September 2025 - Crash-utility - Crash Utility List Archives

[PATCH] Add "log -R" to display human readable Rust symbol name

by Lianbo Jiang

Currently, the log command will display human readable Rust symbol name by default if any, but, sometimes still want to print the original messages from the log buffer(do not demangle). In addition, if the log buffer has lines like "_R ... +" which are not Rust symbols unexpectedly, probably the output will be missed, that is unexpected. To fix above cases, add "log -R" to display human readable Rust symbol name, otherwise still print the original messages. With the patch: crash> log -R ... [ 2174.289360] Tainted: [S]=CPU_OUT_OF_SPEC, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 2174.297322] Hardware name: Intel Corporation S2600CWR/S2600CWR, BIOS SE5C610.86B.01.01.0018.072020161249 07/20/2016 [ 2174.308966] Call Trace: [ 2174.311693] <TASK> [ 2174.314033] dump_stack_lvl+0x5d/0x80 [ 2174.318125] panic+0x156/0x32a [ 2174.321539] rust_panic::area_in_hp+0xf7/0x120 [rust_panic] [ 2174.329700] ? console_unlock+0x9c/0x140 [ 2174.334080] ? irq_work_queue+0x2d/0x50 [ 2174.338352] ? __pfx_init_module+0x10/0x10 [rust_panic] [ 2174.344183] <rust_panic::HelloPanic>::step_two+0x20/0xe0 [rust_panic] [ 2174.353698] ? _printk+0x6b/0x90 [ 2174.357303] init_module+0x57/0xff0 [rust_panic] [ 2174.362456] ? __pfx_init_module+0x10/0x10 [rust_panic] ... Suggested-by: Kazuhito Hagio <k-hagio-ab(a)nec.com> Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com> --- defs.h | 1 + help.c | 24 +++++++++++++++++++++++- kernel.c | 5 ++++- printk.c | 46 +++++++++++++++++++++++++--------------------- 4 files changed, 53 insertions(+), 23 deletions(-) diff --git a/defs.h b/defs.h index 156ac0232906..997145cba9d2 100644 --- a/defs.h +++ b/defs.h @@ -6227,6 +6227,7 @@ void parse_kernel_version(char *); #define SHOW_LOG_CTIME (0x10) #define SHOW_LOG_SAFE (0x20) #define SHOW_LOG_CALLER (0x40) +#define SHOW_LOG_RUST (0x80) void set_cpu(int); void clear_machdep_cache(void); struct stack_hook *gather_text_list(struct bt_info *); diff --git a/help.c b/help.c index 4f071e0bd0a0..78d7a5c70e30 100644 --- a/help.c +++ b/help.c @@ -4026,7 +4026,7 @@ NULL char *help_log[] = { "log", "dump system message buffer", -"[-Ttdmasc]", +"[-TtdmascR]", " This command dumps the kernel log_buf contents in chronological order. The", " command supports the older log_buf formats, which may or may not contain a", " timestamp inserted prior to each message, as well as the newer variable-length", @@ -4053,6 +4053,8 @@ char *help_log[] = { " the CPU id (if in CPU context) that called printk(), if available.", " Generally available on Linux 5.1 to 5.9 kernels configured with", " CONFIG_PRINTK_CALLER or Linux 5.10 and later kernels.", +" -R Display the message text with human readable Rust symbol name if any,", +" otherwise still print the original message text.", " ", "\nEXAMPLES", " Dump the kernel message buffer:\n", @@ -4231,6 +4233,26 @@ char *help_log[] = { " [ 0.014179] [ T29] RAMDISK: [mem 0x3cf4f000-0x437bbfff]", " [ 0.198789] [ C0] DMAR: DRHD: handling fault status reg 3", " ...", +" ", +" Display the message text with human readable Rust symbol name if any,", +" otherwise still print the original message text.\n", +" %s> log -R", +" ...", +" [ 2174.289360] Tainted: [S]=CPU_OUT_OF_SPEC, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE", +" [ 2174.297322] Hardware name: Intel Corporation S2600CWR/S2600CWR, BIOS SE5C610.86B.01.01.0018.072020161249 07/20/2016", +" [ 2174.308966] Call Trace:", +" [ 2174.311693] <TASK>", +" [ 2174.314033] dump_stack_lvl+0x5d/0x80", +" [ 2174.318125] panic+0x156/0x32a", +" [ 2174.321539] rust_panic::area_in_hp+0xf7/0x120 [rust_panic]", +" [ 2174.329700] ? console_unlock+0x9c/0x140", +" [ 2174.334080] ? irq_work_queue+0x2d/0x50", +" [ 2174.338352] ? __pfx_init_module+0x10/0x10 [rust_panic]", +" [ 2174.344183] <rust_panic::HelloPanic>::step_two+0x20/0xe0 [rust_panic]", +" [ 2174.353698] ? _printk+0x6b/0x90", +" [ 2174.357303] init_module+0x57/0xff0 [rust_panic]", +" [ 2174.362456] ? __pfx_init_module+0x10/0x10 [rust_panic]", +" ...", NULL }; diff --git a/kernel.c b/kernel.c index e4213d7a663e..e077275d7ed6 100644 --- a/kernel.c +++ b/kernel.c @@ -5136,7 +5136,7 @@ cmd_log(void) msg_flags = 0; - while ((c = getopt(argcnt, args, "Ttdmasc")) != EOF) { + while ((c = getopt(argcnt, args, "TtdmascR")) != EOF) { switch(c) { case 'T': @@ -5160,6 +5160,9 @@ cmd_log(void) case 'c': msg_flags |= SHOW_LOG_CALLER; break; + case 'R': + msg_flags |= SHOW_LOG_RUST; + break; default: argerrs++; break; diff --git a/printk.c b/printk.c index 51b618e2a434..e4cc6dc30065 100644 --- a/printk.c +++ b/printk.c @@ -202,7 +202,7 @@ dump_record(struct prb_map *m, unsigned long id, int msg_flags) text = m->text_data + begin; - if (text_len > BUFSIZE) { + if ((msg_flags & SHOW_LOG_RUST) && (text_len > BUFSIZE)) { error(WARNING, "\nThe messages could be truncated!\n"); text_len = BUFSIZE; } @@ -218,26 +218,30 @@ dump_record(struct prb_map *m, unsigned long id, int msg_flags) /* * Try to demangle a mangled Rust symbol(calltrace) from log buffer */ - char *p1 = strstr(buf, "_R"); - if (!p1) - p1 = strstr(buf, "_ZN"); - char *p2 = strrchr(buf, '+'); - if (p1 && p2) { - char mangled[BUFSIZE] = {0}; - char demangled[BUFSIZE] = {0}; - char *res; - size_t slen = p1 - buf; - - if (slen) - memcpy(demangled, buf, slen); - - memcpy(mangled, p1, p2-p1); - res = rust_demangle(mangled, DMGL_RUST); - if (res) { - snprintf(demangled+slen, BUFSIZE-slen, "%s%s", res, p2); - fprintf(fp, "%s",demangled); - free(res); - } + if (msg_flags & SHOW_LOG_RUST) { + char *p1 = strstr(buf, "_R"); + if (!p1) + p1 = strstr(buf, "_ZN"); + char *p2 = strrchr(buf, '+'); + if (p1 && p2) { + char mangled[BUFSIZE] = {0}; + char demangled[BUFSIZE] = {0}; + char *res; + size_t slen = p1 - buf; + + if (slen) + memcpy(demangled, buf, slen); + + memcpy(mangled, p1, p2-p1); + res = rust_demangle(mangled, DMGL_RUST); + if (res) { + snprintf(demangled+slen, BUFSIZE-slen, "%s%s", res, p2); + fprintf(fp, "%s",demangled); + free(res); + } else + fprintf(fp, "%s", buf); + } else + fprintf(fp, "%s", buf); } else fprintf(fp, "%s", buf); -- 2.50.1

