Patching more pseudo section symbols from layouts
by Toshikazu Nakayama
Hello Dave,
I add more pseudo section symbols which do not own any named symbol like
ffffffffa004ccf0 [.rodata.str1.1]: section start
ffffffffa004d14a [.rodata.str1.1]: section end
crash> rd ffffffffa004ccf0 -e ffffffffa004d14a
This can access section data without symbol.
This patch set way is learned from kernel/module.c layout_sections()
and probably be possible to integrate existing calculate_load_order_v1/2()
or add_symbol_file_kallsyms().
However, I can not confirm many kernel versions or architecrures,
thus my choice is verifying and updating to installed sections.
P.S.
I want to make feature in http://grsecurity.net/ PaX linux in crash utility.
The PaX patch changes module location by separating non contiguous RX/RW areas
which makes virtual address hole in module, also translates virtual address.
I tried but crash can not work out yet under PaX linux.
I'm resolving them with brief/rough way and
useful parts are merged into crash code, and then posting here.
If you can accept such a non mainline kernel feature in crash utility,
I would like to keep posting patch set until my whole work has done.
Thanks,
Toshi
12 years, 11 months
Remote processing of core dump
by Vasily Averin
Hi Dave,
could you please advise is it possible to process core dump remotely?
Currently for investigation of kernel crashes on customer nodes I need either download coredump to local node or upload debug symbols to remote node. This may not be quite convenient for various reasons.
Is it possible to use gdbserver-like functionality with crash?
IMHO it would be great to start crash utility locally, with debug symbols but without core dump file, and then connect to gdbserver on remote node attached to core dump file.
Thank you,
Vasily Averin
12 years, 11 months
Pseudo symbol for found out module sections
by Toshikazu Nakayama
Hello Dave,
I add helper pseudo symbol about found out module sections.
They can be looked see by "sym -m <module name>" after module
object file has been loaded.
I think the visual effects of section layout or grouping are
useful information for symbols.
Thanks,
Toshi
---
crash> mod -s blowfish
crash> sym -m blowfish
ffffffffa0134000 MODULE START: blowfish
ffffffffa0134000 [.text]: section start
ffffffffa0134000 (t) encrypt_block
ffffffffa0134434 (t) bf_encrypt
ffffffffa0134470 (t) bf_decrypt
ffffffffa01348ae (t) bf_setkey
ffffffffa0134a10 [.text]: section end
ffffffffa0134a10 [.exit.text]: section start
ffffffffa0134a10 (T) cleanup_module
ffffffffa0134a10 (t) fini
ffffffffa0134a25 [.exit.text]: section end
ffffffffa0134a40 [.rodata]: section start
ffffffffa0134a40 (r) bf_pbox
ffffffffa0134aa0 (r) bf_sbox
ffffffffa0135aa0 [.rodata]: section end
ffffffffa01361a0 [.data]: section start
ffffffffa01361a0 (d) alg
ffffffffa0136230 [.data]: section end
ffffffffa0136280 [.gnu.linkonce.this_module]: section start
ffffffffa0136280 (D) __this_module
ffffffffa0136800 [.gnu.linkonce.this_module]: section end
ffffffffa0136800 MODULE END: blowfish
crash>
12 years, 11 months
