【crash-utility/crash】Bitmap calculation overflow in large physical address scenario
by Chenjialong
Hi,
I used crash to analyze a vmcore and found that when crash calculates the bitmap and pfn, an integer overflow occurs, causing the crash parsing to fail.
[root@localhost userspace]# crash vmlinux vmcore
……
reason: variable overflow causes a logic error in crash.
crash: page excluded: kernel virtual address: ffff0000089c9100 type: "kernel_config_data"
WARNING: cannot read kernel_config_data
crash: page excluded: kernel virtual address: ffff00000911b938 type: "possible"
WARNING: cannot read cpu_possible_map
crash: page excluded: kernel virtual address: ffff00000911b8b8 type: "present"
WARNING: cannot read cpu_present_map
crash: page excluded: kernel virtual address: ffff00000911b838 type: "online"
WARNING: cannot read cpu_online_map
crash: page excluded: kernel virtual address: ffff00000911b9b8 type: "active"
WARNING: cannot read cpu_active_map
crash: page excluded: kernel virtual address: ffff0000093ec9d0 type: "shadow_timekeeper xtime_sec"
crash: page excluded: kernel virtual address: ffff000009124d2c type: "init_uts_ns"
crash: vmlinux and vmcore do not match!
And the /proc/iomem info:
2e69267000-2fffffffff : System RAM
......
602770ecf000-6027ffffffff : System RAM
Here is the process of my analysis:
1. calculate bitmap_len overflow in function read_dump_header()
int block_size=(int)sysconf(_SC_PAGESIZE);
off_t bitmap_len;
unsigned int bitmap_blocks;
...
bitmap_len = block_size * header->bitmap_blocks;
here block_size = 4096, header->bitmap_blocks = 0x180a00, so bitmap_len = 0x180a00000
but block_size is integer type, bitmap_blocks is unsigned int type, so block_size * header->bitmap_blocks > MAX(unsigned int)
bitmap_len overflow.
2. calculate data_offset overflow in function read_dump_header()
dd->data_offset = (1 + header->sub_hdr_size + header->bitmap_blocks) * header->block_size;
info in makedumpfile:
info->offset_bitmap1=0x15000 info->len_bitmap=0x182000000 bit2_offset=0xc1015000
in read_dump_header():
info->len_bitmap = header->bitmap_blocks * header->block_size = 0x182000000 is greater than the range represented by integers.
The members of the following expression are all int type, but the calculation result exceeds MAX(int),
dd->data_offset = (1 + header->sub_hdr_size + header->bitmap_blocks) * header->block_size = 0x82015000,
The correct value is 0x182015000.
3. byte parameter overflow in function get_bit()
static inline int get_bit(char *map, int byte, int bit)
{
return map[byte] & (1<<bit);
}
static inline int page_is_ram(unsigned long nr)
{
return get_bit(dd->bitmap, nr >> 3, nr & 7);
}
if nr=0x6027fff4f, 0x6027fff4f >> 3 => 0xC04FFFE9 > MAX(int),
so byte parameter overflow when call get_bit.
The following is my patch, please review. Thanks.
Signed-off-by: Jialong Chen <chenjialong(a)huawei.com>
---
diskdump.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/diskdump.c b/diskdump.c
index e88243e..328c932 100644
--- a/diskdump.c
+++ b/diskdump.c
@@ -233,7 +233,7 @@ clean_diskdump_data(void)
}
static inline int
-get_bit(char *map, int byte, int bit)
+get_bit(char *map, unsigned long byte, int bit)
{
return map[byte] & (1<<bit);
}
@@ -694,7 +694,7 @@ restart:
dd->max_mapnr = header->max_mapnr;
/* read memory bitmap */
- bitmap_len = block_size * header->bitmap_blocks;
+ bitmap_len = (off_t)block_size * header->bitmap_blocks;
dd->bitmap_len = bitmap_len;
offset = (off_t)block_size * (1 + header->sub_hdr_size);
@@ -744,7 +744,7 @@ restart:
memcpy(dd->dumpable_bitmap, dd->bitmap, bitmap_len);
dd->data_offset
- = (1 + header->sub_hdr_size + header->bitmap_blocks)
+ = (1UL + header->sub_hdr_size + header->bitmap_blocks)
* header->block_size;
dd->header = header;
--
1.7.12.4
5 years
[ANNOUNCE] crash-7.2.8 is available
by Dave Anderson
Download from: http://people.redhat.com/anderson
or
https://github.com/crash-utility/crash/releases
The github master branch serves as a development branch that will contain
all patches that are queued for the next release:
$ git clone git://github.com/crash-utility/crash.git
Changelog:
- Fix for Linux 5.4-rc1 and later kernels that contain commit
688fcbfc06e4fdfbb7e1d5a942a1460fe6379d2d, titled "mm/vmalloc:
modify struct vmap_area to reduce its size". Without the
patch "kmem -v" will display nothing; other architectures
that utilize the vmap_area_list to determine the base of
mapped/vmalloc address space will fail.