1 week

2
1
0 / 0

[PATCH] Fix "mount <address>" and MNT_CURSOR entries.

by Aureau, Georges (Kernel Tools ERT)

Fix "mount <address>" and MNT_CURSOR entries: 1/ "mount <address>" is failing on kernels without "super_block.s_files": crash> mount ff35d61d80200000 mount: the super_block.s_files linked list does not exist in this kernel mount: -f option not supported or applicable on this architecture or kernel The MOUNT_PRINT_FILES flags should only be passed when "super_block.s_files" is available. 2/ "mount" is not skipping MNT_CURSOR entries (kernel >= 5.8): crash> mount > mount.out WARNING: cannot get super_block from vfsmnt: 0xff35d65eb1cc1820 crash> struct mount.mnt.mnt_sb,mnt.mnt_flags -x 0xff35d65eb1cc1820 mnt.mnt_sb = 0x0, mnt.mnt_flags = 0x10000000, When crashing with running "findmnt" commands, the mount list will have entries with mnt.mnt_flags==MNT_CURSOR (and mnt.mnt_sb==NULL). Such entries should be skipped without errors. Signed-off-by: Georges Aureau <georges.aureau(a)hpe.com> -- defs.h | 1 + filesys.c | 16 +++++++++++++++- symbols.c | 2 ++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/defs.h b/defs.h index 156ac02..9e37f26 100644 --- a/defs.h +++ b/defs.h @@ -1508,6 +1508,7 @@ struct offset_table { /* stash of commonly-used offsets */ long vfsmount_mnt_devname; long vfsmount_mnt_dirname; long vfsmount_mnt_sb; + long vfsmount_mnt_flags; long vfsmount_mnt_list; long vfsmount_mnt_mountpoint; long vfsmount_mnt_parent; diff --git a/filesys.c b/filesys.c index 8d13807..7439c2e 100644 --- a/filesys.c +++ b/filesys.c @@ -1296,7 +1296,7 @@ cmd_mount(void) * through it for each search argument entered. */ open_tmpfile(); - show_mounts(0, MOUNT_PRINT_FILES | + show_mounts(0, (VALID_MEMBER(super_block_s_files) ? MOUNT_PRINT_FILES : 0) | (VALID_MEMBER(super_block_s_dirty) ? MOUNT_PRINT_INODES : 0), namespace_context); @@ -1371,6 +1371,14 @@ cmd_mount(void) * Do the work for cmd_mount(); */ +/* For kernels >= 5.8, we need to skip MNT_CURSOR entries. + * See https://elixir.bootlin.com/linux/v5.8/source/include/linux/mount.h#L73 + * https://elixir.bootlin.com/linux/v5.8/source/fs/namespace.c#L661 + * https://elixir.bootlin.com/linux/v5.8/source/fs/namespace.c#L690 + * https://elixir.bootlin.com/linux/v5.8/source/fs/proc_namespace.c#L283 + */ +#define MNT_CURSOR 0x10000000 + static void show_mounts(ulong one_vfsmount, int flags, struct task_context *namespace_context) { @@ -1492,6 +1500,11 @@ show_mounts(ulong one_vfsmount, int flags, struct task_context *namespace_contex sbp = ULONG(vfsmount_buf + OFFSET(vfsmount_mnt_sb)); if (!IS_KVADDR(sbp)) { + if (sbp == 0 && VALID_MEMBER(vfsmount_mnt_flags)) { + int mnt_flags = INT(vfsmount_buf + OFFSET(vfsmount_mnt_flags)); + if (mnt_flags == MNT_CURSOR) + continue; + } error(WARNING, "cannot get super_block from vfsmnt: 0x%lx\n", *vfsmnt); continue; } @@ -2070,6 +2083,7 @@ vfs_init(void) MEMBER_OFFSET_INIT(mount_mnt_devname, "mount", "mnt_devname"); MEMBER_OFFSET_INIT(vfsmount_mnt_dirname, "vfsmount", "mnt_dirname"); MEMBER_OFFSET_INIT(vfsmount_mnt_sb, "vfsmount", "mnt_sb"); + MEMBER_OFFSET_INIT(vfsmount_mnt_flags, "vfsmount", "mnt_flags"); MEMBER_OFFSET_INIT(vfsmount_mnt_list, "vfsmount", "mnt_list"); if (INVALID_MEMBER(vfsmount_mnt_devname)) MEMBER_OFFSET_INIT(mount_mnt_list, "mount", "mnt_list"); diff --git a/symbols.c b/symbols.c index 112bcc6..92098a8 100644 --- a/symbols.c +++ b/symbols.c @@ -10685,6 +10685,8 @@ dump_offset_table(char *spec, ulong makestruct) OFFSET(vfsmount_mnt_dirname)); fprintf(fp, " vfsmount_mnt_sb: %ld\n", OFFSET(vfsmount_mnt_sb)); + fprintf(fp, " vfsmount_mnt_flags: %ld\n", + OFFSET(vfsmount_mnt_flags)); fprintf(fp, " vfsmount_mnt_list: %ld\n", OFFSET(vfsmount_mnt_list)); fprintf(fp, " vfsmount_mnt_mountpoint: %ld\n",

1 week

1
0
0 / 0

[PATCH] Fix for log command printed a couple of empty lines

by Lianbo Jiang

The log command printed a couple of empty lines (only timestamps), which was caused by the commit 99bb57ac98af ("Enable resolving mangled Rust symbol in lockless ring buffer"), E.g: $ diff -u log.pre log.cur --- log.pre 2025-09-16 13:14:31.022206514 +0900 +++ log.cur 2025-09-16 13:14:56.220390987 +0900 @@ -210,7 +210,7 @@ [ 0.169375] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns [ 0.169375] futex hash table entries: 1024 (order: 4, 65536 bytes, linear) [ 0.169375] pinctrl core: initialized pinctrl subsystem -[ 0.172925] NET: Registered PF_NETLINK/PF_ROUTE protocol family +[ 0.172925] [ 0.172983] DMA: preallocated 512 KiB GFP_KERNEL pool for atomic allocations [ 0.172986] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations [ 0.172988] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations @@ -807,7 +807,7 @@ [771438.513231] entry_SYSCALL_64_after_hwframe+0x72/0xdc [771438.513423] RIP: 0033:0x7fbd9f8fda57 [771438.513576] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 -[771438.514251] RSP: 002b:00007ffee0de2b98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 +[771438.514251] [771438.514534] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fbd9f8fda57 [771438.514800] RDX: 0000000000000002 RSI: 00005647ccc0a330 RDI: 0000000000000001 [771438.515066] RBP: 00005647ccc0a330 R08: 0000000000000003 R09: 0000000000000000 This is because the strchrnul() returns a pointer to the null byte instead NULL if the char to be searched is not in the string. Given that, let's replace the strchrnul() with the strrchr(). Fixes: 99bb57ac98af ("Enable resolving mangled Rust symbol in lockless ring buffer") Reported-by: Kazuhito Hagio <k-hagio-ab(a)nec.com> Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com> --- printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/printk.c b/printk.c index ae28c4fa0b21..51b618e2a434 100644 --- a/printk.c +++ b/printk.c @@ -221,7 +221,7 @@ dump_record(struct prb_map *m, unsigned long id, int msg_flags) char *p1 = strstr(buf, "_R"); if (!p1) p1 = strstr(buf, "_ZN"); - char *p2 = strchrnul(buf, '+'); + char *p2 = strrchr(buf, '+'); if (p1 && p2) { char mangled[BUFSIZE] = {0}; char demangled[BUFSIZE] = {0}; -- 2.50.1

