The Linux Kernel Mailing List
 help / color / mirror / Atom feed
* [PATCH v2 0/2] perf symbols: skip livepatch symbols
@ 2026-06-26 21:21 Joe Lawrence
  2026-06-26 21:21 ` [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms Joe Lawrence
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Joe Lawrence @ 2026-06-26 21:21 UTC (permalink / raw)
  To: linux-perf-users, linux-kernel, live-patching; +Cc: Petr Mladek

This patchset fixes two minor perf bugs when livepatches containing
special so-called livepatch symbols are loaded.  In both cases, perf
should ignore these symbols as they resolve as relocations to kernel
addresses and not module space.

- Patch 1 fixes `perf test 1`
- Patch 2 fixes `perf record --kcore` bloat


Testing notes
=============

("perf symbols: skip livepatch symbols when loading kallsyms"):

  Without patch:
  ./tools/perf/perf test 1
    1: vmlinux symtab matches kallsyms                     : FAILED!

  With patch:
  ./tools/perf/perf test 1
    1: vmlinux symtab matches kallsyms                     : Ok

("perf symbols: skip livepatch symbols in kcore_copy")

  1. Baseline = pre-patch perf, no livepatch
  ------------------------------------------
  
  $ ./tools/perf/perf record --kcore -a -o /tmp/baseline.data -- sleep 1
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.221 MB /tmp/baseline.data (1717 samples) ]
  
  $ tree --noreport -h /tmp/baseline.data
  /tmp/baseline.data
  |-- [ 235K]  data
  `-- [   50]  kcore_dir
      |-- [  11M]  kallsyms
      |-- [  25M]  kcore
      `-- [ 1.7K]  modules
  
  
  2. Bloated kcore = pre-patch perf, with livepatch
  -------------------------------------------------
  
  $ insmod kpatch-5_14_0-570_94_1-1-3.ko
  $ ./tools/perf/perf record --kcore -a -o /tmp/klp-bloated.data -- sleep 1
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.274 MB /tmp/klp-bloated.data (2757 samples) ]
  
  $ tree --noreport  -h /tmp/klp-bloated.data
  /tmp/klp-bloated.data
  |-- [ 288K]  data
  `-- [   50]  kcore_dir
      |-- [  11M]  kallsyms
      |-- [  68M]  kcore
      `-- [ 1.8K]  modules
  
  
  3. Post-fix = patched perf, with livepatch
  ------------------------------------------
  
  [ kpatch-5_14_0-570_94_1-1-3.ko still loaded from test (2) ]
  
  $ ./tools/perf/perf record --kcore -a -o /tmp/postfix.data -- sleep 1
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.274 MB /tmp/postfix.data (2763 samples) ]
  
  $ tree --noreport -h /tmp/postfix.data
  /tmp/postfix.data
  |-- [ 289K]  data
  `-- [   50]  kcore_dir
      |-- [  11M]  kallsyms
      |-- [  25M]  kcore
      `-- [ 1.8K]  modules

Changes
=======

v2:
- Move klp symbol check into tools/perf/util/symbol.h alongside similar
  is_ignored_kernel_symbol() check [Petr]
- Use KLP_SYM_PREFIX instead of inlining it [Petr]
- Add similar check to kcore_copy__process_kallsyms() [Sashiko]

- Note: Sashiko flagged a pre-existing off-by-one in kallsyms__parse()
  where the symbol-name loop could write past symbol_name[] on overlong
  entries. That issue is unrelated to livepatch symbols and was already
  fixed by Rui Qi's 68018df3f55e ("perf: Fix off-by-one stack buffer
  overflow in kallsyms__parse()").

v1: https://lore.kernel.org/linux-perf-users/ajzwjNncrI3Bob_o@pathway.suse.cz/T/#t

Joe Lawrence (2):
  perf symbols: skip livepatch symbols when loading kallsyms
  perf symbols: skip livepatch symbols in kcore_copy kallsyms processing

 tools/perf/util/symbol-elf.c |  4 ++++
 tools/perf/util/symbol.c     |  4 ++--
 tools/perf/util/symbol.h     | 12 ++++++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