(anderson(a)redhat.com)
- Fix for Linux 5.4-rc1 and later kernels that contain commit/merge
e0703556644a531e50b5dc61b9f6ea83af5f6604, titled "Merge tag 'modules-
for-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
which introduces symbol namespaces. Without the patch, and depending
upon the architecture:
(1) the kernel module symbol list will contain garbage entries
(2) the session fails during session initialization with a dump of
the internal buffer allocation stats followed by the message
"crash: cannot allocate any more memory!"
(3) the session fails during session initialization with a
segmentation violation.
(anderson(a)redhat.com)
- Fix for the "timer -r" option on Linux 5.4-rc1 and later kernels
that contain commit 511885d7061eda3eb1faf3f57dcc936ff75863f1, titled
"lib/timerqueue: Rely on rbtree semantics for next timer". Without
the patch, the option fails with the following error "timer: invalid
structure member offset: timerqueue_head_next".
(k-hagio(a)ab.jp.nec.com)
- Fix for a "[-Wstringop-truncation]" compiler warning emitted when
symbols.c is built in a Fedora Rawhide environment with gcc-9.0.1
or later.
(anderson(a)redhat.com)
- Fix for the "kmem -n" option on Linux-5.4-rc1 and later kernels that
contain commit b6c88d3b9d38f9448e0fcf44847a075ea81d5ca2, titled
"drivers/base/memory.c: don't store end_section_nr in memory blocks".
Without the patch, the command option fails with the error message
"kmem: invalid structure member offset: memory_block_end_section_nr".
(msys.mizuma(a)gmail.com)
- Fix for Linux 4.19.5 and later 4.19-based x86_64 kernels which
are NOT configured with CONFIG_RANDOMIZE_BASE and have backported
kernel commit d52888aa2753e3063a9d3a0c9f72f94aa9809c15, titled
"x86/mm: Move LDT remap out of KASLR region on 5-level paging",
which modified the 4-level and 5-level paging PAGE_OFFSET values.
Without this patch, the crash session fails during initialization
with the error message "crash: seek error: kernel virtual address:
<address> type: "tss_struct ist array".
(anderson(a)redhat.com)
- Additional fix for the "kmem -n" option on Linux-5.4-rc1 and later
kernels that contain commit b6c88d3b9d38f9448e0fcf44847a075ea81d5ca2,
titled "drivers/base/memory.c: don't store end_section_nr in memory
blocks". The initial fix only addressed the x86_64 architecture;
this incremental patch addresses the other architectures.
(msys.mizuma(a)gmail.com)
- In the unlikely event that the panic task in a dumpfile cannot be
determined by the normal means, scan the kernel log buffer for panic
keywords, and if found, generate the panic task from the CPU number
that is specified following the panic message.
(chenqiwu(a)xiaomi.com)
- Adjust a crash-7.1.8 patch for support of /proc/kcore as the live
memory source in Linux 4.8 and later x86_64 kernels configured with
CONFIG_RANDOMIZE_BASE, which randomizes the unity-mapping PAGE_OFFSET
value. Since the problem only arises before the determination of the
randomized PAGE_OFFSET value, restrict the patch such that it only
takes effect during session initialization.
(anderson(a)redhat.com)
- Add support for extended numbering support in ELF dumpfiles to handle
more than PN_XNUM (0xffff) program headers. If the real number of
program header table entries is equal to or greater than PN_XNUM, the
e_phnum field of the ELF header is set to PN_XNUM, and the actual
number is set in the sh_info field of the section header at index 0.
(k-hagio(a)ab.jp.nec.com)
- Fix for a "warning: large integer implicitly truncated to unsigned
type [-Woverflow]" compiler message generated on 32-bit architectures
as a result of the "Additional fix for the kmem -n option" patch
above.
(anderson(a)redhat.com)
- Add support for handling openSUSE vmlinux files which will be shipped
in .xz compressed format. Without the patch, only gzip and bzip2
formats are supported.
(jirislaby(a)gmail.com)
- Fix for the determination of the ARM64 page size on Linux 4.4 and
earlier kernels that do not have vmcoreinfo data. Without the patch,
the crash session fails during initialization with the error message
"crash: "cannot determine page size".
(chenqiwu(a)xiaomi.com)
- Determine the ARM64 kernel's "vabits_actual" value by reading the
new TCR_EL1.T1SZ vmcoreinfo entry.
(bhsharma(a)redhat.com)
- Fix to determine the ARM64 kernel's "vabits_actual" value from the
ELF header of a dumpfile created with the "snap.so" extension module.
(anderson(a)redhat.com)
- Fix two typos in the examples section of the "help bt" display, which
mistakenly show "bf -f" and "bf -FF" instead of "bt -f" and "bt -FF".
(austindh.kim(a)gmail.com)
- Similar to ARM64, the X86_64, PPC64 and S390x architectures will use
the exported value of MAX_PHYSMEM_BITS from the vmcoreinfo data as
the preferred method if it is available.