1 week

1
0
0 / 0

[PATCH] Fix a compilation error on the old gcc version 8.5.0

by Lianbo Jiang

The current issue occured on gcc version 8.5.0, can not been seen in the latest gcc version. $ make -j8 lzo symbols.c: In function ‘namespace_ctl’: symbols.c:3358:3: error: a label can only be part of a statement and a declaration is not a statement char demangled[BUFSIZE] = {0}; ^~~~ make[5]: *** [Makefile:403: symbols.o] Error 1 make[5]: *** Waiting for unfinished jobs.... ... crash build failed ... Let's put the declaration at the beginning of this function to fix such cases. Reported-by: Tao Liu <ltao(a)redhat.com> Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com> --- symbols.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/symbols.c b/symbols.c index f9eb51f6cd63..112bcc630bf2 100644 --- a/symbols.c +++ b/symbols.c @@ -3325,6 +3325,7 @@ namespace_ctl(int cmd, struct symbol_namespace *ns, void *nsarg1, void *nsarg2) char *name; long cnt; int len; + char demangled[BUFSIZE] = {0}; switch (cmd) { @@ -3355,7 +3356,6 @@ namespace_ctl(int cmd, struct symbol_namespace *ns, void *nsarg1, void *nsarg2) return TRUE; case NAMESPACE_INSTALL: - char demangled[BUFSIZE] = {0}; sp = (struct syment *)nsarg1; name = (char *)nsarg2; len = strlen(name)+1; -- 2.50.1

1 week, 1 day

1
0
0 / 0

[PATCH v2 3/3] Enable resolving mangled Rust symbol in lockless ring buffer

by Lianbo Jiang

Without the patch: crash> log ... [ 2174.308966] Call Trace: [ 2174.311693] <TASK> [ 2174.314033] dump_stack_lvl+0x5d/0x80 [ 2174.318125] panic+0x156/0x32a [ 2174.321539] _RNvCscb18lrEyTSA_10rust_panic10area_in_hp+0xf7/0x120 [rust_panic] [ 2174.329700] ? console_unlock+0x9c/0x140 [ 2174.334080] ? irq_work_queue+0x2d/0x50 [ 2174.338352] ? __pfx_init_module+0x10/0x10 [rust_panic] [ 2174.344183] _RNvMCscb18lrEyTSA_10rust_panicNtB2_10HelloPanic8step_two+0x20/0xe0 [rust_panic] [ 2174.353698] ? _printk+0x6b/0x90 ... With the patch: crash> log ... [ 2174.308966] Call Trace: [ 2174.311693] <TASK> [ 2174.314033] dump_stack_lvl+0x5d/0x80 [ 2174.318125] panic+0x156/0x32a [ 2174.321539] rust_panic::area_in_hp+0xf7/0x120 [rust_panic] [ 2174.329700] ? console_unlock+0x9c/0x140 [ 2174.334080] ? irq_work_queue+0x2d/0x50 [ 2174.338352] ? __pfx_init_module+0x10/0x10 [rust_panic] [ 2174.344183] <rust_panic::HelloPanic>::step_two+0x20/0xe0 [rust_panic] [ 2174.353698] ? _printk+0x6b/0x90 ... Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com> --- Note: 1. Add some checks to avoid the risk of buffer overflow. Makefile | 2 +- printk.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index fc1c9588dcfa..b277129f6df2 100644 --- a/Makefile +++ b/Makefile @@ -421,7 +421,7 @@ kernel.o: ${GENERIC_HFILES} kernel.c ${CC} -c ${CRASH_CFLAGS} kernel.c -I${BFD_DIRECTORY} -I${GDB_INCLUDE_DIRECTORY} ${WARNING_OPTIONS} ${WARNING_ERROR} printk.o: ${GENERIC_HFILES} printk.c - ${CC} -c ${CRASH_CFLAGS} printk.c ${WARNING_OPTIONS} ${WARNING_ERROR} + ${CC} -c ${CRASH_CFLAGS} printk.c -I${GDB_INCLUDE_DIRECTORY} ${WARNING_OPTIONS} ${WARNING_ERROR} gdb_interface.o: ${GENERIC_HFILES} gdb_interface.c ${CC} -c ${CRASH_CFLAGS} gdb_interface.c ${WARNING_OPTIONS} ${WARNING_ERROR} diff --git a/printk.c b/printk.c index 95db7e607e4c..ae28c4fa0b21 100644 --- a/printk.c +++ b/printk.c @@ -1,5 +1,6 @@ #include "defs.h" #include <ctype.h> +#include "demangle.h" /* convenience struct for passing many values to helper functions */ struct prb_map { @@ -201,14 +202,44 @@ dump_record(struct prb_map *m, unsigned long id, int msg_flags) text = m->text_data + begin; + if (text_len > BUFSIZE) { + error(WARNING, "\nThe messages could be truncated!\n"); + text_len = BUFSIZE; + } + for (i = 0, p = text; i < text_len; i++, p++) { if (*p == '\n') fprintf(fp, "\n%s", space(ilen)); else if (isprint(*p) || isspace(*p)) - fputc(*p, fp); + sprintf(&buf[i], "%c", *p); else fputc('.', fp); } + /* + * Try to demangle a mangled Rust symbol(calltrace) from log buffer + */ + char *p1 = strstr(buf, "_R"); + if (!p1) + p1 = strstr(buf, "_ZN"); + char *p2 = strchrnul(buf, '+'); + if (p1 && p2) { + char mangled[BUFSIZE] = {0}; + char demangled[BUFSIZE] = {0}; + char *res; + size_t slen = p1 - buf; + + if (slen) + memcpy(demangled, buf, slen); + + memcpy(mangled, p1, p2-p1); + res = rust_demangle(mangled, DMGL_RUST); + if (res) { + snprintf(demangled+slen, BUFSIZE-slen, "%s%s", res, p2); + fprintf(fp, "%s",demangled); + free(res); + } + } else + fprintf(fp, "%s", buf); if (msg_flags & SHOW_LOG_DICT) { text = info + OFFSET(printk_info_dev_info) + -- 2.50.1

