#include <internal/lib.h> /* page_size */
#include <linux/compiler.h>
#include <linux/zalloc.h>
+#include <errno.h>
#include <inttypes.h>
#include <unistd.h>
#include <byteswap.h>
u64 remap_start;
};
+struct aslr_evsel_priv {
+ u64 orig_sample_type;
+ u64 orig_sample_regs_user;
+ u64 orig_sample_regs_intr;
+ int orig_sample_size;
+};
+
+static size_t evsel_hash(long key, void *ctx __maybe_unused)
+{
+ return (size_t)key;
+}
+
+static bool evsel_equal(long key1, long key2, void *ctx __maybe_unused)
+{
+ return key1 == key2;
+}
+
struct process_top_address {
u64 remapped_max;
};
struct hashmap remap_addresses;
/** @top_addresses: mapping from process to max remapped address. */
struct hashmap top_addresses;
+ /**
+ * @evsel_orig_attrs: mapping from evsel pointer to its original
+ * unstripped sample_type and registers bitmasks.
+ */
+ struct hashmap evsel_orig_attrs;
};
static const pid_t kernel_pid = -1;
u64 *remapped_invariant_ptr = NULL;
u64 remap_addr = 0;
u8 effective_cpumode = cpumode;
+ struct dso *dso;
+ const char *dso_name;
if (!aslr_thread)
return 0; /* No thread. */
}
}
+ dso = map__dso(al.map);
+ dso_name = dso ? dso__long_name(dso) : NULL;
+
key.machine = maps__machine(thread__maps(aslr_thread));
- key.dso = map__dso(al.map);
- key.invariant = map__start(al.map) - map__pgoff(al.map);
+ key.dso = dso;
+ if (dso && !is_anon_memory(dso_name) && !is_no_dso_memory(dso_name))
+ key.invariant = map__start(al.map) - map__pgoff(al.map);
+ else
+ key.invariant = map__start(al.map);
key.pid = (effective_cpumode == PERF_RECORD_MISC_KERNEL ||
effective_cpumode == PERF_RECORD_MISC_GUEST_KERNEL) ?
kernel_pid : thread__pid(aslr_thread);
struct aslr_tool *aslr;
struct perf_tool *delegate;
int ret;
+ int orig_sample_size;
u64 sample_type;
struct thread *thread;
struct machine *aslr_machine;
u64 addr;
size_t i;
size_t j;
+ struct aslr_evsel_priv *priv = NULL;
+ u64 orig_sample_type;
+ u64 orig_regs_user;
+ u64 orig_regs_intr;
del_tool = container_of(tool, struct delegate_tool, tool);
aslr = container_of(del_tool, struct aslr_tool, tool);
return delegate->sample(delegate, event, sample, machine);
ret = -EFAULT;
- sample_type = evsel->core.attr.sample_type;
+
+ if (hashmap__find(&aslr->evsel_orig_attrs, evsel, &priv)) {
+ orig_sample_type = priv->orig_sample_type;
+ orig_regs_user = priv->orig_sample_regs_user;
+ orig_regs_intr = priv->orig_sample_regs_intr;
+ } else {
+ orig_sample_type = evsel->core.attr.sample_type;
+ orig_regs_user = evsel->core.attr.sample_regs_user;
+ orig_regs_intr = evsel->core.attr.sample_regs_intr;
+ }
+
+ orig_sample_size = evsel->sample_size;
+
+ sample_type = orig_sample_type;
+ sample_type &= ~PERF_SAMPLE_REGS_USER;
+ sample_type &= ~PERF_SAMPLE_REGS_INTR;
+ sample_type &= ASLR_SUPPORTED_SAMPLE_TYPE;
+
max_i = (event->header.size - sizeof(struct perf_event_header)) / sizeof(__u64);
max_j = (PERF_SAMPLE_MAX_SIZE - sizeof(struct perf_event_header)) / sizeof(__u64);
new_event = (union perf_event *)aslr->event_copy;
i++; \
} while (0)
- if (sample_type & PERF_SAMPLE_IDENTIFIER)
+ if (orig_sample_type & PERF_SAMPLE_IDENTIFIER)
COPY_U64(); /* id */
- if (sample_type & PERF_SAMPLE_IP)
+ if (orig_sample_type & PERF_SAMPLE_IP)