(anderson(a)redhat.com)
- If an S390X kernel crashes before vmcoreinfo initialization, there is
no way to extract the KASLR offset for such early dumps. In a new
S390X kernel patch, the KASLR offset will be stored in the lowcore
memory during early boot and then overwritten after vmcoreinfo is
initialized. This patch allows crash to identify the KASLR offset
that is stored in the lowcore memory.
(zaslonko(a)linux.ibm.com)
- Fix for a crash-7.2.7 regression that determined the value of the
ARM64 kernel SECTION_SIZE_BITS by reading the in-kernel configuration
data if there is no VMCOREINFO data available. In that case, without
the patch, a double-free exception may occur.
(anderson(a)redhat.com)
- Fix for segmentation violation if the gdb_readmem_callback() function
gets called from other than a crash command, such as from an epython
command from the mypkdump.so extension module.
(anderson(a)redhat.com)
- Fix for the "dis -s" option when running against kernels that have
been configured with CONFIG_RANDOMIZE_BASE=y (KASLR). Without the
patch, the command option indicates that the FILE and LINE numbers
are "(unknown)", and that "source code is not available".
(anderson(a)redhat.com)
- Fix for newer Xen hypervisors, which fail during initialization with
the error message "crash: cannot resolve init_tss". This is caused
by a change in the Xen hypervisor with commit 78884406256, from
4.12.0-rc5-763-g7888440625. In that patch the tss_struct structure
was renamed to tss64 and the tss_page structure was introduced,
which contains a single tss64. Now tss information is accessible
via the symbol "per_cpu__tss_page".
(dietmar.hahn(a)ts.fujitsu.com)
- When accessing the ARM64 kernel's "crash_notes" array, continue to
read the per-cpu NT_PRSTATUS note contents if an invalid note is
encountered. Without the patch, if an invalid note is found, all
other notes were ignored, and subsequent "bt" attempts on the active
tasks would fail.
(chenqiwu(a)xiaomi.com, anderson(a)redhat.com)
- When accessing the 32-bit ARM kernel's "crash_notes" array, continue
to read the per-cpu NT_PRSTATUS note contents if an invalid note is
encountered. Without the patch, if an invalid note is found, all
other notes were ignored, and subsequent "bt" attempts on the active
tasks would fail.
(chenqiwu(a)xiaomi.com, anderson(a)redhat.com)
- Fix for the "log -a" option. The kernel's sk_buff.len field is a
32-bit unsigned int, but crash was reading its 32-bit value into a
64-bit unsigned long stack variable. All extra bits that pre-existed
in the upper 32-bits of the stack variable were passed along as part
of a buffer size request; if the upper 32-bit bits were non-zero,
then the command would fail with a dump of the internal buffer
allocation stats followed by the message "log: cannot allocate any
more memory!".
(anderson(a)redhat.com)
- When determining the ARM64 kernel's "vabits_actual" value by reading
the new TCR_EL1.T1SZ vmcoreinfo entry, display its value during
session initialization only when invoking crash with "-d1" or larger
-d debug value.
(anderson(a)redhat.com)
- Update copyright to 2020 in crash version output.
(anderson(a)redhat.com)
- Fix for ARM64 when running against Linux 5.5-rc1 and later kernels
that contain commit b6e43c0e3129ffe87e65c85f20fcbdf0eb86fba0, titled
"arm64: remove __exception annotations". Without the patch, the
ARM64 crash session fails during initialization with the error
message "crash: cannot resolve __exception_text_start".
(anderson(a)redhat.com)
- Fix for support of ELF format kdump vmcores from S390X KASLR kernels.
Without the patch, the crash session fails during initialization with
the error message "crash: vmlinux and vmcore do not match!".
(anderson(a)redhat.com)
- Fix for support of S390X standalone dumpfiles and LKCD dumpfiles that
were taken from S390X KASLR kernels.
(zaslonko(a)linux.ibm.com)
- Rework the previous patch for support of S390X standalone dumpfiles
and LKCD dumpfiles that were taken from S390X KASLR kernels to avoid
calling an s390x-specific function from generic code.
(zaslonko(a)linux.ibm.com)
- Fix for a gcc-10 compilation error. Without the patch, the build of
the crash library fails with a stream of error messages indicating
"multiple definition of 'diskdump_flags'"
(anderson(a)redhat.com)
5 years, 1 month
help debug number of CPU detect failure
by Santosh Yadawar
Hello List,
I've a two ELF coredumps from two different HyperV VMs generated by this tool (https://github.com/Azure/azure-linux-utils/tree/master/vm2core).
Crash works with one of these coredumps but do not work with other.