1 week, 1 day

1
0
0 / 0

[PATCH] help: Add 'help -l' to show memory layout

by Rongwei Wang

From: Rongwei Wang <rongwei.wrw(a)gmail.com> 'help -m' can show most of variables which relates to memory layout, e.g. userspace_top, page_offset, vmalloc_start_addr, etc. They aren't a visual way to show a memory layout for kernel space. This patch provides 'help -l' to show memory layout, usage likes: crash> help -l Gap Hole: 0xffffffffff7ff001 - 0xffffffffffffffff Size: 8.0 MB Fixmap Area: 0xffffffffff578000 - 0xffffffffff7ff000 Size: 2.5 MB Gap Hole: 0xffffffffff000001 - 0xffffffffff577fff Size: 5.5 MB Module Area: 0xffffffffa0000000 - 0xffffffffff000000 Size: 1.5 GB Gap Hole: 0xffffffff84826001 - 0xffffffff9fffffff Size: 439.9 MB Kernel Image: 0xffffffff81000000 - 0xffffffff84826000 Size: 56.1 MB Gap Hole: 0xffffeb0000000000 - 0xffffffff80ffffff Size: 21.0 TB Vmemmap Area: 0xffffea0000000000 - 0xffffeaffffffffff Size: 1.0 TB Gap Hole: 0xffffe90000000000 - 0xffffe9ffffffffff Size: 1.0 TB Vmalloc Area: 0xffffc90000000000 - 0xffffe8ffffffffff Size: 32.0 TB Gap Hole: 0xffffc88000000000 - 0xffffc8ffffffffff Size: 512.0 GB Linear Mapping: 0xffff888000000000 - 0xffffc87fffffffff Size: 64.0 TB Linear Gap: 0xffff800000000000 - 0xffff887fffffffff Size: 8.5 TB Gap Hole: 0x0000800000000000 - 0xffff7fffffffffff Size: 16776960.0 TB User Space: 0x0000000000000000 - 0x00007fffffffffff Size: 128.0 TB Signed-off-by: Rongwei Wang <rongwei.wrw(a)gmail.com> --- defs.h | 14 +++- help.c | 7 +- memory.c | 11 +++ x86_64.c | 236 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 266 insertions(+), 2 deletions(-) diff --git a/defs.h b/defs.h index 4fecb83..a3f00d5 100644 --- a/defs.h +++ b/defs.h @@ -4100,12 +4100,23 @@ typedef signed int s32; #define __PHYSICAL_MASK_SHIFT_5LEVEL 52 #define __PHYSICAL_MASK_SHIFT (machdep->machspec->physical_mask_shift) #define __PHYSICAL_MASK ((1UL << __PHYSICAL_MASK_SHIFT) - 1) -#define __VIRTUAL_MASK_SHIFT 48 +#define __VIRTUAL_MASK_SHIFT 47 #define __VIRTUAL_MASK ((1UL << __VIRTUAL_MASK_SHIFT) - 1) #define PAGE_SHIFT 12 #define PAGE_SIZE (1UL << PAGE_SHIFT) #define PHYSICAL_PAGE_MASK (~(PAGE_SIZE-1) & __PHYSICAL_MASK ) + +#define KASAN_SHADOW_OFFSET 0xdffffc0000000000 +#define KASAN_SHADOW_SCALE_SHIFT 3 + +#define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET + \ + ((-1UL << __VIRTUAL_MASK_SHIFT) >> \ + KASAN_SHADOW_SCALE_SHIFT)) +#define KASAN_SHADOW_END (KASAN_SHADOW_START + \ + (1ULL << (__VIRTUAL_MASK_SHIFT - \ + KASAN_SHADOW_SCALE_SHIFT))) + #define _PAGE_BIT_NX 63 #define _PAGE_PRESENT 0x001 #define _PAGE_RW 0x002 @@ -5911,6 +5922,7 @@ int phys_to_page(physaddr_t, ulong *); int generic_get_kvaddr_ranges(struct vaddr_range *); int l1_cache_size(void); int dumpfile_memory(int); +void dump_memory_layout(void); #define DUMPFILE_MEM_USED (1) #define DUMPFILE_FREE_MEM (2) #define DUMPFILE_MEM_DUMP (3) diff --git a/help.c b/help.c index 5d61e0d..cd54744 100644 --- a/help.c +++ b/help.c @@ -538,7 +538,7 @@ cmd_help(void) oflag = 0; while ((c = getopt(argcnt, args, - "efNDdmM:ngcaBbHhkKsvVoptTzLOr")) != EOF) { + "efNDdmM:ngcaBbHhkKsvVoptTzLOrl")) != EOF) { switch(c) { case 'e': @@ -666,6 +666,7 @@ cmd_help(void) fprintf(fp, " -v - vm_table\n"); fprintf(fp, " -V - vm_table (verbose)\n"); fprintf(fp, " -z - help options\n"); + fprintf(fp, " -l - show memory layout\n"); return; case 'L': @@ -676,6 +677,10 @@ cmd_help(void) dump_registers(); return; + case 'l': + dump_memory_layout(); + return; + default: argerrs++; break; diff --git a/memory.c b/memory.c index 400d31a..55ed2f1 100644 --- a/memory.c +++ b/memory.c @@ -17657,6 +17657,17 @@ dumpfile_memory(int cmd) return retval; } +#ifdef X86_64 +extern void x86_64_dump_memory_layout(void); +#endif + +void dump_memory_layout(void) +{ +#ifdef X86_64 + x86_64_dump_memory_layout(); +#endif +} + /* * Functions for sparse mem support */ diff --git a/x86_64.c b/x86_64.c index d7da536..bfb53b4 100644 --- a/x86_64.c +++ b/x86_64.c @@ -1151,6 +1151,242 @@ x86_64_dump_machdep_table(ulong arg) fprintf(fp, "excpetion_functions_orig\n"); } +#define MAX_LAYOUT 32 +struct mem_segment { + char name[64]; + char desc[64]; + unsigned long start; + unsigned long end; +}; + +struct mem_layout { + int count; + struct mem_segment segs[MAX_LAYOUT]; +}; + +char* format_bytes(unsigned long bytes, char* buffer, int buffer_size) +{ + const char* units[] = {"B", "KB", "MB", "GB", "TB"}; + int i = 0; + double readable_size = (double)bytes; + + /* Handle the edge case of zero bytes */ + if (bytes == 0) { + snprintf(buffer, buffer_size, "0 B"); + return buffer; + } + + /* Handle negative values if necessary, though size is typically non-negative */ + if (bytes < 0) { + snprintf(buffer, buffer_size, "Invalid size"); + return buffer; + } + + while (readable_size >= 1024 && i < (sizeof(units) / sizeof(units[0]) - 1)) { + readable_size /= 1024; + i++; + } + + memset(buffer, '\0', buffer_size); + snprintf(buffer, buffer_size, "%.1f %s", readable_size, units[i]); + + return buffer; +} + +int compare_segments(const void *a, const void *b) +{ + const struct mem_segment *seg_a = (const struct mem_segment *)a; + const struct mem_segment *seg_b = (const struct mem_segment *)b; + + if (seg_a->start > seg_b->start) return -1; + if (seg_a->start < seg_b->start) return 1; + return 0; +} + +void print_layout(struct mem_layout *layout) +{ + struct mem_segment *segs = layout->segs; + struct mem_segment seg; + int i; + + if (layout == NULL) + return; + + for (i=0; i<layout->count; i++) { + seg = segs[i]; + + fprintf(fp, "%s:\t 0x%016lx - 0x%016lx\t Size: %s\n", seg.name, seg.start, + seg.end, seg.desc); + } +} + +#define __round_mask(x, y) ((__typeof__(x))((y)-1)) +#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) +#define round_down(x, y) ((x) & ~__round_mask(x, y)) + +/* + * memory