REMAP_U64(sample->ip);
- if (sample_type & PERF_SAMPLE_TID) {
+ if (orig_sample_type & PERF_SAMPLE_TID) {
union {
u64 val64;
u32 val32[2];
out_array[j++] = u.val64;
i++;
}
- if (sample_type & PERF_SAMPLE_TIME)
+ if (orig_sample_type & PERF_SAMPLE_TIME)
COPY_U64(); /* time */
- if (sample_type & PERF_SAMPLE_ADDR)
+ if (orig_sample_type & PERF_SAMPLE_ADDR)
REMAP_U64(sample->addr);
- if (sample_type & PERF_SAMPLE_ID)
+ if (orig_sample_type & PERF_SAMPLE_ID)
COPY_U64(); /* id */
- if (sample_type & PERF_SAMPLE_STREAM_ID)
+ if (orig_sample_type & PERF_SAMPLE_STREAM_ID)
COPY_U64(); /* stream_id */
- if (sample_type & PERF_SAMPLE_CPU)
+ if (orig_sample_type & PERF_SAMPLE_CPU)
COPY_U64(); /* cpu, res */
- if (sample_type & PERF_SAMPLE_PERIOD)
+ if (orig_sample_type & PERF_SAMPLE_PERIOD)
COPY_U64(); /* period */
- if (sample_type & PERF_SAMPLE_READ) {
+ if (orig_sample_type & PERF_SAMPLE_READ) {
if ((evsel->core.attr.read_format & PERF_FORMAT_GROUP) == 0) {
COPY_U64(); /* value */
if (evsel->core.attr.read_format & PERF_FORMAT_TOTAL_TIME_ENABLED)
}
}
}
- if (sample_type & PERF_SAMPLE_CALLCHAIN) {
+ if (orig_sample_type & PERF_SAMPLE_CALLCHAIN) {
u64 nr;
if (CHECK_BOUNDS(1, 1)) {
out_array[j++] = addr;
}
}
- if (sample_type & PERF_SAMPLE_RAW) {
+ if (orig_sample_type & PERF_SAMPLE_RAW) {
size_t bytes = sizeof(u32) + sample->raw_size;
size_t u64_words = (bytes + 7) / 8;
ret = 0;
goto out_put;
}
- if (sample_type & PERF_SAMPLE_BRANCH_STACK) {
+ if (orig_sample_type & PERF_SAMPLE_BRANCH_STACK) {
u64 nr;
if (CHECK_BOUNDS(1, 1)) {
COPY_U64();
}
}
- if (sample_type & PERF_SAMPLE_REGS_USER) {
+ if (orig_sample_type & PERF_SAMPLE_REGS_USER) {
+ u64 abi;
+
if (CHECK_BOUNDS(1, 0)) {
ret = -EFAULT;
goto out_put;
}
- /* abi */
- COPY_U64();
- /* TODO: can this be less conservative? */
- pr_debug("Dropping regs user sample as possible ASLR leak\n");
- ret = 0;
- goto out_put;
+ abi = in_array[i++];
+ if (abi != PERF_SAMPLE_REGS_ABI_NONE) {
+ u64 nr = hweight64(orig_regs_user);
+
+ if (nr > max_i - i) {
+ ret = -EFAULT;
+ goto out_put;
+ }
+ i += nr;
+ }
}
- if (sample_type & PERF_SAMPLE_STACK_USER) {
+ if (orig_sample_type & PERF_SAMPLE_STACK_USER) {
u64 size;
if (CHECK_BOUNDS(1, 1)) {
ret = 0;
goto out_put;
}
- if (sample_type & PERF_SAMPLE_WEIGHT_TYPE)
+ if (orig_sample_type & PERF_SAMPLE_WEIGHT_TYPE)
COPY_U64(); /* perf_sample_weight */
- if (sample_type & PERF_SAMPLE_DATA_SRC)
+ if (orig_sample_type & PERF_SAMPLE_DATA_SRC)
COPY_U64(); /* data_src */
- if (sample_type & PERF_SAMPLE_TRANSACTION)
+ if (orig_sample_type & PERF_SAMPLE_TRANSACTION)
COPY_U64(); /* transaction */
- if (sample_type & PERF_SAMPLE_REGS_INTR) {
+ if (orig_sample_type & PERF_SAMPLE_REGS_INTR) {
+ u64 abi;
+
if (CHECK_BOUNDS(1, 0)) {
ret = -EFAULT;
goto out_put;
}
- /* abi */
- COPY_U64();
- /* TODO: can this be less conservative? */
- pr_debug("Dropping interrupt register sample as possible ASLR leak\n");
- ret = 0;
- goto out_put;
+ abi = in_array[i++];
+ if (abi != PERF_SAMPLE_REGS_ABI_NONE) {
+ u64 nr = hweight64(orig_regs_intr);
+
+ if (nr > max_i - i) {
+ ret = -EFAULT;
+ goto out_put;
+ }
+ i += nr;
+ }
}
- if (sample_type & PERF_SAMPLE_PHYS_ADDR) {