I've placed the output generated by crash tool here:
Not ok with crash:
./crash/crash /usr/lib/debug/boot/vmlinux-4.15.0-88-generic vm1_numa_4gb_5cpu.coredump --kaslr 600000 -m phys_base=4355784704 -d8
https://raw.githubusercontent.com/santoshx/temp/master/notok_with_crash.txt
Ok with crash:
./crash/crash /usr/lib/debug/boot/vmlinux-4.15.0-88-generic vm1_nonuma_4gb_5cpu.coredump --kaslr 3c00000 -m phys_base=2344615936 -d8
https://raw.githubusercontent.com/santoshx/temp/master/ok_with_crash.txt
The problem I see that in non-working case crash fails to detect correct cpu_possible_mask:
Relevant part of $ diff ok_with_crash.txt notok_with_crash.txt:
< cpu_active_mask: cpus: 0 1 2 3 4
< FREEBUF(0)
< <readmem: ffffffff86039f40, KVADDR, "pv_init_ops", 8, (ROE), 7ffe01722870>
< <read_kdump: addr: ffffffff86039f40 paddr: 91c39f40 cnt: 8>
< read_netdump: addr: ffffffff86039f40 paddr: 91c39f40 cnt: 8 offset: 91c3a760
---
> <readmem: ffffffff826f2b60, KVADDR, "possible", 1024, (ROE), 5638a35a2280>
> <read_kdump: addr: ffffffff826f2b60 paddr: 1060f2b60 cnt: 1024>
> read_netdump: addr: ffffffff826f2b60 paddr: 1060f2b60 cnt: 1024 offset: fe0f3380
> cpu_possible_mask: cpus: 3 4 5 6 8 13 14 18 20 21 22 26 28 29 30 33 36 37 38 48 49 52 53 54 56 59 60 61 62 64 65 68 69 70 72 73 74 75 76 78 82 83 85 86 90 91 93 94 96 99 101 102 104 105 108 109 110 114 116 117 118 123 124 125 126 128 133 134 138 140 141 142 146 148 149 150 153 156 157 158 168 169 172 173 174 176 179 180 181 182 184 185 188 189 190 192 193 194 195 196 198 200 202 205 206 211 212 213 214 216 219 221 222 226 228 229 230 232 233 234 235 236 238 242 243 245 246 248 251 253 254 256 257 260 261 262 266 268 269 270 275 276 277 278 280 285 286 290 292 293 294 298 300 301 302 305 308 309 310 320 321 324 325 326 328 331 332 333 334 336 337 340 341 342 344 345 346 347 348 350 352 354 357 358 361 362 363 365 366 370 372 373 374 376 378 381 382 385 388 389 390 392 393 394 395 396 398 402 403 405 406 408 411 413 414 416 417 420 421 422 426 428 429 430 435 436 437 438 440 445 446 450 452 453 454 458 460 461 462 465 468 469 470 480 481 484 485 486 488 491 492 493 494 496 497 500 501 502 504 505 506 507 508 510 514 515 517 518 520 523 525 526 528 529 532 533 534 538 540 541 542 547 548 549
I'm trying to find where the problem is? in the crash too or the tool that generated the ELF coredumps?
Thank you,
Santosh
5 years, 1 month
[PATCH 0/1] extensions: proccgroup.c
by Wang Long
Hi Dave,
I build the proccgroup extensions on https://people.redhat.com/anderson/extensions/proccgroup.c.
and find a bug on centos 7. the following patch fix it.
I also want to ask another question:
Why not put various extensions in the extensions directory of the source code?
Wang Long (1):
extensions: proccgroup: fix the wrong method which detect whether to
support getting subsys name
extensions/proccgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
1.8.3.1
5 years, 1 month
[PATCH] Add eBPF program name to "bpf -p|-P" options output
by HAGIO KAZUHITO(萩尾 一仁)
"bpftool prog list" command displays eBPF program name if available.
Also, the crash "bpf -m|-M" options display eBPF map name. But the
"bpf -p|-P" options don't display its name. It would be useful in
finding the program which we want to see.
