Re: [PATCH 1/3] perf/x86/intel: output LBR support statement after validation
From: Stephane Eranian
Date: Wed Jun 08 2016 - 03:27:40 EST
Andi,
On Sun, Jun 5, 2016 at 6:59 PM, Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:
>
> > It is not because you force LBR to ring3 only that you do not capture
> > kernel addresses in the FROM field.
> > Keep in mind that LBR priv level filtering applies to the target of
> > the branch and not the source. You might
> > still get a kernel address if returning from kernel. Now, in callstack
> > mode, I think the return branch is never
> > actually recorded in the LBR, it just causes a pop, so theoretically
> > this should not happen. I'd like to be
> > 100% sure of that, though.
>
> Far branches shouldn't be included in call stack LBR. Don't think
> there is any other situation where the ring 0 address could leak either.
>
Ok, so you're saying that syscall and int are not causing LBR callstack to
record an entry. If that is the case, then a rfi should not cause a pop of the
last LBR entry. Is that right?
>
> -Andi
> --
> ak@xxxxxxxxxxxxxxx -- Speaking for myself only