-- 
2.54.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms
  2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
@ 2026-06-26 21:21 ` Joe Lawrence
  2026-06-26 21:21 ` [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing Joe Lawrence
  2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
  2 siblings, 0 replies; 5+ messages in thread
From: Joe Lawrence @ 2026-06-26 21:21 UTC (permalink / raw)
  To: linux-perf-users, linux-kernel, live-patching; +Cc: Petr Mladek

Livepatch modules contain special symbols (prefixed by ".klp.sym.") that
act as relocation placeholders.  Once resolved, they point to the same
addresses as the original kernel symbols they reference. [1]

These special symbols confuse the 'vmlinux symtab matches kallsyms' perf
test as kallsyms may report multiple symbols sharing a single kernel
address.  For example:

  kallsyms (without livepatch)
  ----------------------------
  ffffffff81a41110 T __pfx_arch_release_task_struct
> ffffffff81a41120 T arch_release_task_struct
  ffffffff81a41140 T __pfx_exit_thread
  ffffffff81a41150 T exit_thread

  kallsyms (with livepatch loaded)
  ---------------------------------
  ffffffff81a41110 T __pfx_arch_release_task_struct
> ffffffff81a41120 T arch_release_task_struct
  ffffffff81a41140 T __pfx_exit_thread
  ffffffff81a41150 T exit_thread
> ffffffff81a41120 w .klp.sym.vmlinux.arch_release_task_struct,0  [kpatch_5_14_0_570_94_1_1_3]

When perf loads kallsyms, both symbols are inserted into the symbol
table at the same address, corrupting symbol end-address calculations
and causing test failures.

Filter out symbols prefixed with ".klp.sym." when loading kallsyms, as
they alias existing kernel symbols.

Link: https://docs.kernel.org/livepatch/module-elf-format.html#livepatch-symbols [1]
Reported-and-tested-by: Ben Procknow <bprockno@redhat.com> [downstream backport]
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
 tools/perf/util/symbol.c |  4 ++--
 tools/perf/util/symbol.h | 12 ++++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c
index cd379ced19e5..a562702b4841 100644
--- a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -880,8 +880,8 @@ static int map__process_kallsym_symbol(void *arg, const char *name,
 	if (!symbol_type__filter(type))
 		return 0;
 
-	/* Ignore mapping symbols in kallsyms */
-	if (is_ignored_kernel_symbol(name))
+	/* Ignore mapping and livepatch symbols in kallsyms */
+	if (is_ignored_kernel_symbol(name) || is_livepatch_symbol(name))
 		return 0;
 
 	/*
diff --git a/tools/perf/util/symbol.h b/tools/perf/util/symbol.h
index a71525335703..d0bac824c79c 100644
--- a/tools/perf/util/symbol.h
+++ b/tools/perf/util/symbol.h
@@ -8,7 +8,9 @@
 #include <stdint.h>
 #include <stdatomic.h>
 #include <linux/list.h>
+#include <linux/livepatch_external.h>
 #include <linux/rbtree.h>
+#include <linux/string.h>
 #include <stdio.h>
 #include <errno.h>
 #include "addr_location.h"
@@ -45,6 +47,16 @@ static inline bool is_ignored_kernel_symbol(const char *str)
 	return str[0] == '$';
 }
 
+/*
+ * Livepatch symbols (.klp.sym.*) are relocation placeholders whose resolved
+ * addresses alias existing kernel symbols.  They carry a [module] tag which
+ * confuses module boundary tracking and symbol table lookups.
+ */
+static inline bool is_livepatch_symbol(const char *str)
+{
+	return strstarts(str, KLP_SYM_PREFIX);
+}
+
 /*
  * libelf 0.8.x and earlier do not support ELF_C_READ_MMAP;
  * for newer versions we can use mmap to reduce memory usage:
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing
  2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
  2026-06-26 21:21 ` [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms Joe Lawrence
@ 2026-06-26 21:21 ` Joe Lawrence
  2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
  2 siblings, 0 replies; 5+ messages in thread
From: Joe Lawrence @ 2026-06-26 21:21 UTC (permalink / raw)
  To: linux-perf-users, linux-kernel, live-patching; +Cc: Petr Mladek

Livepatch symbols (.klp.sym.*) carry a [module] tag but resolve to core
kernel text addresses.  When kcore_copy__process_kallsyms() encounters
these symbols, they are treated as module symbols, pulling the
first_module_symbol down to a kernel text address.

