11:21 p.m.
Dave,
When I looked at the output from "bt -f" command, I found that stack dump
starts from frame.sp in arm64_print_stackframe_entry().
Usage of stack frames on arm64 is a bit different from that on x86, and
using frame.fp is, I believe, much useful (and accurate) for crash users.
See my patch attached below.
Details:
A layout of a stack frame in a function looks like:
stack grows to lower addresses.
/|\
|
| |
new sp +------+ <---
|dyn | |
| vars | |
new fp +- - - + |
|old fp| | a function's stack frame
|old lr| |
|static| |
| vars| |
old sp +------+ <---
|dyn |
| vars |
old fp +------+
| |
* On function entry, sp is decremented down to new fp.
* and old fp and sp are saved into this stack frame.
"Static" local variables are allocated at the same time.
* Later on, "dynamic" local variables may be allocated on a stack.
But those dynamic variables are rarely used in the kernel image,
and, as a matter of fact, sp is equal to fp in almost all functions.
(not 100% though.)
* Currently, sp is determined in arm64_unwind_frame() by
sp = a callee's fp + 0x10
where 0x10 stands for a saved area for fp and sp
* As you can see, however, this calculated sp still points to the top of
callee's static local variables and doesn't match with a *real* sp.
* So, generally, dumping a stack from this calculated sp to the next frame's
sp shows "callee's static local variables", old fp and sp.
Confused?
Probably you will be able to understand more easily by seeing an example
from my vmlinux/vmcore cases:
=== crash with my patch ===
crash> bt -f 1324
PID: 1324 TASK: ffff80002018be80 CPU: 2 COMMAND: "dhry"
ffff800022f6ae08: ffff00000812ae44 (crash_save_cpu on IRQ stack)
ffff800022f6ae10: ffff800022f74e00 ffff800020107ed0
ffff800022f6ae20: 0000000000000000 ffff800020107ed0
ffff800022f6ae30: ffff000008a26800 0000000000000003
ffff800022f6ae40: 0000018800000005 0000000000000001
#0 [ffff800022f6ae50] crash_save_cpu at ffff00000812ae44
ffff800022f6ae50: ffff800022f6b010 ffff00000808e718
#1's fp #1's lr (=handle_IPI)
ffff800022f6ae60: ffff000008bce000 0000000000000002 -----
ffff800022f6ae70: ffff800022f6ae90 0000000000000000 |
ffff800022f6ae80: ffff800000000000 0000000000000000 |
ffff800022f6ae90: 0000000000000000 0000000000000000 |local variables
... | including a big
ffff800022f6afd0: 0000000000000000 0000000000000000 |"struct elf_prsatus"
ffff800022f6afe0: ffff800022f6aff0 ffff00000808a820 |
ffff800022f6aff0: ffff800022f6b010 ffff00000808e758 |
ffff800022f6b000: ffff000008bce000 0000000000000000 -----
#1 [ffff800022f6b010] handle_IPI at ffff00000808e718
ffff800022f6b010: ffff800022f6b040 ffff0000080815f8
ffff800022f6b020: 0000000000000003 0000000000001fff
ffff800022f6b030: ffff800020107ed0 ffff000008e60c54
#2 [ffff800022f6b040] gic_handle_irq at ffff0000080815f8
ffff800022f6b040: ffff800022f6b080 ffff000008084c4c
== crash(master branch) ===
crash.dave> bt -f 1324
PID: 1324 TASK: ffff80002018be80 CPU: 2 COMMAND: "dhry"
ffff800022f6ae08: ffff00000812ae44 (crash_save_cpu on IRQ stack)
#0 [ffff800022f6ae10] crash_save_cpu at ffff00000812ae44
ffff800022f6ae10: ffff800022f74e00 ffff800020107ed0 -----
ffff800022f6ae20: 0000000000000000 ffff800020107ed0 |local variables
ffff800022f6ae30: ffff000008a26800 0000000000000003 | of callee(*)
ffff800022f6ae40: 0000018800000005 0000000000000001 -----
ffff800022f6ae50: ffff800022f6b010 ffff00000808e718 <= *real* stack frame
#1 [ffff800022f6ae60] handle_IPI at ffff00000808e718 of crash_save_cpu()
ffff800022f6ae60: ffff000008bce000 0000000000000002 starts here.
ffff800022f6ae70: ffff800022f6ae90 0000000000000000
ffff800022f6ae80: ffff800000000000 0000000000000000
ffff800022f6ae90: 0000000000000000 0000000000000000
ffff800022f6aea0: 0000000000000000 000000000000052c
ffff800022f6aeb0: 0000000000000000 0000000000000000
...
ffff800022f6afa0: ffff800022f6afc0 0000000000000000
ffff800022f6afb0: ffff800022f6afe0 ffff000008675850
ffff800022f6afc0: 0000000000402138 0000000000000000
ffff800022f6afd0: 0000000000000000 0000000000000000
ffff800022f6afe0: ffff800022f6aff0 ffff00000808a820
ffff800022f6aff0: ffff800022f6b010 ffff00000808e758
ffff800022f6b000: ffff000008bce000 0000000000000000
ffff800022f6b010: ffff800022f6b040 ffff0000080815f8
#2 [ffff800022f6b020] gic_handle_irq at ffff0000080815f8
ffff800022f6b020: 0000000000000003 0000000000001fff
ffff800022f6b030: ffff800020107ed0 ffff000008e60c54
ffff800022f6b040: ffff800022f6b080 ffff000008084c4c
=== END ===
(*) append_elf_note()
Thanks,
-Takahiro AKASHI
======8<======
From b3ca69ace916a5c233ce937954da887ba5487e50 Mon Sep 17 00:00:00 2001
From: AKASHI Takahiro <takahiro.akashi(a)linaro.org>
Date: Wed, 8 Jun 2016 11:14:22 +0900
Subject: [PATCH] arm64: dump a stack frame based on fp
Signed-off-by: AKASHI Takahiro <takahiro.akashi(a)linaro.org>
---
arm64.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/arm64.c b/arm64.c
index bdea79c..22f93a2 100644
--- a/arm64.c
+++ b/arm64.c
@@ -1508,12 +1508,12 @@ arm64_print_stackframe_entry(struct bt_info *bt, int level, struct
arm64_stackfr
}
if (bt->flags & BT_FULL) {
- arm64_display_full_frame(bt, frame->sp);
- bt->frameptr = frame->sp;
+ arm64_display_full_frame(bt, frame->fp);
+ bt->frameptr = frame->fp;
}
fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ? " " :
"", level,
- frame->sp, name_plus_offset ? name_plus_offset : name, frame->pc);
+ frame->fp, name_plus_offset ? name_plus_offset : name, frame->pc);
if (BT_REFERENCE_CHECK(bt))
arm64_do_bt_reference_check(bt, frame->pc, name);
@@ -1571,12 +1571,10 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe
*frame)
{
unsigned long high, low, fp;
unsigned long stack_mask;
- unsigned long irq_stack_ptr, orig_sp, sp_in;
+ unsigned long irq_stack_ptr, orig_sp;
struct arm64_pt_regs *ptregs;
struct machine_specific *ms;
- sp_in = frame->sp;
-
stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
fp = frame->fp;
@@ -1613,7 +1611,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe
*frame)
ptregs = (struct arm64_pt_regs
*)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
frame->sp = orig_sp;
frame->pc = ptregs->pc;
- bt->bptr = sp_in;
+ bt->bptr = fp;
if (CRASHDEBUG(1))
error(INFO,
"arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc: %lx\n",
@@ -2004,8 +2002,11 @@ arm64_print_exception_frame(struct bt_info *bt, ulong pt_regs, int
mode, FILE *o
ulong LR, SP, offset;
char buf[BUFSIZE];
+#if 0 /* FIXME? */
if (bt->flags & BT_FULL)
arm64_display_full_frame(bt, pt_regs);
+}
+#endif
if (CRASHDEBUG(1))
fprintf(ofp, "pt_regs: %lx\n", pt_regs);
--
2.8.1
3:30 p.m.
----- Original Message -----
Dave,
When I looked at the output from "bt -f" command, I found that stack dump
starts from frame.sp in arm64_print_stackframe_entry().
Usage of stack frames on arm64 is a bit different from that on x86, and
using frame.fp is, I believe, much useful (and accurate) for crash users.
See my patch attached below.
Details:
A layout of a stack frame in a function looks like:
stack grows to lower addresses.