layout: + * + * Gap Area: 0xffffffffff7ff001 - 0xffffffffffffffff Size: 8.0 MB + * Fixmap Area: 0xffffffffff578000 - 0xffffffffff7ff000 Size: 2.5 MB + * Gap Area: 0xffffffffff000001 - 0xffffffffff577fff Size: 5.5 MB + * Module Area: 0xffffffffa0000000 - 0xffffffffff000000 Size: 1.5 GB + * Gap Area: 0xffffffff84826001 - 0xffffffff9fffffff Size: 439.9 MB + * Kernel Image: 0xffffffff81000000 - 0xffffffff84826000 Size: 56.1 MB + * Gap Area: 0xffffeb0000000000 - 0xffffffff80ffffff Size: 21.0 TB + * Vmemmap Area: 0xffffea0000000000 - 0xffffeaffffffffff Size: 1.0 TB + * Gap Area: 0xffffe90000000000 - 0xffffe9ffffffffff Size: 1.0 TB + * Vmalloc Area: 0xffffc90000000000 - 0xffffe8ffffffffff Size: 32.0 TB + * Gap Area: 0xffffc88000000000 - 0xffffc8ffffffffff Size: 512.0 GB + * Linear Mapping: 0xffff888000000000 - 0xffffc87fffffffff Size: 64.0 TB + * Linear Gap: 0xffff800000000000 - 0xffff887fffffffff Size: 8.5 TB + * Gap Area: 0x0000800000000000 - 0xffff7fffffffffff Size:16776960.0 TB + * User Space: 0x0000000000000000 - 0x00007fffffffffff Size: 128.0 TB + * + * kernel space: + * _end, _text + * vmemmap_end: ms->vmemmap_end + * vmemmap_vaddr: ms->vmemmap_vaddr + * vmalloc_end: ms->vmalloc_end + * vmalloc_start_addr: ms->vmalloc_start_addr + * page_offset_base: ms->page_offset + * + * user space: + * userspace_top: ms->userspace_top + * + */ +void x86_64_dump_memory_layout(void) +{ + struct mem_layout *layout = NULL; + ulong text_start, text_end; + struct machine_specific *ms = machdep->machspec; + int i, next_idx; + char size_buf[20]; + long value = 0; + + layout = malloc(sizeof(struct mem_layout)); + if (layout == NULL || layout->count == 0) { + printf("Layout is empty, nothing to print.\n"); + return; + } + + /* Create a temporary copy to sort for printing, preserving the original order. */ + struct mem_segment *segments = layout->segs; + if(!segments) { + perror("Failed to allocate memory for sorting"); + return; + } + + if (!symbol_exists("_text")) + return; + else + text_start = symbol_value("_text"); + + if (!symbol_exists("_end")) + return; + else + text_end = symbol_value("_end"); + + snprintf(segments[0].name, 64, "Kernel Image"); + snprintf(segments[0].desc, 64, "%s", + format_bytes(text_end - text_start + 1, size_buf, 20)); + segments[0].start = text_start; + segments[0].end = text_end; + + snprintf(segments[1].name, 64, "Vmemmap Area"); + snprintf(segments[1].desc, 64, "%s", + format_bytes(ms->vmemmap_end - ms->vmemmap_vaddr + 1, size_buf, 20)); + segments[1].start = (ulong)ms->vmemmap_vaddr; + segments[1].end = (ulong)ms->vmemmap_end; + + snprintf(segments[2].name, 64, "Module Area"); + snprintf(segments[2].desc, 64, "%s", + format_bytes(ms->modules_end - ms->modules_vaddr + 1, size_buf, 20)); + segments[2].start = (ulong)ms->modules_vaddr; + segments[2].end = (ulong)ms->modules_end; + + snprintf(segments[3].name, 64, "Vmalloc Area"); + snprintf(segments[3].desc, 64, "%s", + format_bytes(ms->vmalloc_end - ms->vmalloc_start_addr + 1, size_buf, 20)); + segments[3].start = (ulong)ms->vmalloc_start_addr; + segments[3].end = (ulong)ms->vmalloc_end; + + snprintf(segments[4].name, 64, "Linear Mapping"); + segments[4].start = (ulong)ms->page_offset; + segments[4].end = (ulong)ms->page_offset + (1UL << machdep->max_physmem_bits) - 1; + snprintf(segments[4].desc, 64, "%s", + format_bytes(1UL << machdep->max_physmem_bits, size_buf, 20)); + + snprintf(segments[5].name, 64, "User Space"); + snprintf(segments[5].desc, 64, "%s", + format_bytes((ulong)ms->userspace_top, size_buf, 20)); + segments[5].start = 0UL; + segments[5].end = (ulong)ms->userspace_top - 1; + + snprintf(segments[6].name, 64, "Linear Gap"); + segments[6].start = -1UL - (1UL << __VIRTUAL_MASK_SHIFT) + 1; + segments[6].end = (ulong)ms->page_offset - 1; + snprintf(segments[6].desc, 64, "%s", + format_bytes(segments[6].end - segments[6].start + 1, size_buf, 20)); + + layout->count = 7; + if (kernel_symbol_exists("kasan_init")) { + snprintf(segments[7].name, 64, "KASAN"); + segments[7].start = KASAN_SHADOW_START; + segments[7].end = KASAN_SHADOW_END; + snprintf(segments[7].desc, 64, "%s", + format_bytes(segments[7].end - segments[7].start + 1, size_buf, 20)); + layout->count++; + } + + if (enumerator_value("__end_of_permanent_fixed_addresses", &value)) { + unsigned fixaddr_size = 0; + int idx = layout->count; + + fixaddr_size = value << PAGE_SHIFT; + + snprintf(segments[7].name, 64, "Fixmap Area"); + segments[idx].end = round_up(VSYSCALL_START + PAGE_SIZE, 1 << PMD_SHIFT) - PAGE_SIZE; + segments[idx].start = segments[idx].end - fixaddr_size; + + snprintf(segments[idx].desc, 64, "%s", + format_bytes(segments[idx].end - segments[idx].start + 1, size_buf, 20)); + layout->count++; + } + + /* Sort segments from highest address to lowest. */ + qsort(segments, layout->count, sizeof(struct mem_segment), compare_segments); + + next_idx = layout->count; + /* Insert gap area */ + for (i=0; i<layout->count; i++) { + unsigned long prev_start; + unsigned long end = segments[i].end; + + if (i == 0) + prev_start = -1UL; + else + prev_start = segments[i-1].start; + + if (prev_start == (end + 1)) + continue; + + snprintf(segments[next_idx].name, 64, "Gap Hole"); + segments[next_idx].start = end + 1; + segments[next_idx].end = (i == 0) ? prev_start : prev_start - 1; + snprintf(segments[next_idx].desc, 64, "%s", + format_bytes(segments[next_idx].end - segments[next_idx].start + 1, size_buf, 20)); + + next_idx++; + } + + layout->count = next_idx; + qsort(segments, layout->count, sizeof(struct mem_segment), compare_segments); + + print_layout(layout); + free(layout); +} + /* * Gather the cpu_pda array info, updating any smp-related items that * were possibly bypassed or improperly initialized in kernel_init(). -- 2.43.5

