For tracepoint events the IP is a static kernel address. It doesn't vary by sample and provides no useful information for unprivileged users. Skipping setting PERF_SAMPLE_IP for unprivileged tracepoints avoids exposing a kernel address that reveals the KASLR base offset.
Make an exception for uprobes, which are registered as PERF_TYPE_TRACEPOINT, because the IP is important for their functionality and is a safe userspace address. Detect them with __probe_ip (entry) and __probe_ret_ip (return) using evsel__field(). Assisted-by: Claude:claude-sonnet-4.5 Signed-off-by: Anubhav Shelat <[email protected]> --- tools/perf/util/evsel.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c index 2ee87fd84d3e..bf66e0c78451 100644 --- a/tools/perf/util/evsel.c +++ b/tools/perf/util/evsel.c @@ -1509,7 +1509,19 @@ void evsel__config(struct evsel *evsel, const struct record_opts *opts, attr->write_backward = opts->overwrite ? 1 : 0; attr->read_format = PERF_FORMAT_LOST; - evsel__set_sample_bit(evsel, IP); + /* + * Don't set PERF_SAMPLE_IP for unprivileged kernel tracepoints to + * avoid exposing kernel addresses. Uprobes expose only userspace + * addresses so they're safe. Detect entry and return uprobes. + */ + if (attr->type != PERF_TYPE_TRACEPOINT || perf_event_paranoid_check(1) +#ifdef HAVE_LIBTRACEEVENT + || evsel__field(evsel, "__probe_ip") + || evsel__field(evsel, "__probe_ret_ip") +#endif + ) + evsel__set_sample_bit(evsel, IP); + evsel__set_sample_bit(evsel, TID); if (evsel->sample_read) { -- 2.54.0