/|\
|
| |
new sp +------+ <---
|dyn | |
| vars | |
new fp +- - - + |
|old fp| | a function's stack frame
|old lr| |
|static| |
| vars| |
old sp +------+ <---
|dyn |
| vars |
old fp +------+
| |
* On function entry, sp is decremented down to new fp.
* and old fp and sp are saved into this stack frame.
"Static" local variables are allocated at the same time.
* Later on, "dynamic" local variables may be allocated on a stack.
But those dynamic variables are rarely used in the kernel image,
and, as a matter of fact, sp is equal to fp in almost all functions.
(not 100% though.)
* Currently, sp is determined in arm64_unwind_frame() by
sp = a callee's fp + 0x10
where 0x10 stands for a saved area for fp and sp
* As you can see, however, this calculated sp still points to the top of
callee's static local variables and doesn't match with a *real* sp.
* So, generally, dumping a stack from this calculated sp to the next frame's
sp shows "callee's static local variables", old fp and sp.
Confused?
OK, it's sinking in...
But how do you want to handle the top of all user space backtraces, i.e.,
the frame just before the user-space exception frame gets dumped? You
don't show it below, but it's kind of confusing to show a stack address
of 0.
Also, the stack dump shown before the #0 frame of active tasks is kind
of confusing. I'm not even sure it's worth showning? Or would be more
of a hack to prevent it from being displayed?
You commmented out the call to arm64_display_full_frame() in
arm64_print_exception_frame() -- is it because your patch has already
dumped it prior to the actual translated exception frame dump?
Dave
Probably you will be able to understand more easily by seeing an
example
from my vmlinux/vmcore cases:
=== crash with my patch ===
crash> bt -f 1324
PID: 1324 TASK: ffff80002018be80 CPU: 2 COMMAND: "dhry"
ffff800022f6ae08: ffff00000812ae44 (crash_save_cpu on IRQ stack)
ffff800022f6ae10: ffff800022f74e00 ffff800020107ed0
ffff800022f6ae20: 0000000000000000 ffff800020107ed0
ffff800022f6ae30: ffff000008a26800 0000000000000003
ffff800022f6ae40: 0000018800000005 0000000000000001
#0 [ffff800022f6ae50] crash_save_cpu at ffff00000812ae44
ffff800022f6ae50: ffff800022f6b010 ffff00000808e718
#1's fp #1's lr (=handle_IPI)
ffff800022f6ae60: ffff000008bce000 0000000000000002 -----
ffff800022f6ae70: ffff800022f6ae90 0000000000000000 |
ffff800022f6ae80: ffff800000000000 0000000000000000 |
ffff800022f6ae90: 0000000000000000 0000000000000000 |local variables
... | including a big
ffff800022f6afd0: 0000000000000000 0000000000000000 |"struct
elf_prsatus"
ffff800022f6afe0: ffff800022f6aff0 ffff00000808a820 |
ffff800022f6aff0: ffff800022f6b010 ffff00000808e758 |
ffff800022f6b000: ffff000008bce000 0000000000000000 -----
#1 [ffff800022f6b010] handle_IPI at ffff00000808e718
ffff800022f6b010: ffff800022f6b040 ffff0000080815f8
ffff800022f6b020: 0000000000000003 0000000000001fff
ffff800022f6b030: ffff800020107ed0 ffff000008e60c54
#2 [ffff800022f6b040] gic_handle_irq at ffff0000080815f8
ffff800022f6b040: ffff800022f6b080 ffff000008084c4c
== crash(master branch) ===
crash.dave> bt -f 1324
PID: 1324 TASK: ffff80002018be80 CPU: 2 COMMAND: "dhry"
ffff800022f6ae08: ffff00000812ae44 (crash_save_cpu on IRQ stack)
#0 [ffff800022f6ae10] crash_save_cpu at ffff00000812ae44
ffff800022f6ae10: ffff800022f74e00 ffff800020107ed0 -----
ffff800022f6ae20: 0000000000000000 ffff800020107ed0 |local variables
ffff800022f6ae30: ffff000008a26800 0000000000000003 | of callee(*)
ffff800022f6ae40: 0000018800000005 0000000000000001 -----
ffff800022f6ae50: ffff800022f6b010 ffff00000808e718 <= *real* stack frame
#1 [ffff800022f6ae60] handle_IPI at ffff00000808e718 of
crash_save_cpu()
ffff800022f6ae60: ffff000008bce000 0000000000000002 starts here.
ffff800022f6ae70: ffff800022f6ae90 0000000000000000
ffff800022f6ae80: ffff800000000000 0000000000000000
ffff800022f6ae90: 0000000000000000 0000000000000000
ffff800022f6aea0: 0000000000000000 000000000000052c
ffff800022f6aeb0: 0000000000000000 0000000000000000
...
ffff800022f6afa0: ffff800022f6afc0 0000000000000000
ffff800022f6afb0: ffff800022f6afe0 ffff000008675850
ffff800022f6afc0: 0000000000402138 0000000000000000
ffff800022f6afd0: 0000000000000000 0000000000000000
ffff800022f6afe0: ffff800022f6aff0 ffff00000808a820
ffff800022f6aff0: ffff800022f6b010 ffff00000808e758
ffff800022f6b000: ffff000008bce000 0000000000000000
ffff800022f6b010: ffff800022f6b040 ffff0000080815f8
#2 [ffff800022f6b020] gic_handle_irq at ffff0000080815f8
ffff800022f6b020: 0000000000000003 0000000000001fff
ffff800022f6b030: ffff800020107ed0 ffff000008e60c54
ffff800022f6b040: ffff800022f6b080 ffff000008084c4c
=== END ===
(*) append_elf_note()
Thanks,
-Takahiro AKASHI
======8<======
>From b3ca69ace916a5c233ce937954da887ba5487e50 Mon Sep 17 00:00:00 2001
From: AKASHI Takahiro <takahiro.akashi(a)linaro.org>
Date: Wed, 8 Jun 2016 11:14:22 +0900
Subject: [PATCH] arm64: dump a stack frame based on fp
Signed-off-by: AKASHI Takahiro <takahiro.akashi(a)linaro.org>
---
arm64.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/arm64.c b/arm64.c
index bdea79c..22f93a2 100644
--- a/arm64.c
+++ b/arm64.c
@@ -1508,12 +1508,12 @@ arm64_print_stackframe_entry(struct bt_info *bt, int
level, struct arm64_stackfr
}
if (bt->flags & BT_FULL) {
- arm64_display_full_frame(bt, frame->sp);
- bt->frameptr = frame->sp;
+ arm64_display_full_frame(bt, frame->fp);
+ bt->frameptr = frame->fp;
}
fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ? " " :
"", level,
- frame->sp, name_plus_offset ? name_plus_offset : name,
frame->pc);
+ frame->fp, name_plus_offset ? name_plus_offset : name,
frame->pc);
if (BT_REFERENCE_CHECK(bt))
arm64_do_bt_reference_check(bt, frame->pc, name);
@@ -1571,12 +1571,10 @@ arm64_unwind_frame(struct bt_info *bt, struct
arm64_stackframe *frame)
{
unsigned long high, low, fp;
unsigned long stack_mask;
- unsigned long irq_stack_ptr, orig_sp, sp_in;
+ unsigned long irq_stack_ptr, orig_sp;
struct arm64_pt_regs *ptregs;
struct machine_specific *ms;
- sp_in = frame->sp;
-
stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
fp = frame->fp;
@@ -1613,7 +1611,7 @@ arm64_unwind_frame(struct bt_info *bt, struct
arm64_stackframe *frame)
ptregs = (struct arm64_pt_regs
*)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
frame->sp = orig_sp;
frame->pc = ptregs->pc;
- bt->bptr = sp_in;
+ bt->bptr = fp;
if (CRASHDEBUG(1))
error(INFO,
"arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc: %lx\n",
@@ -2004,8 +2002,11 @@ arm64_print_exception_frame(struct bt_info *bt, ulong
pt_regs, int mode, FILE *o
ulong LR, SP, offset;
char buf[BUFSIZE];
+#if 0 /* FIXME? */
if (bt->flags & BT_FULL)
arm64_display_full_frame(bt, pt_regs);
+}
+#endif
if (CRASHDEBUG(1))
fprintf(ofp, "pt_regs: %lx\n", pt_regs);
--
2.8.1
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
3:37 p.m.
Hi Takahiro,
To address my concerns about your patch, I added a few additional changes and attached
it to this email. The changes are:
(1) Prevent the stack dump "below" the #0 level. Yes, the stack data region is
contained within
the incoming frame parameters, but it's ugly and we really don't care to see
what's before
the #0 crash_kexec and crash_save_cpu #0 frames.