1 week, 1 day

1
1
0 / 0

[PATCH 0/3] Add Rust support in crash-utility

by Lianbo Jiang

Currently, the kernel has supported Rust, and it has been enabled in some distributions by default. So the crash tool can not resolve the mangled Rust symbols on such vmcores. For example: crash> bt PID: 3520 TASK: ffff8f240f670000 CPU: 1 COMMAND: "insmod" #0 [ffffd08c4f063a20] machine_kexec at ffffffff9575e60e #1 [ffffd08c4f063a40] __crash_kexec at ffffffff958db711 #2 [ffffd08c4f063b00] panic at ffffffff9560cede #3 [ffffd08c4f063b80] _RNvCscb18lrEyTSA_10rust_panic10area_in_hp at ffffffffc07fe107 [rust_panic] #4 [ffffd08c4f063c20] _RNvMCscb18lrEyTSA_10rust_panicNtB2_10HelloPanic8step_two at ffffffffc07fe160 [rust_panic] #5 [ffffd08c4f063cf0] do_one_initcall at ffffffff956c7aaa ... The patchset will solve the current issues, the crash tool reuses the rust demangle lib in gdb to demangle the mangled Rust symbol into human-readable symbol. With the patchset: crash> bt PID: 3520 TASK: ffff8f240f670000 CPU: 1 COMMAND: "insmod" #0 [ffffd08c4f063a20] machine_kexec at ffffffff9575e60e #1 [ffffd08c4f063a40] __crash_kexec at ffffffff958db711 #2 [ffffd08c4f063b00] panic at ffffffff9560cede #3 [ffffd08c4f063b80] rust_panic::area_in_hp at ffffffffc07fe107 [rust_panic] #4 [ffffd08c4f063c20] <rust_panic::HelloPanic>::step_two at ffffffffc07fe160 [rust_panic] #5 [ffffd08c4f063cf0] do_one_initcall at ffffffff956c7aaa ... crash> sym "rust_panic::area_in_hp" ffffffffc07fe010 (t) rust_panic::area_in_hp [rust_panic] /root/linux-6.16.3/samples/rust/rust_panic.rs: 22 crash> dis "rust_panic::area_in_hp" 0xffffffffc07fe010 <rust_panic::area_in_hp>::area_in_hp>: push %rbx 0xffffffffc07fe011 <rust_panic::area_in_hp+1>::area_in_hp+1>: sub $0x90,%rsp 0xffffffffc07fe018 <rust_panic::area_in_hp+8>::area_in_hp+8>: mov %rdi,%rbx 0xffffffffc07fe01b <rust_panic::area_in_hp+11>::area_in_hp+11>: movq $0xffffffffc0bd5020,(%rsp) 0xffffffffc07fe023 <rust_panic::area_in_hp+19>::area_in_hp+19>: movq $0x1,0x8(%rsp) 0xffffffffc07fe02c <rust_panic::area_in_hp+28>::area_in_hp+28>: movq $0x0,0x20(%rsp) 0xffffffffc07fe035 <rust_panic::area_in_hp+37>::area_in_hp+37>: movq $0x8,0x10(%rsp) 0xffffffffc07fe03e <rust_panic::area_in_hp+46>::area_in_hp+46>: movq $0x0,0x18(%rsp) 0xffffffffc07fe047 <rust_panic::area_in_hp+55>::area_in_hp+55>: mov %rsp,%rcx 0xffffffffc07fe04a <rust_panic::area_in_hp+58>::area_in_hp+58>: mov $0xc,%edx 0xffffffffc07fe04f <rust_panic::area_in_hp+63>::area_in_hp+63>: mov $0xffffffff96afb62c,%rdi 0xffffffffc07fe056 <rust_panic::area_in_hp+70>::area_in_hp+70>: mov $0xffffffffc0bd5118,%rsi 0xffffffffc07fe05d <rust_panic::area_in_hp+77>::area_in_hp+77>: call 0xffffffff95fcb2e0 <kernel::print::call_printk> 0xffffffffc07fe062 <rust_panic::area_in_hp+82>::area_in_hp+82>: movq $0xffffffffc0bd50d0,0x30(%rsp) ... crash> gdb bt #0 0xffffffff958db684 in crash_setup_regs (newregs=0xffffd08c4f063a48, oldregs=0x0) at ./arch/x86/include/asm/kexec.h:108 #1 0xffffffff958db711 in __crash_kexec (regs=regs@entry=0x0) at kernel/crash_core.c:122 #2 0xffffffff9560cede in panic (fmt=<optimized out>) at kernel/panic.c:401 #3 0xffffffffc07fe107 in rust_panic::HelloPanic::trigger_panic (self=0x1) at rust_panic.rs:59 #4 rust_panic::HelloPanic::step_three (self=0x1) at rust_panic.rs:53 #5 rust_panic::area_in_hp (rectangle=0xffffd08c4f063c38) at rust_panic.rs:24 #6 0xffffffffc07fe160 in rust_panic::HelloPanic::step_two (self=<optimized out>) at rust_panic.rs:46 #7 0xffffffffc0c5d067 in ?? () crash> frame 5 #5 rust_panic::area_in_hp (rectangle=0xffffd08c4f063c38) at rust_panic.rs:24 24 in rust_panic.rs crash> whatis rectangle *mut rust_panic::RectangleHP crash> p *rectangle $2 = rust_panic::RectangleHP { width: 30, height: 50 } crash> struct RectangleHP struct rust_panic::RectangleHP { width: u32, height: u32, } SIZE: 8 crash> Anyway, there are still many limitations of debugging complex, nested data type about Rust code in kernel. I do not expect patches to always work well in the real world, but it can get improved over time. As you know, also some challenges come from the compilers, they may have different behavior, for example: crash> gdb bt #0 rust_helper_BUG () at rust/helpers/bug.c:7 #1 0xffffffff98b5a92a in kernel::panic (info=0xffffcf05880d7800) at rust/kernel/lib.rs:202 #2 0xffffffff9840e310 in core::panicking::panic_fmt (fmt=...) at /home/llvm-20.1.8-rust-1.88.0-x86_64/lib/rustlib/src/rust/library/core/src/panicking.rs:75 #3 0xffffffffc12e71ec in ?? () #4 0xffffcf05880d7880 in ?? () #5 0xffffffffc14680a8 in ?? () crash> Note: The above kernel is compiled with the clang(clang version 20.1.8 (https://github.com/llvm/llvm-project.git 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)), the gdb stack unwind looks incomplete. BTW: I did not see the similar issues on the kernel that compiled by the gcc (GCC) 14.3.1. Note: the rust_panic is a Rust kernel module, which is used to test the current patchset. If anyone needs it, I can share it via email. Lianbo Jiang (3): Add a rustfilt command to demangle a mangled Rust symbol Enable demangling a mangled Rust support Enable resolving mangled Rust symbol in lockless ring buffer Makefile | 2 +- defs.h | 2 ++ global_data.c | 1 + help.c | 10 +++++++ printk.c | 28 +++++++++++++++++- symbols.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 119 insertions(+), 2 deletions(-) -- 2.50.1