This corrupts the module memory range used to build the kcore PT_LOAD
segments.  For example, with a kpatch module containing a
".klp.sym.vmlinux.arch_release_task_struct,0" livepatch symbol loaded:

  kernel symbols
    ...
    ffffffffb4a41120  arch_release_task_struct
    ...                 ^
    ...                 | aliased by .klp.sym
    ...                 | drags first_module_symbol here
                        |
    (43M gap)           | bloated kcore segment
                        |
  module symbols        |
    ffffffffc047b000  <-- correct first_module_symbol
    ...
    ...

This causes the module PT_LOAD segment to start at the .klp.sym address
and not the real first module address, bloating the kcore copy:

  Baseline (no livepatch):   VirtAddr ffffffffc047b000, 8.5M
  Bloated  (with livepatch): VirtAddr ffffffffb4a41000, 54M
  Post-fix (with livepatch): VirtAddr ffffffffc047b000, 8.9M

Filter livepatch symbols early in kcore_copy__process_kallsyms() before
they can affect module boundary tracking.

Reported-by: Sashiko <sashiko-bot@kernel.org>
Link: https://sashiko.dev/#/patchset/20260624201254.472576-1-joe.lawrence@redhat.com?part=1
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
---
 tools/perf/util/symbol-elf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 39562bdec8b9..f6f6b54da131 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -2216,6 +2216,10 @@ static int kcore_copy__process_kallsyms(void *arg, const char *name, char type,
 	if (!kallsyms__is_function(type))
 		return 0;
 
+	/* Ignore livepatch symbols */
+	if (is_livepatch_symbol(name))
+		return 0;
+
 	if (strchr(name, '[')) {
 		if (!kci->first_module_symbol || start < kci->first_module_symbol)
 			kci->first_module_symbol = start;
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v2 0/2] perf symbols: skip livepatch symbols
  2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
  2026-06-26 21:21 ` [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms Joe Lawrence
  2026-06-26 21:21 ` [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing Joe Lawrence
@ 2026-07-01 23:54 ` Namhyung Kim
  2026-07-02  7:59   ` Petr Mladek
  2 siblings, 1 reply; 5+ messages in thread
From: Namhyung Kim @ 2026-07-01 23:54 UTC (permalink / raw)
  To: Petr Mladek; +Cc: linux-perf-users, linux-kernel, live-patching, Joe Lawrence