(2) Fill in the missing stack dump at the top of the process stack, up to, but not
including
the user-space exception frame.
(3) Instead of showing the fp of 0 in the top-most frame's stack address, fill it in
with the
address of the user-space exception frame.
Note that there is no dump of the stack containing the user-space exception frame, but
the
register dump itself should suffice.
If you can live with the display, I'll clean up the patch, and maybe add the
stack-layout diagram
from your last post into a comment. It was quite helpful, especially in comparison to
the
x86_64 model, which is what I was mistakenly using as a guide.
Thanks,
Dave
1:44 a.m.
Dave,
On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
Hi Takahiro,
To address my concerns about your patch, I added a few additional changes and attached
it to this email. The changes are:
(1) Prevent the stack dump "below" the #0 level. Yes, the stack data region is
contained within
the incoming frame parameters, but it's ugly and we really don't care to see
what's before
the #0 crash_kexec and crash_save_cpu #0 frames.
(2) Fill in the missing stack dump at the top of the process stack, up to, but not
including
the user-space exception frame.
(3) Instead of showing the fp of 0 in the top-most frame's stack address, fill it in
with the
address of the user-space exception frame.
Note that there is no dump of the stack containing the user-space exception frame, but
the
register dump itself should suffice.
Well, the essential problem with my patch is that the output from "bt -f"
looks like:
#XX ['fp'] 'function' at 'pc' --- (1)
<function's stack dump> --- (2)
but that (1) and (2) are not printed as a single stack frame in the same
iteration of while loop in arm64_back_trace_cmd().
(I hope you understand what I mean :)
To be consistent with the out format of x86, the output should be
<function's stack dump>
#XX ['fp'] 'function' at 'pc'
Unfortunately, this requires that arm64_back_trace_cmd() and other functions
should be overhauled.
Please take a look at my next patch though it is uncompleted and still has
room for improvement.
Thanks,
-Takahiro AKASHI
If you can live with the display, I'll clean up the patch, and
maybe add the stack-layout diagram
from your last post into a comment. It was quite helpful, especially in comparison to
the
x86_64 model, which is what I was mistakenly using as a guide.
Thanks,
Dave
diff --git a/arm64.c b/arm64.c
index 86ec348..3b29ef4 100644
--- a/arm64.c
+++ b/arm64.c
@@ -1407,13 +1407,14 @@ arm64_print_stackframe_entry(struct bt_info *bt, int level,
struct arm64_stackfr
value_to_symstr(frame->pc, buf, bt->radix);
}
- if (bt->flags & BT_FULL) {
- arm64_display_full_frame(bt, frame->sp);
- bt->frameptr = frame->sp;
+ if ((bt->flags & BT_FULL) && level) {
+ arm64_display_full_frame(bt, frame->fp);
+ bt->frameptr = frame->fp;
}
fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ? " " :
"", level,
- frame->sp, name_plus_offset ? name_plus_offset : name,
frame->pc);
+// frame->fp, name_plus_offset ? name_plus_offset : name,
frame->pc);
+ frame->fp ? frame->fp : bt->stacktop - USER_EFRAME_OFFSET,
name_plus_offset ? name_plus_offset : name, frame->pc);
if (BT_REFERENCE_CHECK(bt))
arm64_do_bt_reference_check(bt, frame->pc, name);
@@ -1447,8 +1448,12 @@ arm64_display_full_frame(struct bt_info *bt, ulong sp)
if (bt->frameptr == sp)
return;
- if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt))
- return;
+ if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt)) {
+ if (sp == 0)
+ sp = bt->stacktop - USER_EFRAME_OFFSET;
+ else
+ return;
+ }
words = (sp - bt->frameptr) / sizeof(ulong);
@@ -1471,12 +1476,10 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe
*frame)
{
unsigned long high, low, fp;
unsigned long stack_mask;
- unsigned long irq_stack_ptr, orig_sp, sp_in;
+ unsigned long irq_stack_ptr, orig_sp;
struct arm64_pt_regs *ptregs;
struct machine_specific *ms;
- sp_in = frame->sp;
-
stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
fp = frame->fp;
@@ -1513,7 +1516,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe
*frame)
ptregs = (struct arm64_pt_regs
*)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
frame->sp = orig_sp;
frame->pc = ptregs->pc;
- bt->bptr = sp_in;
+ bt->bptr = fp;
if (CRASHDEBUG(1))
error(INFO,
"arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc: %lx\n",
@@ -1904,8 +1907,10 @@ arm64_print_exception_frame(struct bt_info *bt, ulong pt_regs, int
mode, FILE *o
ulong LR, SP, offset;
char buf[BUFSIZE];
+#if 0 /* FIXME? */
if (bt->flags & BT_FULL)
arm64_display_full_frame(bt, pt_regs);
+#endif
if (CRASHDEBUG(1))
fprintf(ofp, "pt_regs: %lx\n", pt_regs);
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
10:30 a.m.
----- Original Message -----
Dave,
On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> Hi Takahiro,
>
> To address my concerns about your patch, I added a few additional changes and
attached
> it to this email. The changes are:
>
> (1) Prevent the stack dump "below" the #0 level. Yes, the stack data
region is contained within
> the incoming frame parameters, but it's ugly and we really don't care to
see what's before
> the #0 crash_kexec and crash_save_cpu #0 frames.
> (2) Fill in the missing stack dump at the top of the process stack, up to, but not
including
> the user-space exception frame.
> (3) Instead of showing the fp of 0 in the top-most frame's stack address, fill
it in with the
> address of the user-space exception frame.
>
> Note that there is no dump of the stack containing the user-space exception frame,
but the
> register dump itself should suffice.
Well, the essential problem with my patch is that the output from "bt -f"
looks like:
#XX ['fp'] 'function' at 'pc' --- (1)
<function's stack dump> --- (2)
but that (1) and (2) are not printed as a single stack frame in the same
iteration of while loop in arm64_back_trace_cmd().
(I hope you understand what I mean :)
Actually I prefer your first approach. I find this new one confusing, not
to mention unlike any of the other architectures in that the "frame level"
#X address value is not contiguous with the stack addresses that get filled
in by -f.
Taking your picture into account:
stack grows to lower addresses.
/|\
|
| |
new sp +------+ <---
|dyn | |
| vars | |
new fp +- - - + |
|old fp| | a function's stack frame
|old lr| |
|static| |
| vars| |
old sp +------+ <---
|dyn |
| vars |
old fp +------+
| |
Your first patch seemed natural to me because for any "#X" line containing a
function
name, that function's dynamic variables, the "old fp/old lr" pair, and the
function's
static variables were dumped below it (i.e., at higher stack addresses).
To be consistent with the out format of x86, the output should be
<function's stack dump>
#XX ['fp'] 'function' at 'pc'
Unfortunately, this requires that arm64_back_trace_cmd() and other functions should be
overhauled.
Please take a look at my next patch though it is uncompleted and still has room for
improvement.
I don't know what you mean by "consistent with the out format of x86"? With
x86_64,
each #<level> line is simply the stack address where the function pushed its return
address as a result of its making a "callq" to the next function. Any local
variables of
the calling function would be at the next higher stack addresses:
...
#X [stack address] function2 at 'return address'
<function2's local variables>
#Y [stack address] function1 at 'return address'
<functions1's local variables>
...
So for digging out local stack variables associated with a function, it's a simple
matter of looking "below" it in the "bt -f" output.
Dave
Thanks,
-Takahiro AKASHI
> If you can live with the display, I'll clean up the patch, and maybe add
> the stack-layout diagram
> from your last post into a comment. It was quite helpful, especially in
> comparison to the
> x86_64 model, which is what I was mistakenly using as a guide.