+ if (orig_sample_type & PERF_SAMPLE_PHYS_ADDR) {
COPY_U64(); /* phys_addr */
/* TODO: can this be less conservative? */
pr_debug("Dropping physical address sample as possible ASLR leak\n");
ret = 0;
goto out_put;
}
- if (sample_type & PERF_SAMPLE_CGROUP)
+ if (orig_sample_type & PERF_SAMPLE_CGROUP)
COPY_U64(); /* cgroup */
- if (sample_type & PERF_SAMPLE_DATA_PAGE_SIZE)
+ if (orig_sample_type & PERF_SAMPLE_DATA_PAGE_SIZE)
COPY_U64(); /* data_page_size */
- if (sample_type & PERF_SAMPLE_CODE_PAGE_SIZE)
+ if (orig_sample_type & PERF_SAMPLE_CODE_PAGE_SIZE)
COPY_U64(); /* code_page_size */
- if (sample_type & PERF_SAMPLE_AUX) {
+ if (orig_sample_type & PERF_SAMPLE_AUX) {
u64 size;
if (CHECK_BOUNDS(1, 1)) {
}
new_event->sample.header.size = sizeof(struct perf_event_header) + j * sizeof(u64);
-
+ /* Temporarily override evsel attributes to match the stripped new_event format! */
+ evsel->sample_size = __evsel__sample_size(sample_type);
+ evsel->core.attr.sample_type = sample_type;
+ evsel->core.attr.sample_regs_user = 0;
+ evsel->core.attr.sample_regs_intr = 0;
perf_sample__init(&new_sample, /*all=*/ true);
ret = __evsel__parse_sample(evsel, new_event, &new_sample, /*needs_swap=*/false);
if (ret) {
+ /* Restore original attributes immediately if parsing fails */
+ evsel->sample_size = orig_sample_size;
+ evsel->core.attr.sample_type = orig_sample_type;
+ evsel->core.attr.sample_regs_user = orig_regs_user;
+ evsel->core.attr.sample_regs_intr = orig_regs_intr;
perf_sample__exit(&new_sample);
goto out_put;
}
ret = delegate->sample(delegate, new_event, &new_sample, machine);
perf_sample__exit(&new_sample);
+ /* Restore original attributes so trace ingestion never desynchronizes! */
+ evsel->sample_size = orig_sample_size;
+ evsel->core.attr.sample_type = orig_sample_type;
+ evsel->core.attr.sample_regs_user = orig_regs_user;
+ evsel->core.attr.sample_regs_intr = orig_regs_intr;
+
out_put:
thread__put(thread);
return ret;
return 0;
}
-
-void aslr_tool__strip_attr_event(union perf_event *event, struct evlist **pevlist __maybe_unused)
+void aslr_tool__strip_attr_event(union perf_event *event, struct evlist *evlist)
{
u32 attr_size;
+ if (!evlist)
+ return;
+
attr_size = event->attr.attr.size ?: PERF_ATTR_SIZE_VER0;
if (attr_size >= (offsetof(struct perf_event_attr, sample_type) + sizeof(u64))) {
event->attr.attr.sample_type &= ASLR_SUPPORTED_SAMPLE_TYPE;
+
+ if (attr_size >= (offsetof(struct perf_event_attr, sample_regs_user) + sizeof(u64)))
+ event->attr.attr.sample_regs_user = 0;
+ if (attr_size >= (offsetof(struct perf_event_attr, sample_regs_intr) + sizeof(u64)))
+ event->attr.attr.sample_regs_intr = 0;
}
if (attr_size >= (offsetof(struct perf_event_attr, type) + sizeof(u32))) {
}
}
-void aslr_tool__strip_evlist(struct perf_tool *tool __maybe_unused,
- struct evlist *evlist)
-{
- struct evsel *evsel;
-
- evlist__for_each_entry(evlist, evsel) {
- evsel->core.attr.sample_type &= ASLR_SUPPORTED_SAMPLE_TYPE;
-
- if (evsel->core.attr.type == PERF_TYPE_BREAKPOINT)
- evsel->core.attr.bp_addr = 0;
- else if (evsel->core.attr.type >= PERF_TYPE_MAX) {
- struct perf_pmu *pmu = perf_pmus__find_by_type(evsel->core.attr.type);
-
- if (pmu && (!strcmp(pmu->name, "kprobe") ||