1 week, 2 days

1
3
0 / 0

[Extension] Request to add new extension to Crash Extension Modules page: sdinfo

by briston_dev

Dear Crash Utility Maintainers, I would like to submit a new extension module for inclusion in the Crash Extension Modules page. Below are the required details: 1.Extension Name: sdinfo 2.Command(s): sdinfo 3.Comments - Functionality: Displays Linux kernel's SCSI disk information, including devices, hosts, targets, and associated I/O requests and SCSI commands. Support for NVMe devices is currently under development and will be added in upcoming releases. - To build the module from the top-level `crash-<version>` directory, enter: $ cp <path-to>/scsi.c scsi.mk extensions $ make extensions - Package Website: https://github.com/briston-dev/crash-diskutils - Requires crash-utility version >= 7.2.8 - Author: Yao Sang <sangyao(a)kylinos.cn> As specified in the extension guidelines, please add this module to the Crash Extension Modules page. This extension will be actively maintained with regular updates to ensure compatibility with new kernel versions and additional feature enhancements. Let me know if additional information is needed. Thank you for your consideration! Best regards, Yao Sang

1 week, 2 days

1
0
0 / 0

[PATCH] bpf: Implement ringbuf_map memory usage calculation

by Tao Liu

This patch replicates the kernel code for bpf ringbuf_map mm usage calculation. $ bpftool map create /sys/fs/bpf/rb0 type ringbuf key 0 value 0 entries $((1<<24)) name rb0 Before: crash> bpf -m 12 ID BPF_MAP BPF_MAP_TYPE MAP_FLAGS 12 ffff8dc4d7c0ed00 RINGBUF 00000000 KEY_SIZE: 0 VALUE_SIZE: 0 MAX_ENTRIES: 16777216 MEMLOCK: (unknown) NAME: "rb0" UID: (unused) After: crash> bpf -m 12 ID BPF_MAP BPF_MAP_TYPE MAP_FLAGS 12 ffff8dc4d7c0ed00 RINGBUF 00000000 KEY_SIZE: 0 VALUE_SIZE: 0 MAX_ENTRIES: 16777216 MEMLOCK: 16855320 NAME: "rb0" UID: (unused) Thus, the output will be the same as bpftool: $ bpftool map show id 12 12: ringbuf name rb0 flags 0x0 key 0B value 0B max_entries 16777216 memlock 16855320B Signed-off-by: Tao Liu <ltao(a)redhat.com> --- bpf.c | 30 +++++++++++++++++++++++++++++- defs.h | 5 +++++ symbols.c | 5 +++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/bpf.c b/bpf.c index 466b244..43e4ff5 100644 --- a/bpf.c +++ b/bpf.c @@ -121,6 +121,26 @@ static ulong bpf_map_memory_size(int map_type, uint value_size, return roundup((max_entries * size), PAGESIZE()); } +/* + * Code replicated from kernel/bpf/ringbuf.c:ringbuf_map_mem_usage() +*/ +static ulong ringbuf_map_mem_usage(struct bpf_info *bpf, int i) +{ + ulong nr_pages; + ulong usage = SIZE(bpf_ringbuf_map); + ulong rb = (ulong)(bpf->maplist[i].value) - OFFSET(bpf_ringbuf_map_map) + + OFFSET(bpf_ringbuf_map_rb); + readmem(rb, KVADDR, &rb, sizeof(ulong), "bpf_ringbuf *", RETURN_ON_ERROR); + readmem(rb + OFFSET(bpf_ringbuf_nr_pages), KVADDR, &nr_pages, + sizeof(ulong), "bpf_ringbuf.nr_pages", RETURN_ON_ERROR); + usage += (nr_pages << PAGESHIFT()); + ulong nr_meta_pages = (OFFSET(bpf_ringbuf_consumer_pos) >> PAGESHIFT()) + 2; + ulong nr_data_pages = UINT(bpf->bpf_map_buf + OFFSET(bpf_map_max_entries)) >> PAGESHIFT(); + usage += (nr_meta_pages + 2 * nr_data_pages) * sizeof(void *); + + return usage; +} + void cmd_bpf(void) { @@ -217,6 +237,7 @@ bpf_init(struct bpf_info *bpf) STRUCT_SIZE_INIT(bpf_prog_aux, "bpf_prog_aux"); STRUCT_SIZE_INIT(bpf_map, "bpf_map"); STRUCT_SIZE_INIT(bpf_insn, "bpf_insn"); + STRUCT_SIZE_INIT(bpf_ringbuf_map, "bpf_ringbuf_map"); MEMBER_OFFSET_INIT(bpf_prog_aux, "bpf_prog", "aux"); MEMBER_OFFSET_INIT(bpf_prog_type, "bpf_prog", "type"); MEMBER_OFFSET_INIT(bpf_prog_tag, "bpf_prog", "tag"); @@ -228,6 +249,10 @@ bpf_init(struct bpf_info *bpf) MEMBER_OFFSET_INIT(bpf_map_map_flags, "bpf_map", "map_flags"); MEMBER_OFFSET_INIT(bpf_prog_aux_used_maps, "bpf_prog_aux", "used_maps"); MEMBER_OFFSET_INIT(bpf_prog_aux_used_map_cnt, "bpf_prog_aux", "used_map_cnt"); + MEMBER_OFFSET_INIT(bpf_ringbuf_map_map, "bpf_ringbuf_map", "map"); + MEMBER_OFFSET_INIT(bpf_ringbuf_map_rb, "bpf_ringbuf_map", "rb"); + MEMBER_OFFSET_INIT(bpf_ringbuf_consumer_pos, "bpf_ringbuf", "consumer_pos"); + MEMBER_OFFSET_INIT(bpf_ringbuf_nr_pages, "bpf_ringbuf", "nr_pages"); if (!VALID_STRUCT(bpf_prog) || !VALID_STRUCT(bpf_prog_aux) || !VALID_STRUCT(bpf_map) || @@ -664,7 +689,10 @@ do_map_only: fprintf(fp, "%d\n", map_pages * PAGESIZE()); } else if ((msize = bpf_map_memory_size(type, value_size, key_size, max_entries))) fprintf(fp, "%ld\n", msize); - else +#define BPF_MAP_TYPE_RINGBUF (0x1BUL) + else if (type == BPF_MAP_TYPE_RINGBUF) { + fprintf(fp, "%ld\n", ringbuf_map_mem_usage(bpf, i)); + } else fprintf(fp, "(unknown)"); fprintf(fp, " NAME: "); diff --git a/defs.h b/defs.h index 4fecb83..498c262 100644 --- a/defs.h +++ b/defs.h @@ -2274,6 +2274,10 @@ struct offset_table { /* stash of commonly-used offsets */ long request_queue_tag_set; long blk_mq_tag_set_flags; long blk_mq_tag_set_shared_tags; + long bpf_ringbuf_map_map; + long bpf_ringbuf_map_rb; + long bpf_ringbuf_consumer_pos; + long bpf_ringbuf_nr_pages; }; struct size_table { /* stash of commonly-used sizes */ @@ -2452,6 +2456,7 @@ struct size_table { /* stash of commonly-used sizes */ long vmap_node; long cpumask_t; long task_struct_exit_state; + long bpf_ringbuf_map; }; struct array_table { diff --git a/symbols.c b/symbols.c index ce0b441..19e1316 100644 --- a/symbols.c +++ b/symbols.c @@ -11868,6 +11868,10 @@ dump_offset_table(char *spec, ulong makestruct) fprintf(fp, " thread_struct_gsbase: %ld\n", OFFSET(thread_struct_gsbase)); fprintf(fp, " thread_struct_fs: %ld\n", OFFSET(thread_struct_fs)); fprintf(fp, " thread_struct_gs: %ld\n", OFFSET(thread_struct_gs)); + fprintf(fp, " bpf_ringbuf_map_map: %ld\n", OFFSET(bpf_ringbuf_map_map)); + fprintf(fp, " bpf_ringbuf_map_rb: %ld\n", OFFSET(bpf_ringbuf_map_rb)); + fprintf(fp, " bpf_ringbuf_consumer_pos: %ld\n", OFFSET(bpf_ringbuf_consumer_pos)); + fprintf(fp, " bpf_ringbuf_nr_pages: %ld\n", OFFSET(bpf_ringbuf_nr_pages)); fprintf(fp, "\n size_table:\n"); fprintf(fp, " page: %ld\n", SIZE(page)); @@ -12148,6 +12152,7 @@ dump_offset_table(char *spec, ulong makestruct) fprintf(fp, " percpu_counter: %ld\n", SIZE(percpu_counter)); fprintf(fp, " cpumask_t: %ld\n", SIZE(cpumask_t)); + fprintf(fp, " bpf_ringbuf_map: %ld\n", SIZE(bpf_ringbuf_map)); fprintf(fp, "\n array_table:\n"); /* -- 2.47.0