>
> Thanks,
> Dave
>
>
>
> diff --git a/arm64.c b/arm64.c
> index 86ec348..3b29ef4 100644
> --- a/arm64.c
> +++ b/arm64.c
> @@ -1407,13 +1407,14 @@ arm64_print_stackframe_entry(struct bt_info *bt,
> int level, struct arm64_stackfr
> value_to_symstr(frame->pc, buf,
> bt->radix);
> }
>
> - if (bt->flags & BT_FULL) {
> - arm64_display_full_frame(bt, frame->sp);
> - bt->frameptr = frame->sp;
> + if ((bt->flags & BT_FULL) && level) {
> + arm64_display_full_frame(bt, frame->fp);
> + bt->frameptr = frame->fp;
> }
>
> fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ? "
" : "",
> level,
> - frame->sp, name_plus_offset ? name_plus_offset : name,
> frame->pc);
> +// frame->fp, name_plus_offset ? name_plus_offset : name,
> frame->pc);
> + frame->fp ? frame->fp : bt->stacktop -
USER_EFRAME_OFFSET,
> name_plus_offset ? name_plus_offset : name, frame->pc);
>
> if (BT_REFERENCE_CHECK(bt))
> arm64_do_bt_reference_check(bt, frame->pc, name);
> @@ -1447,8 +1448,12 @@ arm64_display_full_frame(struct bt_info *bt, ulong
> sp)
> if (bt->frameptr == sp)
> return;
>
> - if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt))
> - return;
> + if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt)) {
> + if (sp == 0)
> + sp = bt->stacktop - USER_EFRAME_OFFSET;
> + else
> + return;
> + }
>
> words = (sp - bt->frameptr) / sizeof(ulong);
>
> @@ -1471,12 +1476,10 @@ arm64_unwind_frame(struct bt_info *bt, struct
> arm64_stackframe *frame)
> {
> unsigned long high, low, fp;
> unsigned long stack_mask;
> - unsigned long irq_stack_ptr, orig_sp, sp_in;
> + unsigned long irq_stack_ptr, orig_sp;
> struct arm64_pt_regs *ptregs;
> struct machine_specific *ms;
>
> - sp_in = frame->sp;
> -
> stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
> fp = frame->fp;
>
> @@ -1513,7 +1516,7 @@ arm64_unwind_frame(struct bt_info *bt, struct
> arm64_stackframe *frame)
> ptregs = (struct arm64_pt_regs
> *)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
> frame->sp = orig_sp;
> frame->pc = ptregs->pc;
> - bt->bptr = sp_in;
> + bt->bptr = fp;
> if (CRASHDEBUG(1))
> error(INFO,
> "arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc:
%lx\n",
> @@ -1904,8 +1907,10 @@ arm64_print_exception_frame(struct bt_info *bt,
> ulong pt_regs, int mode, FILE *o
> ulong LR, SP, offset;
> char buf[BUFSIZE];
>
> +#if 0 /* FIXME? */
> if (bt->flags & BT_FULL)
> arm64_display_full_frame(bt, pt_regs);
> +#endif
>
> if (CRASHDEBUG(1))
> fprintf(ofp, "pt_regs: %lx\n", pt_regs);
> --
> Crash-utility mailing list
> Crash-utility(a)redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
12:11 a.m.
On Mon, Jun 13, 2016 at 11:30:24AM -0400, Dave Anderson wrote:
> Dave,
>
> On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> > Hi Takahiro,
> >
> > To address my concerns about your patch, I added a few additional changes and
attached
> > it to this email. The changes are:
> >
> > (1) Prevent the stack dump "below" the #0 level. Yes, the stack data
region is contained within
> > the incoming frame parameters, but it's ugly and we really don't
care to see what's before
> > the #0 crash_kexec and crash_save_cpu #0 frames.
> > (2) Fill in the missing stack dump at the top of the process stack, up to, but
not including
> > the user-space exception frame.
> > (3) Instead of showing the fp of 0 in the top-most frame's stack address,
fill it in with the
> > address of the user-space exception frame.
> >
> > Note that there is no dump of the stack containing the user-space exception
frame, but the
> > register dump itself should suffice.
>
> Well, the essential problem with my patch is that the output from "bt -f"
> looks like:
> #XX ['fp'] 'function' at 'pc' --- (1)
> <function's stack dump> --- (2)
> but that (1) and (2) are not printed as a single stack frame in the same
> iteration of while loop in arm64_back_trace_cmd().
> (I hope you understand what I mean :)
Actually I prefer your first approach. I find this new one confusing, not
to mention unlike any of the other architectures in that the "frame level"
#X address value is not contiguous with the stack addresses that get filled
in by -f.
Can you please elaborate a bit here about "is not contiguous"?
Taking your picture into account:
stack grows to lower addresses.
/|\
|
| |
new sp +------+ <---
|dyn | |
| vars | |
new fp +- - - + |
|old fp| | a function's stack frame
|old lr| |
|static| |
| vars| |
old sp +------+ <---
|dyn |
| vars |
old fp +------+
| |
Your first patch seemed natural to me because for any "#X" line containing a
function
name, that function's dynamic variables, the "old fp/old lr" pair, and the
function's
static variables were dumped below it (i.e., at higher stack addresses).
> To be consistent with the out format of x86, the output should be
> <function's stack dump>
> #XX ['fp'] 'function' at 'pc'
>
> Unfortunately, this requires that arm64_back_trace_cmd() and other functions should
be overhauled.
> Please take a look at my next patch though it is uncompleted and still has room for
improvement.
I don't know what you mean by "consistent with the out format of x86"?
With x86_64,
each #<level> line is simply the stack address where the function pushed its
return
address as a result of its making a "callq" to the next function. Any local
variables of
the calling function would be at the next higher stack addresses:
...
#X [stack address] function2 at 'return address'
<function2's local variables>
#Y [stack address] function1 at 'return address'
<functions1's local variables>
...
So for digging out local stack variables associated with a function, it's a simple
matter of looking "below" it in the "bt -f" output.
That is exactly what I meant by "consistent with x86."
On x86, the output looks like:
<function2's local variables>
#X [stack address] function2 at 'return address'
<functions1's local variables>
#Y [stack address] function1 at 'return address'
...
So users who are familiar with this format may get confused.
(Or do I misunderstand anything?)
In addition, my previous patch displays
<function2's local variables>
#Y [stack address] function1 at 'return address'
in arm64_print_stackframe_entry(), and it sounds odd to me.
But, anyhow, it's up to you.
Thanks,
-Takahiro AKASHI
Dave
> Thanks,
> -Takahiro AKASHI
>
>
> > If you can live with the display, I'll clean up the patch, and maybe add
> > the stack-layout diagram
> > from your last post into a comment. It was quite helpful, especially in
> > comparison to the
> > x86_64 model, which is what I was mistakenly using as a guide.
> >
> > Thanks,
> > Dave
> >
> >
> >
>
> > diff --git a/arm64.c b/arm64.c
> > index 86ec348..3b29ef4 100644
> > --- a/arm64.c
> > +++ b/arm64.c
> > @@ -1407,13 +1407,14 @@ arm64_print_stackframe_entry(struct bt_info *bt,
> > int level, struct arm64_stackfr
> > value_to_symstr(frame->pc, buf,
> > bt->radix);
> > }
> >
> > - if (bt->flags & BT_FULL) {
> > - arm64_display_full_frame(bt, frame->sp);
> > - bt->frameptr = frame->sp;
> > + if ((bt->flags & BT_FULL) && level) {
> > + arm64_display_full_frame(bt, frame->fp);
> > + bt->frameptr = frame->fp;
> > }
> >
> > fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ?
" " : "",
> > level,
> > - frame->sp, name_plus_offset ? name_plus_offset : name,
> > frame->pc);
> > +// frame->fp, name_plus_offset ? name_plus_offset : name,
> > frame->pc);
> > + frame->fp ? frame->fp : bt->stacktop -
USER_EFRAME_OFFSET,
> > name_plus_offset ? name_plus_offset : name, frame->pc);
> >
> > if (BT_REFERENCE_CHECK(bt))
> > arm64_do_bt_reference_check(bt, frame->pc, name);
> > @@ -1447,8 +1448,12 @@ arm64_display_full_frame(struct bt_info *bt, ulong
> > sp)
> > if (bt->frameptr == sp)
> > return;
> >
> > - if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt))
> > - return;
> > + if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt)) {
> > + if (sp == 0)
> > + sp = bt->stacktop - USER_EFRAME_OFFSET;
> > + else
> > + return;
> > + }
> >
> > words = (sp - bt->frameptr) / sizeof(ulong);
> >
> > @@ -1471,12 +1476,10 @@ arm64_unwind_frame(struct bt_info *bt, struct
> > arm64_stackframe *frame)
> > {
> > unsigned long high, low, fp;
> > unsigned long stack_mask;
> > - unsigned long irq_stack_ptr, orig_sp, sp_in;
> > + unsigned long irq_stack_ptr, orig_sp;
> > struct arm64_pt_regs *ptregs;
> > struct machine_specific *ms;
> >
> > - sp_in = frame->sp;
> > -
> > stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
> > fp = frame->fp;
> >
> > @@ -1513,7 +1516,7 @@ arm64_unwind_frame(struct bt_info *bt, struct
> > arm64_stackframe *frame)
> > ptregs = (struct arm64_pt_regs
> > *)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
> > frame->sp = orig_sp;
> > frame->pc = ptregs->pc;
> > - bt->bptr = sp_in;
> > + bt->bptr = fp;
> > if (CRASHDEBUG(1))
> > error(INFO,
> > "arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc:
%lx\n",
> > @@ -1904,8 +1907,10 @@ arm64_print_exception_frame(struct bt_info *bt,
> > ulong pt_regs, int mode, FILE *o
> > ulong LR, SP, offset;
> > char buf[BUFSIZE];
> >
> > +#if 0 /* FIXME? */
> > if (bt->flags & BT_FULL)
> > arm64_display_full_frame(bt, pt_regs);
> > +#endif
> >
> > if (CRASHDEBUG(1))
> > fprintf(ofp, "pt_regs: %lx\n", pt_regs);
>
> > --
> > Crash-utility mailing list
> > Crash-utility(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/crash-utility
>
> --
> Crash-utility mailing list
> Crash-utility(a)redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
9:42 a.m.