Signed-off-by: Kazuhito Hagio <k-hagio-ab(a)nec.com>
---
bpf.c | 12 ++++++++++++
defs.h | 1 +
help.c | 3 ++-
symbols.c | 2 ++
4 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/bpf.c b/bpf.c
index 39ced88..cb6b0ed 100644
--- a/bpf.c
+++ b/bpf.c
@@ -194,6 +194,7 @@ bpf_init(struct bpf_info *bpf)
MEMBER_OFFSET_INIT(bpf_prog_pages, "bpf_prog", "pages");
MEMBER_OFFSET_INIT(bpf_prog_aux_load_time, "bpf_prog_aux", "load_time");
MEMBER_OFFSET_INIT(bpf_prog_aux_user, "bpf_prog_aux", "user");
+ MEMBER_OFFSET_INIT(bpf_prog_aux_name, "bpf_prog_aux", "name");
MEMBER_OFFSET_INIT(bpf_map_key_size, "bpf_map", "key_size");
MEMBER_OFFSET_INIT(bpf_map_value_size, "bpf_map", "value_size");
MEMBER_OFFSET_INIT(bpf_map_max_entries, "bpf_map", "max_entries");
@@ -452,6 +453,17 @@ do_bpf(ulong flags, ulong prog_id, ulong map_id, int radix)
bpf_prog_gpl_compatible(buf1, (ulong)bpf->proglist[i].value);
fprintf(fp, " GPL_COMPATIBLE: %s", buf1);
+ fprintf(fp, " NAME: ");
+ if (VALID_MEMBER(bpf_prog_aux_name)) {
+ BCOPY(&bpf->bpf_prog_aux_buf[OFFSET(bpf_prog_aux_name)], buf1, 16);
+ buf1[16] = NULLCHAR;
+ if (strlen(buf1))
+ fprintf(fp, "\"%s\"", buf1);
+ else
+ fprintf(fp, "(unused)");
+ } else
+ fprintf(fp, "(unknown)");
+
fprintf(fp, " UID: ");
if (VALID_MEMBER(bpf_prog_aux_user) && VALID_MEMBER(user_struct_uid)) {
user = ULONG(bpf->bpf_prog_aux_buf + OFFSET(bpf_prog_aux_user));
diff --git a/defs.h b/defs.h
index fbd19b0..e852ddf 100644
--- a/defs.h
+++ b/defs.h
@@ -2078,6 +2078,7 @@ struct offset_table { /* stash of commonly-used offsets */
long bpf_map_memory;
long bpf_map_memory_pages;
long bpf_map_memory_user;
+ long bpf_prog_aux_name;
};
struct size_table { /* stash of commonly-used sizes */
diff --git a/help.c b/help.c
index 5c313af..eda5ce9 100644
--- a/help.c
+++ b/help.c
@@ -2412,7 +2412,8 @@ char *help_bpf[] = {
" -p ID displays the basic information specific to the program ID, plus the",
" size in bytes of its translated bytecode, the size in bytes of its",
" jited code, the number of bytes locked into memory, the time that",
-" the program was loaded, whether it is GPL compatible, and its UID.",
+" the program was loaded, whether it is GPL compatible, its name",
+" string, and its UID.",
" -P same as -p, but displays the basic and extra data for all programs.",
" -m ID displays the basic information specific to the map ID, plus the",
" size in bytes of its key and value, the maximum number of key-value",
diff --git a/symbols.c b/symbols.c
index f1f659b..9c3032d 100644
--- a/symbols.c
+++ b/symbols.c
@@ -10494,6 +10494,8 @@ dump_offset_table(char *spec, ulong makestruct)
OFFSET(bpf_prog_aux_load_time));
fprintf(fp, " bpf_prog_aux_user: %ld\n",
OFFSET(bpf_prog_aux_user));
+ fprintf(fp, " bpf_prog_aux_name: %ld\n",
+ OFFSET(bpf_prog_aux_name));
fprintf(fp, " user_struct_uid: %ld\n",
OFFSET(user_struct_uid));
--
2.24.1
5 years, 1 month
[PATCH] Fix for "bpf -m|-M" options on Linux 5.3 and later
by HAGIO KAZUHITO(萩尾 一仁)
Fix for the "bpf -m|-M" options on Linux 5.3 and later kernels that
contain commit 3539b96e041c06e4317082816d90ec09160aeb11, titled
"bpf: group memory related fields in struct bpf_map_memory".
Without the patch, the options prints "(unknown)" for MEMLOCK and UID.
Signed-off-by: Kazuhito Hagio <k-hagio-ab(a)nec.com>
---
bpf.c | 22 ++++++++++++++++++++--
defs.h | 3 +++
symbols.c | 6 ++++++
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/bpf.c b/bpf.c
index 056e286..39ced88 100644
--- a/bpf.c
+++ b/bpf.c
@@ -202,6 +202,13 @@ bpf_init(struct bpf_info *bpf)
MEMBER_OFFSET_INIT(bpf_map_user, "bpf_map", "user");
MEMBER_OFFSET_INIT(user_struct_uid, "user_struct", "uid");
+ /* Linux 5.3 */
+ MEMBER_OFFSET_INIT(bpf_map_memory, "bpf_map", "memory");
+ if (VALID_MEMBER(bpf_map_memory)) {
+ MEMBER_OFFSET_INIT(bpf_map_memory_pages, "bpf_map_memory", "pages");
+ MEMBER_OFFSET_INIT(bpf_map_memory_user, "bpf_map_memory", "user");
+ }
+
if (!bpf_type_size_init()) {
bpf->status = FALSE;
command_not_supported();