- !strcmp(pmu->name, "uprobe"))) {
- evsel->core.attr.config1 = 0;
- evsel->core.attr.config2 = 0;
- }
- }
- }
-}
-
static void aslr_tool__init(struct aslr_tool *aslr, struct perf_tool *delegate)
{
delegate_tool__init(&aslr->tool, delegate);
hashmap__init(&aslr->top_addresses,
top_addresses__hash, top_addresses__equal,
/*ctx=*/NULL);
+ hashmap__init(&aslr->evsel_orig_attrs,
+ evsel_hash, evsel_equal,
+ /*ctx=*/NULL);
aslr->tool.tool.sample = aslr_tool__process_sample;
/* read - reads a counter, okay to delegate. */
zfree(&cur->pkey);
zfree(&cur->pvalue);
}
+ hashmap__for_each_entry(&aslr->evsel_orig_attrs, cur, bkt) {
+ zfree(&cur->pvalue);
+ }
hashmap__clear(&aslr->remap_addresses);
hashmap__clear(&aslr->top_addresses);
+ hashmap__clear(&aslr->evsel_orig_attrs);
aslr_tool__destroy_machines_priv(&aslr->machines);
machines__destroy_kernel_maps(&aslr->machines);
machines__exit(&aslr->machines);
free(aslr);
}
+
+int aslr_tool__cache_orig_attrs(struct perf_tool *tool, struct evsel *evsel)
+{
+ struct delegate_tool *del_tool = container_of(tool, struct delegate_tool, tool);
+ struct aslr_tool *aslr = container_of(del_tool, struct aslr_tool, tool);
+ struct aslr_evsel_priv *priv = zalloc(sizeof(*priv));
+ int err;
+
+ if (!priv)
+ return -ENOMEM;
+
+ priv->orig_sample_type = evsel->core.attr.sample_type;
+ priv->orig_sample_regs_user = evsel->core.attr.sample_regs_user;
+ priv->orig_sample_regs_intr = evsel->core.attr.sample_regs_intr;
+ priv->orig_sample_size = evsel->sample_size;
+
+ err = hashmap__add(&aslr->evsel_orig_attrs, evsel, priv);
+ if (err) {
+ free(priv);
+ return err;
+ }
+ return 0;
+}
+
+void aslr_tool__strip_evlist(const struct perf_tool *tool __maybe_unused, struct evlist *evlist)
+{
+ struct evsel *evsel;
+
+ evlist__for_each_entry(evlist, evsel) {
+ evsel->core.attr.sample_type &= ASLR_SUPPORTED_SAMPLE_TYPE;
+ evsel->core.attr.sample_regs_user = 0;
+ evsel->core.attr.sample_regs_intr = 0;
+ evsel->sample_size = __evsel__sample_size(evsel->core.attr.sample_type);
+ evsel__calc_id_pos(evsel);
+
+ if (evsel->core.attr.type == PERF_TYPE_BREAKPOINT) {
+ evsel->core.attr.bp_addr = 0;
+ } else if (evsel->core.attr.type >= PERF_TYPE_MAX) {
+ struct perf_pmu *pmu = perf_pmus__find_by_type(evsel->core.attr.type);
+
+ if (pmu && (!strcmp(pmu->name, "kprobe") ||
+ !strcmp(pmu->name, "uprobe"))) {
+ evsel->core.attr.config1 = 0;
+ evsel->core.attr.config2 = 0;
+ }
+ }
+ }
+}
+
+void aslr_tool__restore_evlist(const struct perf_tool *tool, struct evlist *evlist)
+{
+ const struct delegate_tool *del_tool = container_of(tool, const struct delegate_tool, tool);
+ const struct aslr_tool *aslr = container_of(del_tool, const struct aslr_tool, tool);
+ struct evsel *evsel;
+ struct aslr_evsel_priv *priv;
+
+ evlist__for_each_entry(evlist, evsel) {
+ if (hashmap__find(&aslr->evsel_orig_attrs, evsel, &priv)) {
+ evsel->core.attr.sample_type = priv->orig_sample_type;
+ evsel->core.attr.sample_regs_user = priv->orig_sample_regs_user;
+ evsel->core.attr.sample_regs_intr = priv->orig_sample_regs_intr;
+ evsel->sample_size = priv->orig_sample_size;
+ evsel__calc_id_pos(evsel);
+ }
+ }
+}
projects / thirdparty / linux.git / commitdiff