Hello,

On Fri, Jun 26, 2026 at 05:21:38PM -0400, Joe Lawrence wrote:
> This patchset fixes two minor perf bugs when livepatches containing
> special so-called livepatch symbols are loaded.  In both cases, perf
> should ignore these symbols as they resolve as relocations to kernel
> addresses and not module space.
> 
> - Patch 1 fixes `perf test 1`
> - Patch 2 fixes `perf record --kcore` bloat
> 
> 
> Testing notes
> =============
> 
> ("perf symbols: skip livepatch symbols when loading kallsyms"):
> 
>   Without patch:
>   ./tools/perf/perf test 1
>     1: vmlinux symtab matches kallsyms                     : FAILED!
> 
>   With patch:
>   ./tools/perf/perf test 1
>     1: vmlinux symtab matches kallsyms                     : Ok
> 
> ("perf symbols: skip livepatch symbols in kcore_copy")
> 
>   1. Baseline = pre-patch perf, no livepatch
>   ------------------------------------------
>   
>   $ ./tools/perf/perf record --kcore -a -o /tmp/baseline.data -- sleep 1
>   [ perf record: Woken up 1 times to write data ]
>   [ perf record: Captured and wrote 0.221 MB /tmp/baseline.data (1717 samples) ]
>   
>   $ tree --noreport -h /tmp/baseline.data
>   /tmp/baseline.data
>   |-- [ 235K]  data
>   `-- [   50]  kcore_dir
>       |-- [  11M]  kallsyms
>       |-- [  25M]  kcore
>       `-- [ 1.7K]  modules
>   
>   
>   2. Bloated kcore = pre-patch perf, with livepatch
>   -------------------------------------------------
>   
>   $ insmod kpatch-5_14_0-570_94_1-1-3.ko
>   $ ./tools/perf/perf record --kcore -a -o /tmp/klp-bloated.data -- sleep 1
>   [ perf record: Woken up 1 times to write data ]
>   [ perf record: Captured and wrote 0.274 MB /tmp/klp-bloated.data (2757 samples) ]
>   
>   $ tree --noreport  -h /tmp/klp-bloated.data
>   /tmp/klp-bloated.data
>   |-- [ 288K]  data
>   `-- [   50]  kcore_dir
>       |-- [  11M]  kallsyms
>       |-- [  68M]  kcore
>       `-- [ 1.8K]  modules
>   
>   
>   3. Post-fix = patched perf, with livepatch
>   ------------------------------------------
>   
>   [ kpatch-5_14_0-570_94_1-1-3.ko still loaded from test (2) ]
>   
>   $ ./tools/perf/perf record --kcore -a -o /tmp/postfix.data -- sleep 1
>   [ perf record: Woken up 1 times to write data ]
>   [ perf record: Captured and wrote 0.274 MB /tmp/postfix.data (2763 samples) ]
>   
>   $ tree --noreport -h /tmp/postfix.data
>   /tmp/postfix.data
>   |-- [ 289K]  data
>   `-- [   50]  kcore_dir
>       |-- [  11M]  kallsyms
>       |-- [  25M]  kcore
>       `-- [ 1.8K]  modules
> 
> Changes
> =======
> 
> v2:
> - Move klp symbol check into tools/perf/util/symbol.h alongside similar
>   is_ignored_kernel_symbol() check [Petr]
> - Use KLP_SYM_PREFIX instead of inlining it [Petr]
> - Add similar check to kcore_copy__process_kallsyms() [Sashiko]
> 
> - Note: Sashiko flagged a pre-existing off-by-one in kallsyms__parse()
>   where the symbol-name loop could write past symbol_name[] on overlong
>   entries. That issue is unrelated to livepatch symbols and was already
>   fixed by Rui Qi's 68018df3f55e ("perf: Fix off-by-one stack buffer
>   overflow in kallsyms__parse()").

Petr, are you ok with this change?

Thanks,
Namhyung

> 
> v1: https://lore.kernel.org/linux-perf-users/ajzwjNncrI3Bob_o@pathway.suse.cz/T/#t
> 
> Joe Lawrence (2):
>   perf symbols: skip livepatch symbols when loading kallsyms
>   perf symbols: skip livepatch symbols in kcore_copy kallsyms processing
> 
>  tools/perf/util/symbol-elf.c |  4 ++++
>  tools/perf/util/symbol.c     |  4 ++--
>  tools/perf/util/symbol.h     | 12 ++++++++++++
>  3 files changed, 18 insertions(+), 2 deletions(-)
> 
> -- 
> 2.54.0
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2 0/2] perf symbols: skip livepatch symbols
  2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
@ 2026-07-02  7:59   ` Petr Mladek
  0 siblings, 0 replies; 5+ messages in thread
From: Petr Mladek @ 2026-07-02  7:59 UTC (permalink / raw)
  To: Namhyung Kim; +Cc: linux-perf-users, linux-kernel, live-patching, Joe Lawrence