@@ -576,7 +583,11 @@ do_map_only:
fprintf(fp, "(unknown)");
fprintf(fp, " MEMLOCK: ");
- if (VALID_MEMBER(bpf_map_pages)) {
+ if (VALID_MEMBER(bpf_map_memory) && VALID_MEMBER(bpf_map_memory_pages)) {
+ map_pages = UINT(bpf->bpf_map_buf + OFFSET(bpf_map_memory)
+ + OFFSET(bpf_map_memory_pages));
+ fprintf(fp, "%d\n", map_pages * PAGESIZE());
+ } else if (VALID_MEMBER(bpf_map_pages)) {
map_pages = UINT(bpf->bpf_map_buf + OFFSET(bpf_map_pages));
fprintf(fp, "%d\n", map_pages * PAGESIZE());
} else
@@ -594,8 +605,15 @@ do_map_only:
fprintf(fp, "(unknown)\n");
fprintf(fp, " UID: ");
- if (VALID_MEMBER(bpf_map_user) && VALID_MEMBER(user_struct_uid)) {
+ if (VALID_MEMBER(bpf_map_memory) && VALID_MEMBER(bpf_map_memory_user))
+ user = ULONG(bpf->bpf_map_buf + OFFSET(bpf_map_memory)
+ + OFFSET(bpf_map_memory_user));
+ else if (VALID_MEMBER(bpf_map_user))
user = ULONG(bpf->bpf_map_buf + OFFSET(bpf_map_user));
+ else
+ user = 0;
+
+ if (user && VALID_MEMBER(user_struct_uid)) {
if (readmem(user + OFFSET(user_struct_uid), KVADDR, &uid, sizeof(uint),
"user_struct.uid", QUIET|RETURN_ON_ERROR))
fprintf(fp, "%d\n", uid);
diff --git a/defs.h b/defs.h
index ac24a5d..fbd19b0 100644
--- a/defs.h
+++ b/defs.h
@@ -2075,6 +2075,9 @@ struct offset_table { /* stash of commonly-used offsets */
long device_private_knode_class;
long timerqueue_head_rb_root;
long rb_root_cached_rb_leftmost;
+ long bpf_map_memory;
+ long bpf_map_memory_pages;
+ long bpf_map_memory_user;
};
struct size_table { /* stash of commonly-used sizes */
diff --git a/symbols.c b/symbols.c
index f04e8b5..f1f659b 100644
--- a/symbols.c
+++ b/symbols.c
@@ -10479,6 +10479,12 @@ dump_offset_table(char *spec, ulong makestruct)
OFFSET(bpf_map_name));
fprintf(fp, " bpf_map_user: %ld\n",
OFFSET(bpf_map_user));
+ fprintf(fp, " bpf_map_memory: %ld\n",
+ OFFSET(bpf_map_memory));
+ fprintf(fp, " bpf_map_memory_pages: %ld\n",
+ OFFSET(bpf_map_memory_pages));
+ fprintf(fp, " bpf_map_memory_user: %ld\n",
+ OFFSET(bpf_map_memory_user));
fprintf(fp, " bpf_prog_aux_used_map_cnt: %ld\n",
OFFSET(bpf_prog_aux_used_map_cnt));
--
2.24.1
5 years, 1 month
[PATCH V2] extensions: add extend -s option to show all available shared object file
by Wang Long
When we load extensions, sometime we do not know the exact name of the shared
object file.
This patch add -s option for extend cmd to show all available shared object file.
for example:
crash> extend -s
./trace.so
/usr/lib64/crash/extensions/dminfo.so
/usr/lib64/crash/extensions/echo.so
/usr/lib64/crash/extensions/eppic.so
/usr/lib64/crash/extensions/snap.so
/usr/lib64/crash/extensions/trace.so
./extensions/dminfo.so
./extensions/eppic.so
./extensions/echo.so
./extensions/snap.so
./extensions/trace.so
crash> extend -s -l
extend: -l and -s are mutually exclusive
Usage:
extend [shared-object ...] | [-u [shared-object ...]] | -s
Enter "help extend" for details.
crash> extend -s -u
extend: -u and -s are mutually exclusive
Usage:
extend [shared-object ...] | [-u [shared-object ...]] | -s
Enter "help extend" for details.
crash>
Also, this patch update the help for extend command:
add the search order "5. the ./extensions subdirectory of the current directory"
Changes since v1:
- -s option also check the current working directory
- fix warning
Signed-off-by: Wang Long <w(a)laoqinren.net>
---
extensions.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
help.c | 4 +++-
2 files changed, 74 insertions(+), 5 deletions(-)
diff --git a/extensions.c b/extensions.c
index 24b91de..d23b1e3 100644
--- a/extensions.c
+++ b/extensions.c
@@ -20,10 +20,13 @@
static int in_extensions_library(char *, char *);
static char *get_extensions_directory(char *);
+static void show_all_extensions(void);
+static void show_extensions(char *);
-#define DUMP_EXTENSIONS (0)
-#define LOAD_EXTENSION (1)
-#define UNLOAD_EXTENSION (2)
+#define DUMP_EXTENSIONS (0)
+#define LOAD_EXTENSION (1)
+#define UNLOAD_EXTENSION (2)
+#define SHOW_ALL_EXTENSIONS (4)
/*
* Load, unload, or list the extension libaries.