----- Original Message -----
On Mon, Jun 13, 2016 at 11:30:24AM -0400, Dave Anderson wrote:
>
> > Dave,
> >
> > On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> > > Hi Takahiro,
> > >
> > > To address my concerns about your patch, I added a few additional
> > > changes and attached
> > > it to this email. The changes are:
> > >
> > > (1) Prevent the stack dump "below" the #0 level. Yes, the stack
data
> > > region is contained within
> > > the incoming frame parameters, but it's ugly and we really
don't
> > > care to see what's before
> > > the #0 crash_kexec and crash_save_cpu #0 frames.
> > > (2) Fill in the missing stack dump at the top of the process stack, up
> > > to, but not including
> > > the user-space exception frame.
> > > (3) Instead of showing the fp of 0 in the top-most frame's stack
> > > address, fill it in with the
> > > address of the user-space exception frame.
> > >
> > > Note that there is no dump of the stack containing the user-space
> > > exception frame, but the
> > > register dump itself should suffice.
> >
> > Well, the essential problem with my patch is that the output from "bt
-f"
> > looks like:
> > #XX ['fp'] 'function' at 'pc' --- (1)
> > <function's stack dump> --- (2)
> > but that (1) and (2) are not printed as a single stack frame in the same
> > iteration of while loop in arm64_back_trace_cmd().
> > (I hope you understand what I mean :)
>
> Actually I prefer your first approach. I find this new one confusing, not
> to mention unlike any of the other architectures in that the "frame
level"
> #X address value is not contiguous with the stack addresses that get filled
> in by -f.
Can you please elaborate a bit here about "is not contiguous"?
I mean that the #X [address] is not contiguous with the stack addresses
above and below it. For example:
ffff8003dc103d60: ffff8003dc103dc0 ffff80000028041c
ffff8003dc103d70: 0000000000000000 0000000000000022
ffff8003dc103d80: ffff8003db846b00 ffff8003db846b00
#3 [ffff8003dc103cf0] schedule_hrtimeout_range_clock at ffff8000007786f0
ffff8003dc103d90: ffff8003dc103dc0 ffff80000028052c
ffff8003dc103da0: 0000000000000000 0000000000000022
ffff8003dc103db0: 0000000000000000 0000000000000000
> Taking your picture into account:
>
> stack grows to lower addresses.
> /|\
> |
> | |
> new sp +------+ <---
> |dyn | |
> | vars | |
> new fp +- - - + |
> |old fp| | a function's stack frame
> |old lr| |
> |static| |
> | vars| |
> old sp +------+ <---
> |dyn |
> | vars |
> old fp +------+
> | |
>
> Your first patch seemed natural to me because for any "#X" line containing
a function
> name, that function's dynamic variables, the "old fp/old lr" pair, and
the function's
> static variables were dumped below it (i.e., at higher stack addresses).
>
>
> > To be consistent with the out format of x86, the output should be
> > <function's stack dump>
> > #XX ['fp'] 'function' at 'pc'
> >
> > Unfortunately, this requires that arm64_back_trace_cmd() and other functions
should be overhauled.
> > Please take a look at my next patch though it is uncompleted and still has room
for improvement.
>
> I don't know what you mean by "consistent with the out format of x86"?
With x86_64,
> each #<level> line is simply the stack address where the function pushed its
return
> address as a result of its making a "callq" to the next function. Any
local variables of
> the calling function would be at the next higher stack addresses:
>
> ...
> #X [stack address] function2 at 'return address'
> <function2's local variables>
> #Y [stack address] function1 at 'return address'
> <functions1's local variables>
> ...
>
> So for digging out local stack variables associated with a function, it's a
simple
> matter of looking "below" it in the "bt -f" output.
That is exactly what I meant by "consistent with x86."
On x86, the output looks like:
<function2's local variables>
#X [stack address] function2 at 'return address'
<functions1's local variables>
#Y [stack address] function1 at 'return address'
...
No, that's not true -- look at my #X and #Y description above -- funcion2's local
variables are at higher stack addresses than the #X "stack entry" address.
They
have to be -- the callq that pushes the return address at the #X stack location is
the last stack manipulation that the function does. Expressed otherwise, a
function's
local variables are displayed "below" or "underneath" its #X line in
the "bt -f"
output.
So users who are familiar with this format may get confused.
(Or do I misunderstand anything?)
In addition, my previous patch displays
<function2's local variables>
#Y [stack address] function1 at 'return address'
in arm64_print_stackframe_entry(), and it sounds odd to me.
BTW, the order in which it is done is based upon the kernel's dump_backtrace()
function, although I'll grant you that the kernel dump is only interested in
the pc.
But, anyhow, it's up to you.
OK! Thanks for giving in... ;-)
Thanks,
Dave
4:50 a.m.
On Tue, Jun 14, 2016 at 10:42:03AM -0400, Dave Anderson wrote:
> On Mon, Jun 13, 2016 at 11:30:24AM -0400, Dave Anderson wrote:
> >
> > > Dave,
> > >
> > > On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> > > > Hi Takahiro,
> > > >
> > > > To address my concerns about your patch, I added a few additional
> > > > changes and attached
> > > > it to this email. The changes are:
> > > >
> > > > (1) Prevent the stack dump "below" the #0 level. Yes, the
stack data
> > > > region is contained within
> > > > the incoming frame parameters, but it's ugly and we really
don't
> > > > care to see what's before
> > > > the #0 crash_kexec and crash_save_cpu #0 frames.
> > > > (2) Fill in the missing stack dump at the top of the process stack,
up
> > > > to, but not including
> > > > the user-space exception frame.
> > > > (3) Instead of showing the fp of 0 in the top-most frame's stack
> > > > address, fill it in with the
> > > > address of the user-space exception frame.
> > > >
> > > > Note that there is no dump of the stack containing the user-space
> > > > exception frame, but the
> > > > register dump itself should suffice.
> > >
> > > Well, the essential problem with my patch is that the output from "bt
-f"
> > > looks like:
> > > #XX ['fp'] 'function' at 'pc' --- (1)
> > > <function's stack dump> --- (2)
> > > but that (1) and (2) are not printed as a single stack frame in the same
> > > iteration of while loop in arm64_back_trace_cmd().
> > > (I hope you understand what I mean :)
> >
> > Actually I prefer your first approach. I find this new one confusing, not
> > to mention unlike any of the other architectures in that the "frame
level"
> > #X address value is not contiguous with the stack addresses that get filled
> > in by -f.
>
> Can you please elaborate a bit here about "is not contiguous"?
I mean that the #X [address] is not contiguous with the stack addresses
above and below it. For example:
ffff8003dc103d60: ffff8003dc103dc0 ffff80000028041c
ffff8003dc103d70: 0000000000000000 0000000000000022
ffff8003dc103d80: ffff8003db846b00 ffff8003db846b00
#3 [ffff8003dc103cf0] schedule_hrtimeout_range_clock at ffff8000007786f0
ffff8003dc103d90: ffff8003dc103dc0 ffff80000028052c
ffff8003dc103da0: 0000000000000000 0000000000000022
ffff8003dc103db0: 0000000000000000 0000000000000000
>
> > Taking your picture into account:
> >
> > stack grows to lower addresses.
> > /|\
> > |
> > | |
> > new sp +------+ <---
> > |dyn | |
> > | vars | |
> > new fp +- - - + |
> > |old fp| | a function's stack frame
> > |old lr| |
> > |static| |
> > | vars| |
> > old sp +------+ <---
> > |dyn |
> > | vars |
> > old fp +------+
> > | |
> >
> > Your first patch seemed natural to me because for any "#X" line
containing a function
> > name, that function's dynamic variables, the "old fp/old lr"
pair, and the function's
> > static variables were dumped below it (i.e., at higher stack addresses).