On Wed 2026-07-01 16:54:02, Namhyung Kim wrote:
> Hello,
> 
> On Fri, Jun 26, 2026 at 05:21:38PM -0400, Joe Lawrence wrote:
> > This patchset fixes two minor perf bugs when livepatches containing
> > special so-called livepatch symbols are loaded.  In both cases, perf
> > should ignore these symbols as they resolve as relocations to kernel
> > addresses and not module space.
> > 
> > - Patch 1 fixes `perf test 1`
> > - Patch 2 fixes `perf record --kcore` bloat
> > 
> > 
> > Testing notes
> > =============
> > 
> > ("perf symbols: skip livepatch symbols when loading kallsyms"):
> > 
> >   Without patch:
> >   ./tools/perf/perf test 1
> >     1: vmlinux symtab matches kallsyms                     : FAILED!
> > 
> >   With patch:
> >   ./tools/perf/perf test 1
> >     1: vmlinux symtab matches kallsyms                     : Ok
> > 
> > ("perf symbols: skip livepatch symbols in kcore_copy")
> > 
> >   1. Baseline = pre-patch perf, no livepatch
> >   ------------------------------------------
> >   
> >   $ ./tools/perf/perf record --kcore -a -o /tmp/baseline.data -- sleep 1
> >   [ perf record: Woken up 1 times to write data ]
> >   [ perf record: Captured and wrote 0.221 MB /tmp/baseline.data (1717 samples) ]
> >   
> >   $ tree --noreport -h /tmp/baseline.data
> >   /tmp/baseline.data
> >   |-- [ 235K]  data
> >   `-- [   50]  kcore_dir
> >       |-- [  11M]  kallsyms
> >       |-- [  25M]  kcore
> >       `-- [ 1.7K]  modules
> >   
> >   
> >   2. Bloated kcore = pre-patch perf, with livepatch
> >   -------------------------------------------------
> >   
> >   $ insmod kpatch-5_14_0-570_94_1-1-3.ko
> >   $ ./tools/perf/perf record --kcore -a -o /tmp/klp-bloated.data -- sleep 1
> >   [ perf record: Woken up 1 times to write data ]
> >   [ perf record: Captured and wrote 0.274 MB /tmp/klp-bloated.data (2757 samples) ]
> >   
> >   $ tree --noreport  -h /tmp/klp-bloated.data
> >   /tmp/klp-bloated.data
> >   |-- [ 288K]  data
> >   `-- [   50]  kcore_dir
> >       |-- [  11M]  kallsyms
> >       |-- [  68M]  kcore
> >       `-- [ 1.8K]  modules
> >   
> >   
> >   3. Post-fix = patched perf, with livepatch
> >   ------------------------------------------
> >   
> >   [ kpatch-5_14_0-570_94_1-1-3.ko still loaded from test (2) ]
> >   
> >   $ ./tools/perf/perf record --kcore -a -o /tmp/postfix.data -- sleep 1
> >   [ perf record: Woken up 1 times to write data ]
> >   [ perf record: Captured and wrote 0.274 MB /tmp/postfix.data (2763 samples) ]
> >   
> >   $ tree --noreport -h /tmp/postfix.data
> >   /tmp/postfix.data
> >   |-- [ 289K]  data
> >   `-- [   50]  kcore_dir
> >       |-- [  11M]  kallsyms
> >       |-- [  25M]  kcore
> >       `-- [ 1.8K]  modules
> > 
> > Changes
> > =======
> > 
> > v2:
> > - Move klp symbol check into tools/perf/util/symbol.h alongside similar
> >   is_ignored_kernel_symbol() check [Petr]
> > - Use KLP_SYM_PREFIX instead of inlining it [Petr]
> > - Add similar check to kcore_copy__process_kallsyms() [Sashiko]
> > 
> > - Note: Sashiko flagged a pre-existing off-by-one in kallsyms__parse()
> >   where the symbol-name loop could write past symbol_name[] on overlong
> >   entries. That issue is unrelated to livepatch symbols and was already
> >   fixed by Rui Qi's 68018df3f55e ("perf: Fix off-by-one stack buffer
> >   overflow in kallsyms__parse()").
> 
> Petr, are you ok with this change?

Yup, both changes look good to me. Feel free to use:

Acked-by: Petr Mladek <pmladek@suse.com>

Best Regards,
Petr

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-07-02  7:59 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-26 21:21 [PATCH v2 0/2] perf symbols: skip livepatch symbols Joe Lawrence
2026-06-26 21:21 ` [PATCH v2 1/2] perf symbols: skip livepatch symbols when loading kallsyms Joe Lawrence
2026-06-26 21:21 ` [PATCH v2 2/2] perf symbols: skip livepatch symbols in kcore_copy kallsyms processing Joe Lawrence
2026-07-01 23:54 ` [PATCH v2 0/2] perf symbols: skip livepatch symbols Namhyung Kim
2026-07-02  7:59   ` Petr Mladek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox