Re: [PATCH v1 0/2] perf: Drop leaked kernel samples

From: Jin, Yao
Date: Fri Jun 15 2018 - 04:01:55 EST

On 6/15/2018 3:45 PM, Peter Zijlstra wrote:
On Fri, Jun 15, 2018 at 06:03:21PM +0800, Jin Yao wrote:
On workloads that do a lot of kernel entry/exits we see kernel
samples, even though :u is specified. This is due to skid existing.

This might be a security issue because it can leak kernel addresses even
though kernel sampling support is disabled.

One patch "perf/core: Drop kernel samples even though :u is specified"
was posted in last year but it was reverted because it introduced a
regression issue that broke the rr-project.

Now this patch set uses sysctl to control the dropping of leaked
kernel samples.

So what happened to the suggestion of keeping the samples but 0-stuffing
all the tricky bits?

Bring more overhead to kernel if we zero the bits considering the number of leaked samples may be not too small?

And the skid information may be interesting (see example of hitting on page_fault in previous mail). If we zero it, we will not know.

Jin Yao