@@ -36,14 +39,30 @@ cmd_extend(void)
flag = DUMP_EXTENSIONS;
- while ((c = getopt(argcnt, args, "lu")) != EOF) {
+ while ((c = getopt(argcnt, args, "lus")) != EOF) {
switch(c)
{
+ case 's':
+ if (flag & UNLOAD_EXTENSION) {
+ error(INFO,
+ "-s and -u are mutually exclusive\n");
+ argerrs++;
+ }else if (flag & LOAD_EXTENSION) {
+ error(INFO,
+ "-s and -l are mutually exclusive\n");
+ argerrs++;
+ } else
+ flag |= SHOW_ALL_EXTENSIONS;
+ break;
case 'l':
if (flag & UNLOAD_EXTENSION) {
error(INFO,
"-l and -u are mutually exclusive\n");
argerrs++;
+ } else if (flag & SHOW_ALL_EXTENSIONS) {
+ error(INFO,
+ "-l and -s are mutually exclusive\n");
+ argerrs++;
} else
flag |= LOAD_EXTENSION;
break;
@@ -53,6 +72,10 @@ cmd_extend(void)
error(INFO,
"-u and -l are mutually exclusive\n");
argerrs++;
+ } else if (flag & SHOW_ALL_EXTENSIONS) {
+ error(INFO,
+ "-u and -s are mutually exclusive\n");
+ argerrs++;
} else
flag |= UNLOAD_EXTENSION;
break;
@@ -100,6 +123,11 @@ cmd_extend(void)
optind++;
}
break;
+
+ case SHOW_ALL_EXTENSIONS:
+ show_all_extensions();
+ break;
+
}
}
@@ -182,6 +210,45 @@ dump_extension_table(int verbose)
} while ((ext = ext->prev));
}
+static void
+show_extensions(char *dir) {
+ DIR *dirp;
+ struct dirent *dp;
+ char filename[BUFSIZE*2];
+
+ dirp = opendir(dir);
+ if (!dirp)
+ return;
+
+ for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
+ sprintf(filename, "%s%s%s", dir,
+ LASTCHAR(dir) == '/' ? "" : "/",
+ dp->d_name);
+
+ if (!is_shared_object(filename))
+ continue;
+ fprintf(fp, "%s\n", filename);
+ }
+
+ closedir(dirp);
+}
+
+static void
+show_all_extensions(void)
+{
+ char *dir;
+
+ show_extensions("./");
+
+ if ((dir = getenv("CRASH_EXTENSIONS")))
+ show_extensions(dir);
+
+ if (BITS64())
+ show_extensions("/usr/lib64/crash/extensions/");
+
+ show_extensions("/usr/lib/crash/extensions/");
+ show_extensions("./extensions/");
+}
/*
* Load an extension library.
diff --git a/help.c b/help.c
index a481850..a0ebe42 100644
--- a/help.c
+++ b/help.c
@@ -2164,13 +2164,14 @@ NULL
char *help_extend[] = {
"extend",
"extend the %s command set",
-"[shared-object ...] | [-u [shared-object ...]]",
+"[shared-object ...] | [-u [shared-object ...]] | -s",
" This command dynamically loads or unloads %s extension shared object",
" libraries:\n",
" shared-object load the specified shared object file; more than one",
" one object file may be entered.",
" -u shared-object unload the specified shared object file; if no file",
" arguments are specified, unload all objects.",
+" -s show all available shared object file.",
"\n If the shared-object filename is not expressed with a fully-qualified",
" pathname, the following directories will be searched in the order shown,",
" and the first instance of the file that is found will be selected:\n",
@@ -2178,6 +2179,7 @@ char *help_extend[] = {
" 2. the directory specified in the CRASH_EXTENSIONS environment variable",
" 3. /usr/lib64/crash/extensions (64-bit architectures)",
" 4. /usr/lib/crash/extensions",
+" 5. the ./extensions subdirectory of the current directory",
"\n If no arguments are entered, the current set of shared object files and ",
" a list of their commands will be displayed. The registered commands",
" contained in each shared object file will appear automatically in the ",
--
1.8.3.1
ù�
5 years, 1 month
[PATCH] extensions: add extend -s option to show all available shared object file
by Wang Long
When we load extensions, sometime we do not know the exact name of the shared
object file.
This patch add -s option for extend cmd to show all available shared object file.
for example:
crash> extend -s
/usr/lib64/crash/extensions/dminfo.so
/usr/lib64/crash/extensions/echo.so
/usr/lib64/crash/extensions/eppic.so
/usr/lib64/crash/extensions/snap.so
/usr/lib64/crash/extensions/trace.so
./extensions/dminfo.so
./extensions/eppic.so
./extensions/echo.so
./extensions/snap.so
./extensions/trace.so
crash> extend -s -l
extend: -l and -s are mutually exclusive
Usage:
extend [shared-object ...] | [-u [shared-object ...]] | -s
Enter "help extend" for details.
crash> extend -s -u
extend: -u and -s are mutually exclusive
Usage:
extend [shared-object ...] | [-u [shared-object ...]] | -s
Enter "help extend" for details.