> >
> >
> > > To be consistent with the out format of x86, the output should be
> > > <function's stack dump>
> > > #XX ['fp'] 'function' at 'pc'
> > >
> > > Unfortunately, this requires that arm64_back_trace_cmd() and other
functions should be overhauled.
> > > Please take a look at my next patch though it is uncompleted and still has
room for improvement.
> >
> > I don't know what you mean by "consistent with the out format of
x86"? With x86_64,
> > each #<level> line is simply the stack address where the function pushed
its return
> > address as a result of its making a "callq" to the next function.
Any local variables of
> > the calling function would be at the next higher stack addresses:
> >
> > ...
> > #X [stack address] function2 at 'return address'
> > <function2's local variables>
> > #Y [stack address] function1 at 'return address'
> > <functions1's local variables>
> > ...
> >
> > So for digging out local stack variables associated with a function, it's a
simple
> > matter of looking "below" it in the "bt -f" output.
>
> That is exactly what I meant by "consistent with x86."
> On x86, the output looks like:
>
> <function2's local variables>
> #X [stack address] function2 at 'return address'
> <functions1's local variables>
> #Y [stack address] function1 at 'return address'
> ...
No, that's not true -- look at my #X and #Y description above -- funcion2's
local
variables are at higher stack addresses than the #X "stack entry" address.
They
have to be -- the callq that pushes the return address at the #X stack location is
the last stack manipulation that the function does. Expressed otherwise, a
function's
local variables are displayed "below" or "underneath" its #X line in
the "bt -f"
output.
OK
>
> So users who are familiar with this format may get confused.
> (Or do I misunderstand anything?)
>
> In addition, my previous patch displays
> <function2's local variables>
> #Y [stack address] function1 at 'return address'
> in arm64_print_stackframe_entry(), and it sounds odd to me.
BTW, the order in which it is done is based upon the kernel's dump_backtrace()
function, although I'll grant you that the kernel dump is only interested in
the pc.
Good point. The kernel's dump_backtrace() doesn't show the contents of
stack at each stack frame. If it did, we would see the same problem.
In fact, backtracing a stack on arm64 precisely is a quite difficult
thinking of possible corner cases. For example,
a. A value of stack pointer is hard to determine
It would be a good idea to use a dwarf unwinder.
b. No actual stack frame for an exception entry code
So we need a special handling around the entry code
c. If an interrupt occurs during a function prologue, a stack frame
can partially or even worse never be created on a stack.
If you're interested, see my past RFC:
http://lists.infradead.org/pipermail/linux-arm-kernel/2015-September/3693...
You may understand why I get so stuck with backtrace issues.
>
> But, anyhow, it's up to you.
>
OK! Thanks for giving in... ;-)
Not really yet :)
From the vmlinux/vmcore binaries that I sent you before,
with my
v1 (and also Dave's) patch,
crash> bt -f
PID: 1223 TASK: ffff800020ef5780 CPU: 3 COMMAND: "sh"
#0 [ffff800020b0ba70] crash_kexec at ffff00000812b0ac
ffff800020b0ba60: ffffffffffffffff 6533333035642030
ffff800020b0ba70: ffff800020b0ba90 ffff000008088ce8
ffff800020b0ba80: ffff000008e67000 ffff800020b0bc20
...
#4 [ffff800020b0bb60] do_translation_fault at ffff00000809690c
ffff800020b0bb60: ffff800020b0bb70 ffff00000808128c
#5 [ffff800020b0bb70] do_mem_abort at ffff00000808128c
ffff800020b0bb70: ffff800020b0bd40 ffff000008084568
ffff800020b0bb80: ffff000008dda000 0000000000000063
...
ffff800020b0bc00: 0000000000000000 0000000000000015
ffff800020b0bc10: 0000000000000120 0000000000000040
ffff800020b0bc20: 0000000000000001 0000000000000000 <- (1)
ffff800020b0bc30: ffff000008dda7b8 0000000000000000
ffff800020b0bc40: 0000000000000000 00000000000047d4
...
ffff800020b0bd10: ffff000008457fb4 ffff800020b0bd40
ffff800020b0bd20: ffff000008457fc8 0000000060400149
ffff800020b0bd30: ffff000008dda000 ffff80002104d418
#6 [ffff800020b0bd40] el1_da at ffff000008084568
PC: ffff000008457fc8 [sysrq_handle_crash+32]
LR: ffff000008457fb4 [sysrq_handle_crash+12]
SP: ffff800020b0bd40 PSTATE: 60400149
...
ORIG_X0: ffff000008dda000 SYSCALLNO: ffff80002104d418 <- (2)
ffff800020b0bd40: ffff800020b0bd50 ffff000008458644
#7 [ffff800020b0bd50] __handle_sysrq at ffff000008458644 <- (3)
ffff800020b0bd50: ffff800020b0bd90 ffff000008458ac0
ffff800020b0bd60: 0000000000000002 fffffffffffffffb
ffff800020b0bd70: 0000000000000000 ffff800020b0bec8
ffff800020b0bd80: 000000001e9da808 ffff800021ba84a0
...
(1) This is actually an end of stack frame of #5 (do_mem_abort),
and also a start of exception frame of #6 (el1_da).
(2) Those are meaningless for any exceptions in the kernel.
(3) We miss one stack frame for "sysrq_handle_crash"
due to (b) I mentioned above.
Thanks,
-Takahiro AKASHI
Thanks,
Dave
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
3:12 p.m.
----- Original Message -----
On Tue, Jun 14, 2016 at 10:42:03AM -0400, Dave Anderson wrote:
>
> > On Mon, Jun 13, 2016 at 11:30:24AM -0400, Dave Anderson wrote:
> > >
> > > > Dave,
> > > >
> > > > On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> > > > > Hi Takahiro,
> > > > >
> > > > > To address my concerns about your patch, I added a few
additional changes and attached
> > > > > it to this email. The changes are:
> > > > >
> > > > > (1) Prevent the stack dump "below" the #0 level. Yes,
the stack data region is contained within
> > > > > the incoming frame parameters, but it's ugly and we
really don't
> > > > > care to see what's before
> > > > > the #0 crash_kexec and crash_save_cpu #0 frames.
> > > > > (2) Fill in the missing stack dump at the top of the process
stack, up to, but not including
> > > > > the user-space exception frame.
> > > > > (3) Instead of showing the fp of 0 in the top-most frame's
stack address, fill it in with the
> > > > > address of the user-space exception frame.
> > > > >
> > > > > Note that there is no dump of the stack containing the
user-space exception frame, but the
> > > > > register dump itself should suffice.
> > > >
> > > > Well, the essential problem with my patch is that the output from
"bt -f"
> > > > looks like:
> > > > #XX ['fp'] 'function' at 'pc' --- (1)
> > > > <function's stack dump> --- (2)
> > > > but that (1) and (2) are not printed as a single stack frame in the
same
> > > > iteration of while loop in arm64_back_trace_cmd().
> > > > (I hope you understand what I mean :)
> > >
> > > Actually I prefer your first approach. I find this new one confusing,
not
> > > to mention unlike any of the other architectures in that the "frame
level"
> > > #X address value is not contiguous with the stack addresses that get
filled
> > > in by -f.
> >
> > Can you please elaborate a bit here about "is not contiguous"?
>
> I mean that the #X [address] is not contiguous with the stack addresses
> above and below it. For example:
>
> ffff8003dc103d60: ffff8003dc103dc0 ffff80000028041c
> ffff8003dc103d70: 0000000000000000 0000000000000022
> ffff8003dc103d80: ffff8003db846b00 ffff8003db846b00
> #3 [ffff8003dc103cf0] schedule_hrtimeout_range_clock at ffff8000007786f0
> ffff8003dc103d90: ffff8003dc103dc0 ffff80000028052c
> ffff8003dc103da0: 0000000000000000 0000000000000022
> ffff8003dc103db0: 0000000000000000 0000000000000000
>
> >
> > > Taking your picture into account:
> > >
> > > stack grows to lower addresses.
> > > /|\
> > > |
> > > | |
> > > new sp +------+ <---
> > > |dyn | |
> > > | vars | |
> > > new fp +- - - + |
> > > |old fp| | a function's stack frame
> > > |old lr| |
> > > |static| |
> > > | vars| |
> > > old sp +------+ <---
> > > |dyn |
> > > | vars |
> > > old fp +------+
> > > | |
> > >
> > > Your first patch seemed natural to me because for any "#X" line
containing a function
> > > name, that function's dynamic variables, the "old fp/old lr"
pair, and the function's
> > > static variables were dumped below it (i.e., at higher stack
> > > addresses).