1 week, 6 days

1
0
0 / 0

[PATCH RFC][makedumpfile 00/10] btf/kallsyms based eppic extension for mm page filtering

by Tao Liu

A) This patchset will introduce the following features to makedumpfile: 1) Enable eppic script for memory pages filtering. 2) Enable btf and kallsyms for symbol type and address resolving. 3) Port maple tree data structures and functions, primarily used for vma iteration. B) The purpose of the features are: 1) Currently makedumpfile filters mm pages based on page flags, because flags can help to determine one page's usage. But this page-flag-checking method lacks of flexibility in certain cases, e.g. if we want to filter those mm pages occupied by GPU during vmcore dumping due to: a) GPU may be taking a large memory and contains sensitive data; b) GPU mm pages have no relations to kernel crash and useless for vmcore analysis. But there is no GPU mm page specific flags, and apparently we don't need to create one just for kdump use. A programmable filtering tool is more suitable for such cases. In addition, different GPU vendors may use different ways for mm pages allocating, programmable filtering is better than hard coding these GPU specific logics into makedumpfile in this case. 2) Currently makedumpfile already contains a programmable filtering tool, aka eppic script, which allows user to write customized code for data erasing. However it has the following drawbacks: a) cannot do mm page filtering. b) need to access to debuginfo of both kernel and modules, which is not applicable in the 2nd kernel. c) Poor performance, making vmcore dumping time unacceptable (See the following performance testing). makedumpfile need to resolve the dwarf data from debuginfo, to get symbols types and addresses. In recent kernel there are dwarf alternatives such as btf/kallsyms which can be used for this purpose. And btf/kallsyms info are already packed within vmcore, so we can use it directly. 3) Maple tree data structures are used in recent kernels, such as vma iteration. So maple tree poring is needed. With these, this patchset introduces an upgraded eppic, which is based on btf/kallsyms symbol resolving, and is programmable for mm page filtering. The following info shows its usage and performance, please note the tests are performed in 1st kernel: $ time ./makedumpfile -d 31 -l /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore /tmp/dwarf.out -x /lib/debug/lib/modules/6.11.8-300.fc41.x86_64/vmlinux --eppic eppic_scripts/filter_amdgpu_mm_pages.c real 14m6.894s user 4m16.900s sys 9m44.695s $ time ./makedumpfile -d 31 -l /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore /tmp/btf.out --eppic eppic_scripts/filter_amdgpu_mm_pages.c real 0m10.672s user 0m9.270s sys 0m1.130s -rw------- 1 root root 367475074 Jun 10 18:06 btf.out -rw------- 1 root root 367475074 Jun 10 21:05 dwarf.out -rw-rw-rw- 1 root root 387181418 Jun 10 18:03 /var/crash/127.0.0.1-2025-06-10-18:03:12/vmcore C) Discussion: 1) GPU types: Currently only tested with amdgpu's mm page filtering, others are not tested. 2) Code structure: There are some similar code shared by makedumpfile and crash, such as maple tree data structure, also I planed to port the btf/kallsyms code to crash as well, so there are code duplications for crash & makedumpfile. Since I havn't working on crash poring, code change on btf/kallsyms is expected. How can we share the code, creating a common library or keep the duplication as it is? 3) OS: The code can work on rhel-10+/rhel9.5+ on x86_64/arm64/s390/ppc64. Others are not tested. D) Testing: 1) If you don't want to create your vmcore, you can find a vmcore which I created with amdgpu mm pages unfiltered [1], the amdgpu mm pages are allocated by program [2]. You can use the vmcore in 1st kernel to filter the amdgpu mm pages by the previous performance testing cmdline. To verify the pages are filtered in crash: Unfiltered: crash> search -c "!QAZXSW@#EDC" ffff96b7fa800000: !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ffff96b87c800000: !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX crash> rd ffff96b7fa800000 ffff96b7fa800000: 405753585a415121 !QAZXSW@ crash> rd ffff96b87c800000 ffff96b87c800000: 405753585a415121 !QAZXSW@ Filtered: crash> search -c "!QAZXSW@#EDC" crash> rd ffff96b7fa800000 rd: page excluded: kernel virtual address: ffff96b7fa800000 type: "64-bit KVADDR" crash> rd ffff96b87c800000 rd: page excluded: kernel virtual address: ffff96b87c800000 type: "64-bit KVADDR" 2) You can use eppic_scripts/print_all_vma.c against an ordinary vmcore to test only btf/kallsyms functions by output all VMAs if no amdgpu vmcores/machine avaliable. [1]: https://people.redhat.com/~ltao/core/ [2]: https://gist.github.com/liutgnu/a8cbce1c666452f1530e1410d1f352df Tao Liu (10): dwarf_info: Support kernel address randomization dwarf_info: Fix a infinite recursion bug for search_domain Add page filtering function Add btf/kallsyms support for symbol type/address resolving Export necessary btf/kallsyms functions to eppic extension Port the maple tree data structures and functions Supporting main() as the entry of eppic script Enable page filtering for dwarf eppic Enable page filtering for btf/kallsyms eppic Introducing 2 eppic scripts to test the dwarf/btf eppic extension Makefile | 6 +- btf.c | 919 +++++++++++++++++++++++++ btf.h | 176 +++++ dwarf_info.c | 15 +- eppic_maple.c | 431 ++++++++++++ eppic_maple.h | 8 + eppic_scripts/filter_amdgpu_mm_pages.c | 36 + eppic_scripts/print_all_vma.c | 29 + erase_info.c | 123 +++- erase_info.h | 22 + extension_btf.c | 218 ++++++ extension_eppic.c | 41 +- extension_eppic.h | 6 +- kallsyms.c | 371 ++++++++++ kallsyms.h | 42 ++ makedumpfile.c | 21 +- makedumpfile.h | 11 + 17 files changed, 2448 insertions(+), 27 deletions(-) create mode 100644 btf.c create mode 100644 btf.h create mode 100644 eppic_maple.c create mode 100644 eppic_maple.h create mode 100644 eppic_scripts/filter_amdgpu_mm_pages.c create mode 100644 eppic_scripts/print_all_vma.c create mode 100644 extension_btf.c create mode 100644 kallsyms.c create mode 100644 kallsyms.h -- 2.47.0

2 weeks, 1 day

1
10
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Crash-utility September 2025