crash>
Also, this patch update the help for extend command:
add the search order "5. the ./extensions subdirectory of the current directory"
Signed-off-by: Wang Long <w(a)laoqinren.net>
---
extensions.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
help.c | 4 +++-
2 files changed, 71 insertions(+), 5 deletions(-)
diff --git a/extensions.c b/extensions.c
index 24b91de..bdf9e93 100644
--- a/extensions.c
+++ b/extensions.c
@@ -20,10 +20,12 @@
static int in_extensions_library(char *, char *);
static char *get_extensions_directory(char *);
+static void show_all_extensions();
-#define DUMP_EXTENSIONS (0)
-#define LOAD_EXTENSION (1)
-#define UNLOAD_EXTENSION (2)
+#define DUMP_EXTENSIONS (0)
+#define LOAD_EXTENSION (1)
+#define UNLOAD_EXTENSION (2)
+#define SHOW_ALL_EXTENSIONS (4)
/*
* Load, unload, or list the extension libaries.
@@ -36,14 +38,30 @@ cmd_extend(void)
flag = DUMP_EXTENSIONS;
- while ((c = getopt(argcnt, args, "lu")) != EOF) {
+ while ((c = getopt(argcnt, args, "lus")) != EOF) {
switch(c)
{
+ case 's':
+ if (flag & UNLOAD_EXTENSION) {
+ error(INFO,
+ "-s and -u are mutually exclusive\n");
+ argerrs++;
+ }else if (flag & LOAD_EXTENSION) {
+ error(INFO,
+ "-s and -l are mutually exclusive\n");
+ argerrs++;
+ } else
+ flag |= SHOW_ALL_EXTENSIONS;
+ break;
case 'l':
if (flag & UNLOAD_EXTENSION) {
error(INFO,
"-l and -u are mutually exclusive\n");
argerrs++;
+ } else if (flag & SHOW_ALL_EXTENSIONS) {
+ error(INFO,
+ "-l and -s are mutually exclusive\n");
+ argerrs++;
} else
flag |= LOAD_EXTENSION;
break;
@@ -53,6 +71,10 @@ cmd_extend(void)
error(INFO,
"-u and -l are mutually exclusive\n");
argerrs++;
+ } else if (flag & SHOW_ALL_EXTENSIONS) {
+ error(INFO,
+ "-u and -s are mutually exclusive\n");
+ argerrs++;
} else
flag |= UNLOAD_EXTENSION;
break;
@@ -100,6 +122,11 @@ cmd_extend(void)
optind++;
}
break;
+
+ case SHOW_ALL_EXTENSIONS:
+ show_all_extensions();
+ break;
+
}
}
@@ -182,6 +209,43 @@ dump_extension_table(int verbose)
} while ((ext = ext->prev));
}
+void show_extensions(char *dir) {
+ DIR *dirp;
+ struct dirent *dp;
+ char filename[BUFSIZE*2];
+ int found;
+
+ dirp = opendir(dir);
+ if (!dirp)
+ return;
+
+ for (found = 0, dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
+ sprintf(filename, "%s%s%s", dir,
+ LASTCHAR(dir) == '/' ? "" : "/",
+ dp->d_name);
+
+ if (!is_shared_object(filename))
+ continue;
+ fprintf(fp, "%s\n", filename);
+ }
+
+ closedir(dirp);
+}
+
+static void
+show_all_extensions()
+{
+ char *dir;
+
+ if ((dir = getenv("CRASH_EXTENSIONS")))
+ show_extensions(dir);
+
+ if (BITS64())
+ show_extensions("/usr/lib64/crash/extensions/");
+
+ show_extensions("/usr/lib/crash/extensions/");
+ show_extensions("./extensions/");
+}
/*
* Load an extension library.
diff --git a/help.c b/help.c
index a481850..a0ebe42 100644
--- a/help.c
+++ b/help.c
@@ -2164,13 +2164,14 @@ NULL
char *help_extend[] = {
"extend",
"extend the %s command set",
-"[shared-object ...] | [-u [shared-object ...]]",
+"[shared-object ...] | [-u [shared-object ...]] | -s",
" This command dynamically loads or unloads %s extension shared object",
" libraries:\n",
" shared-object load the specified shared object file; more than one",
" one object file may be entered.",
" -u shared-object unload the specified shared object file; if no file",
" arguments are specified, unload all objects.",
+" -s show all available shared object file.",
"\n If the shared-object filename is not expressed with a fully-qualified",
" pathname, the following directories will be searched in the order shown,",
" and the first instance of the file that is found will be selected:\n",
@@ -2178,6 +2179,7 @@ char *help_extend[] = {
" 2. the directory specified in the CRASH_EXTENSIONS environment variable",
" 3. /usr/lib64/crash/extensions (64-bit architectures)",
" 4. /usr/lib/crash/extensions",
+" 5. the ./extensions subdirectory of the current directory",
"\n If no arguments are entered, the current set of shared object files and ",
" a list of their commands will be displayed. The registered commands",
" contained in each shared object file will appear automatically in the ",
--
1.8.3.1
5 years, 1 month