> > >
> > >
> > > > To be consistent with the out format of x86, the output should be
> > > > <function's stack dump>
> > > > #XX ['fp'] 'function' at 'pc'
> > > >
> > > > Unfortunately, this requires that arm64_back_trace_cmd() and other
> > > > functions should be overhauled.
> > > > Please take a look at my next patch though it is uncompleted and
> > > > still has room for improvement.
> > >
> > > I don't know what you mean by "consistent with the out format of
x86"? With x86_64,
> > > each #<level> line is simply the stack address where the function
pushed its return
> > > address as a result of its making a "callq" to the next
function. Any local variables of
> > > the calling function would be at the next higher stack addresses:
> > >
> > > ...
> > > #X [stack address] function2 at 'return address'
> > > <function2's local variables>
> > > #Y [stack address] function1 at 'return address'
> > > <functions1's local variables>
> > > ...
> > >
> > > So for digging out local stack variables associated with a function,
> > > it's a simple
> > > matter of looking "below" it in the "bt -f" output.
> >
> > That is exactly what I meant by "consistent with x86."
> > On x86, the output looks like:
> >
> > <function2's local variables>
> > #X [stack address] function2 at 'return address'
> > <functions1's local variables>
> > #Y [stack address] function1 at 'return address'
> > ...
>
> No, that's not true -- look at my #X and #Y description above -- funcion2's
local
> variables are at higher stack addresses than the #X "stack entry" address.
They
> have to be -- the callq that pushes the return address at the #X stack location is
> the last stack manipulation that the function does. Expressed otherwise, a
function's
> local variables are displayed "below" or "underneath" its #X
line in the "bt -f"
> output.
OK
> >
> > So users who are familiar with this format may get confused.
> > (Or do I misunderstand anything?)
> >
> > In addition, my previous patch displays
> > <function2's local variables>
> > #Y [stack address] function1 at 'return address'
> > in arm64_print_stackframe_entry(), and it sounds odd to me.
>
> BTW, the order in which it is done is based upon the kernel's dump_backtrace()
> function, although I'll grant you that the kernel dump is only interested in
> the pc.
Good point. The kernel's dump_backtrace() doesn't show the contents of
stack at each stack frame. If it did, we would see the same problem.
In fact, backtracing a stack on arm64 precisely is a quite difficult
thinking of possible corner cases. For example,
a. A value of stack pointer is hard to determine
It would be a good idea to use a dwarf unwinder.
b. No actual stack frame for an exception entry code
So we need a special handling around the entry code
c. If an interrupt occurs during a function prologue, a stack frame
can partially or even worse never be created on a stack.
If you're interested, see my past RFC:
http://lists.infradead.org/pipermail/linux-arm-kernel/2015-September/3693...
You may understand why I get so stuck with backtrace issues.
Uhhhh, yeah -- I do now! ;-)
> >
> > But, anyhow, it's up to you.
> >
>
> OK! Thanks for giving in... ;-)
Not really yet :)
>From the vmlinux/vmcore binaries that I sent you before,
with my v1 (and also Dave's) patch,
crash> bt -f
PID: 1223 TASK: ffff800020ef5780 CPU: 3 COMMAND: "sh"
#0 [ffff800020b0ba70] crash_kexec at ffff00000812b0ac
ffff800020b0ba60: ffffffffffffffff 6533333035642030
ffff800020b0ba70: ffff800020b0ba90 ffff000008088ce8
ffff800020b0ba80: ffff000008e67000 ffff800020b0bc20
...
#4 [ffff800020b0bb60] do_translation_fault at ffff00000809690c
ffff800020b0bb60: ffff800020b0bb70 ffff00000808128c
#5 [ffff800020b0bb70] do_mem_abort at ffff00000808128c
ffff800020b0bb70: ffff800020b0bd40 ffff000008084568
ffff800020b0bb80: ffff000008dda000 0000000000000063
...
ffff800020b0bc00: 0000000000000000 0000000000000015
ffff800020b0bc10: 0000000000000120 0000000000000040
ffff800020b0bc20: 0000000000000001 0000000000000000 <- (1)
ffff800020b0bc30: ffff000008dda7b8 0000000000000000
ffff800020b0bc40: 0000000000000000 00000000000047d4
...
ffff800020b0bd10: ffff000008457fb4 ffff800020b0bd40
ffff800020b0bd20: ffff000008457fc8 0000000060400149
ffff800020b0bd30: ffff000008dda000 ffff80002104d418
#6 [ffff800020b0bd40] el1_da at ffff000008084568
PC: ffff000008457fc8 [sysrq_handle_crash+32]
LR: ffff000008457fb4 [sysrq_handle_crash+12]
SP: ffff800020b0bd40 PSTATE: 60400149
...
ORIG_X0: ffff000008dda000 SYSCALLNO: ffff80002104d418 <- (2)
ffff800020b0bd40: ffff800020b0bd50 ffff000008458644
#7 [ffff800020b0bd50] __handle_sysrq at ffff000008458644 <- (3)
ffff800020b0bd50: ffff800020b0bd90 ffff000008458ac0
ffff800020b0bd60: 0000000000000002 fffffffffffffffb
ffff800020b0bd70: 0000000000000000 ffff800020b0bec8
ffff800020b0bd80: 000000001e9da808 ffff800021ba84a0
...
(1) This is actually an end of stack frame of #5 (do_mem_abort),
and also a start of exception frame of #6 (el1_da).
(2) Those are meaningless for any exceptions in the kernel.
(3) We miss one stack frame for "sysrq_handle_crash"
due to (b) I mentioned above.
Thanks,
-Takahiro AKASHI
Notwithstanding the cases above, but given the improvement in readability,
I've checked the patch in as the basis for any future patches you may
propose in the future:
https://github.com/crash-utility/crash/commit/d1db3ff7581cab2ec5263291afc...
Thanks,
Dave
3:50 p.m.
New subject: [PATCH] ARM64 support for 3-level page tables with 64K pages
----- Original Message -----
> Adds ARM64 support for 3-level page tables with 64K pages and 48
VA bits.
Nicely done, Jim. Queued for crash-7.1.5:
https://github.com/crash-utility/crash/commit/ab91852f945bfecfa0bca6a4225...
Thanks,
Dave
Hi Jim,
I just noticed today that your 3-level 64K patch does not work for user virtual address
space.
I haven't looked too deeply into it, but for example on a live system, all user
virtual address
vtop operations fail, all disk-backed user memory space shows the "FILE:"
backing, and the
anonymous space shows "(not mapped)":
crash> help -m | grep VM
flags: 10400069
(KSYMS_START|VM_L3_64K|VMEMMAP|KDUMP_ENABLED|IRQ_STACKS|MACHDEP_BT_TEXT)
crash> sys | grep RELEASE
RELEASE: 4.5.0-0.38.el7.aarch64
crash> set
PID: 1212
COMMAND: "crash"
TASK: ffff8003d74f3f00 [THREAD_INFO: ffff8003d7454000]
CPU: 1
STATE: TASK_RUNNING (ACTIVE)
crash> vm -p
PID: 1212 TASK: ffff8003d74f3f00 CPU: 1 COMMAND: "crash"
MM PGD RSS TOTAL_VM
ffff8000c40363c0 ffff8003db6a9200 211904k 355264k
VMA START END FLAGS FILE
ffff8003de746d40 400000 a00000 875 /root/crash.git/crash
VIRTUAL PHYSICAL
400000 FILE: /root/crash.git/crash OFFSET: 0
410000 FILE: /root/crash.git/crash OFFSET: 10000
420000 FILE: /root/crash.git/crash OFFSET: 20000
430000 FILE: /root/crash.git/crash OFFSET: 30000
440000 FILE: /root/crash.git/crash OFFSET: 40000
450000 FILE: /root/crash.git/crash OFFSET: 50000
... [ cut ] ...
VMA START END FLAGS FILE
ffff8003de745d70 a50000 b00000 100073
VIRTUAL PHYSICAL
a50000 (not mapped)
a60000 (not mapped)
a70000 (not mapped)
a80000 (not mapped)
a90000 (not mapped)
aa0000 (not mapped)
ab0000 (not mapped)
ac0000 (not mapped)
...
