Fix ELF base calculation for exec mapping with offset != 0. (#425)
I was looking at a report where pprof wouldn't symbolize the data
collected for a Chrome binary using Linux perf (b/112303003). The mmap
information is:
start: 0000000002, limit: 0000000006, offset: 0000000002
The ELF file header:
elf.FileHeader{Class:elf.ELFCLASS64, Data:elf.ELFDATA2LSB, Version:elf.EV_CURRENT, OSABI:elf.ELFOSABI_NONE, ABIVersion:0x0, ByteOrder:binary.LittleEndian, Type:elf.ET_EXEC, Machine:elf.EM_X86_64, Entry:0x272e000}
The code segment:
elf.ProgHeader{Type:elf.PT_LOAD, Flags:elf.PF_X+elf.PF_R, Off:0x252f000,
Vaddr:0x272e000, Paddr:0x272e000, Filesz:0x43da610, Memsz:0x43da610,
Align:0x1000}
The dynamic loader here mapped 0x6b09000-0x272e000 = 0x43db000 bytes
starting 0x252f000 file offset into 0x272e000 virtual address, exactly
as instructed by the program header (so, no ASLR). Thus, the base
adjustment should be zero. Yet, the current GetBase produced the base of
0x252f000 which is wrong. The reason for that is that the ET_EXEC branch
of GetBase doesn't handle the general case of non-zero mmap file offset,
but rather only supports a couple of special cases. This change makes
handling the case of user-mode ET_EXEC more generic.
Add GetBase support for ASLR kernel mappings (#371)
Add GetBase support for kernel mappings as reported by Linux Perf
Linux Perf reports kernel mappings with an offset == start.
Currently GetBase() cannot handle such a case.
This behavior can be seen from a perf.report data with samples in the kernel:
$ sudo perf report -D perf.data | grep MMAP
0 0x108 [0x50]: PERF_RECORD_MMAP -1/0: [0xffffffffaf800000(0x1087a000) @ 0xffffffffaf800000]: x [kernel.kallsyms]_text
Handle shared libraries with nonzero program headers. (#119)
Generalize GetBase for shared libraries to handle cases when both process
mapping offset and program header addresses are non-zero.
Based on process mapping information, a sample at a virtual address x maps to
a file offset fx = x - map_start + map_offset.
The program header for the segment with the .text section may have non-zero
mapping information. Thus, a file offset fx maps to a symbol address
sx = fx - ph_offset + ph_virt_addr.
Thus, sx = x - map_start + map_offset - ph_offset + ph_virt_addr, and the base
address for symbolization is map_start - map_offset + ph_offset - ph_virt_addr.
The kernel mapping record has the offset of 0xc000000000000000 on
PowerPC64 along with the same value for the mapping start. Both values
come from arch/powerpc/Kconfig. This case is not handled by any of the
conditions in the current getBase() code, so update the existing code
handling the kernel case to handle the PowerPC64 case.
Alexey Alexandrov