Re: [BUG REPORT] perf tools: x86_64: Broken calllchain when sampling taken at 'callq' instruction

From: Peter Zijlstra
Date: Thu Nov 19 2015 - 06:23:30 EST

On Thu, Nov 19, 2015 at 11:23:00AM +0100, Ingo Molnar wrote:
> PEBS is an asynchronous hardware tracing mechanism, when batched PEBS is used it
> might not even result in any interruption of execution. The 'pt_regs' does not
> necessarily correspond to an interrupted, restartable context - we take the RIP
> from the PEBS machinery and also use LBR and disassembly to determine the previous
> instruction, before reporting it to user-space.

Note that modern PEBS hardware (hsw+) does the rollback in hardware.
Prior to that we indeed to it manually using the LBR.

As to pt_regs, we construct a franken pt_regs based on the actual PEBS
buffer overflow PMI and bits from the PEBS record (which also includes
some register state). See

We always copy the flags, ip, bp and sp from the PEBS record into the
interrupt pt_regs.

And note that the PEBS record is constructed at instruction retirement,
so it shows the state _after_ the instruction, with exception of the
(hsw+) real_ip field.

So the unwinder will have to be taught that if the IP points at a stack
altering instruction (call, push, etc.) it will have to 'undo' the
effects on the actual stack (I appreciate this might be 'interesting'
for things like: pop, ret, etc.).

