pre-patch perf, no livepatch
> > ------------------------------------------
> >
> > $ ./tools/perf/perf record --kcore -a -o /tmp/baseline.data -- sleep 1
> > [ perf record: Woken up 1 times to write data ]
> > [ perf record: Captured and wrote 0.221 MB /tmp/baseline.data (1717 samples) ]
> >
> > $ tree --noreport -h /tmp/baseline.data
> > /tmp/baseline.data
> > |-- [ 235K] data
> > `-- [ 50] kcore_dir
> > |-- [ 11M] kallsyms
> > |-- [ 25M] kcore
> > `-- [ 1.7K] modules
> >
> >
> > 2. Bloated kcore = pre-patch perf, with livepatch
> > -------------------------------------------------
> >
> > $ insmod kpatch-5_14_0-570_94_1-1-3.ko
> > $ ./tools/perf/perf record --kcore -a -o /tmp/klp-bloated.data -- sleep 1
> > [ perf record: Woken up 1 times to write data ]
> > [ perf record: Captured and wrote 0.274 MB /tmp/klp-bloated.data (2757 samples) ]
> >
> > $ tree --noreport -h /tmp/klp-bloated.data
> > /tmp/klp-bloated.data
> > |-- [ 288K] data
> > `-- [ 50] kcore_dir
> > |-- [ 11M] kallsyms
> > |-- [ 68M] kcore
> > `-- [ 1.8K] modules
> >
> >
> > 3. Post-fix = patched perf, with livepatch
> > ------------------------------------------
> >
> > [ kpatch-5_14_0-570_94_1-1-3.ko still loaded from test (2) ]
> >
> > $ ./tools/perf/perf record --kcore -a -o /tmp/postfix.data -- sleep 1
> > [ perf record: Woken up 1 times to write data ]
> > [ perf record: Captured and wrote 0.274 MB /tmp/postfix.data (2763 samples) ]
> >
> > $ tree --noreport -h /tmp/postfix.data
> > /tmp/postfix.data
> > |-- [ 289K] data
> > `-- [ 50] kcore_dir
> > |-- [ 11M] kallsyms
> > |-- [ 25M] kcore
> > `-- [ 1.8K] modules
> >
> > Changes
> > =======
> >
> > v2:
> > - Move klp symbol check into tools/perf/util/symbol.h alongside similar
> > is_ignored_kernel_symbol() check [Petr]
> > - Use KLP_SYM_PREFIX instead of inlining it [Petr]
> > - Add similar check to kcore_copy__process_kallsyms() [Sashiko]
> >
> > - Note: Sashiko flagged a pre-existing off-by-one in kallsyms__parse()
> > where the symbol-name loop could write past symbol_name[] on overlong
> > entries. That issue is unrelated to livepatch symbols and was already
> > fixed by Rui Qi's 68018df3f55e ("perf: Fix off-by-one stack buffer
> > overflow in kallsyms__parse()").
>
> Petr, are you ok with this change?
Yup, both changes look good to me. Feel free to use:
Acked-by: Petr Mladek <pmladek@suse.com>
Best Regards,
Petr
^ permalink raw reply [flat|nested] 5+ messages in thread