In all cases, the PGD value reads as 0 and therefore fails:
crash> vtop 400000
VIRTUAL PHYSICAL
400000 (not mapped)
PAGE DIRECTORY: ffff8003db6a9200
PGD: ffff8003db6a9200 => 0
VMA START END FLAGS FILE
ffff8003de746d40 400000 a00000 875 /root/crash.git/crash
FILE: /root/crash.git/crash OFFSET: 0
crash>
That is the correct PGD address, and when read, it looks like a valid PTE:
crash> rd ffff8003db6a9200
ffff8003db6a9200: 00000043dee60003 ....C...
crash>
vmalloc() addresses translate just fine, and since they use the same function,
I'm not sure what's going on? Did you ever check user-space translations?
Thanks,
Dave
> ---
> arm64.c | 126
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------
> defs.h | 28 +++++++++++----
> 2 files changed, 133 insertions(+), 21 deletions(-)
>
> diff --git a/arm64.c b/arm64.c
> index f6ea7a1..d1c9c3e 100644
> --- a/arm64.c
> +++ b/arm64.c
> @@ -34,6 +34,7 @@ static void arm64_init_kernel_pgd(void);
> static int arm64_kvtop(struct task_context *, ulong, physaddr_t *, int);
> static int arm64_uvtop(struct task_context *, ulong, physaddr_t *, int);
> static int arm64_vtop_2level_64k(ulong, ulong, physaddr_t *, int);
> +static int arm64_vtop_3level_64k(ulong, ulong, physaddr_t *, int);
> static int arm64_vtop_3level_4k(ulong, ulong, physaddr_t *, int);
> static ulong arm64_get_task_pgd(ulong);
> static void arm64_irq_stack_init(void);
> @@ -188,15 +189,29 @@ arm64_init(int when)
> break;
>
> case 65536:
> - machdep->flags |= VM_L2_64K;
> - machdep->ptrs_per_pgd = PTRS_PER_PGD_L2_64K;
> - if ((machdep->pgd =
> - (char *)malloc(PTRS_PER_PGD_L2_64K * 8)) == NULL)
> - error(FATAL, "cannot malloc pgd space.");
> - if ((machdep->ptbl =
> - (char *)malloc(PTRS_PER_PTE_L2_64K * 8)) == NULL)
> - error(FATAL, "cannot malloc ptbl space.");
> - machdep->pmd = NULL; /* not used */
> + if (machdep->machspec->VA_BITS > PGDIR_SHIFT_L3_64K) {
> + machdep->flags |= VM_L3_64K;
> + machdep->ptrs_per_pgd = PTRS_PER_PGD_L3_64K;
> + if ((machdep->pgd =
> + (char *)malloc(PTRS_PER_PGD_L3_64K * 8)) == NULL)
> + error(FATAL, "cannot malloc pgd space.");
> + if ((machdep->pmd =
> + (char *)malloc(PTRS_PER_PMD_L3_64K * 8)) == NULL)
> + error(FATAL, "cannot malloc pmd space.");
> + if ((machdep->ptbl =
> + (char *)malloc(PTRS_PER_PTE_L3_64K * 8)) == NULL)
> + error(FATAL, "cannot malloc ptbl space.");
> + } else {
> + machdep->flags |= VM_L2_64K;
> + machdep->ptrs_per_pgd = PTRS_PER_PGD_L2_64K;
> + if ((machdep->pgd =
> + (char *)malloc(PTRS_PER_PGD_L2_64K * 8)) == NULL)
> + error(FATAL, "cannot malloc pgd space.");
> + if ((machdep->ptbl =
> + (char *)malloc(PTRS_PER_PTE_L2_64K * 8)) == NULL)
> + error(FATAL, "cannot malloc ptbl space.");
> + machdep->pmd = NULL; /* not used */
> + }
> machdep->pud = NULL; /* not used */
> break;
>
> @@ -379,6 +394,8 @@ arm64_dump_machdep_table(ulong arg)
> fprintf(fp, "%sPHYS_OFFSET", others++ ? "|" : "");
> if (machdep->flags & VM_L2_64K)
> fprintf(fp, "%sVM_L2_64K", others++ ? "|" : "");
> + if (machdep->flags & VM_L3_64K)
> + fprintf(fp, "%sVM_L3_64K", others++ ? "|" : "");
> if (machdep->flags & VM_L3_4K)
> fprintf(fp, "%sVM_L3_4K", others++ ? "|" : "");
> if (machdep->flags & VMEMMAP)
> @@ -410,10 +427,14 @@ arm64_dump_machdep_table(ulong arg)
> fprintf(fp, " processor_speed: arm64_processor_speed()\n");
> fprintf(fp, " uvtop: arm64_uvtop()->%s()\n",
> machdep->flags & VM_L3_4K ?
> - "arm64_vtop_3level_4k" : "arm64_vtop_2level_64k");
> + "arm64_vtop_3level_4k" :
> + machdep->flags & VM_L3_64K ?
> + "arm64_vtop_3level_64k" : "arm64_vtop_2level_64k");
> fprintf(fp, " kvtop: arm64_kvtop()->%s()\n",
> machdep->flags & VM_L3_4K ?
> - "arm64_vtop_3level_4k" : "arm64_vtop_2level_64k");
> + "arm64_vtop_3level_4k" :
> + machdep->flags & VM_L3_64K ?
> + "arm64_vtop_3level_64k" : "arm64_vtop_2level_64k");
> fprintf(fp, " get_task_pgd: arm64_get_task_pgd()\n");
> fprintf(fp, " dump_irq: generic_dump_irq()\n");
> fprintf(fp, " get_stack_frame: arm64_get_stack_frame()\n");
> @@ -719,10 +740,12 @@ arm64_kvtop(struct task_context *tc, ulong kvaddr,
> physaddr_t *paddr, int verbos
> kernel_pgd = vt->kernel_pgd[0];
> *paddr = 0;
>
> - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> {
> case VM_L2_64K:
> return arm64_vtop_2level_64k(kernel_pgd, kvaddr, paddr, verbose);
> + case VM_L3_64K:
> + return arm64_vtop_3level_64k(kernel_pgd, kvaddr, paddr, verbose);
> case VM_L3_4K:
> return arm64_vtop_3level_4k(kernel_pgd, kvaddr, paddr, verbose);
> default:
> @@ -740,10 +763,12 @@ arm64_uvtop(struct task_context *tc, ulong uvaddr,
> physaddr_t *paddr, int verbos
>
> *paddr = 0;
>
> - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> {
> case VM_L2_64K:
> return arm64_vtop_2level_64k(user_pgd, uvaddr, paddr, verbose);
> + case VM_L3_64K:
> + return arm64_vtop_3level_64k(user_pgd, uvaddr, paddr, verbose);
> case VM_L3_4K:
> return arm64_vtop_3level_4k(user_pgd, uvaddr, paddr, verbose);
> default:
> @@ -820,6 +845,78 @@ no_page:
> return FALSE;
> }
>
> +static int
> +arm64_vtop_3level_64k(ulong pgd, ulong vaddr, physaddr_t *paddr, int
> verbose)
> +{
> + ulong *pgd_base, *pgd_ptr, pgd_val;
> + ulong *pmd_base, *pmd_ptr, pmd_val;
> + ulong *pte_base, *pte_ptr, pte_val;
> +
> + if (verbose)
> + fprintf(fp, "PAGE DIRECTORY: %lx\n", pgd);
> +
> + pgd_base = (ulong *)pgd;
> + FILL_PGD(pgd_base, KVADDR, PTRS_PER_PGD_L3_64K * sizeof(ulong));
> + pgd_ptr = pgd_base + (((vaddr) >> PGDIR_SHIFT_L3_64K) &
> (PTRS_PER_PGD_L3_64K - 1));
> + pgd_val = ULONG(machdep->pgd + PAGEOFFSET(pgd_ptr));
> + if (verbose)
> + fprintf(fp, " PGD: %lx => %lx\n", (ulong)pgd_ptr,
> pgd_val);
> + if (!pgd_val)
> + goto no_page;
> +
> + /*
> + * #define __PAGETABLE_PUD_FOLDED
> + */
> +
> + pmd_base = (ulong *)PTOV(pgd_val & PHYS_MASK &
(s32)machdep->pagemask);
> + FILL_PMD(pmd_base, KVADDR, PTRS_PER_PMD_L3_64K * sizeof(ulong));
> + pmd_ptr = pmd_base + (((vaddr) >> PMD_SHIFT_L3_64K) &
(PTRS_PER_PMD_L3_64K
> - 1));
> + pmd_val = ULONG(machdep->pmd + PAGEOFFSET(pmd_ptr));
> + if (verbose)
> + fprintf(fp, " PMD: %lx => %lx\n", (ulong)pmd_ptr,
> pmd_val);
> + if (!pmd_val)
> + goto no_page;
> +
> + if ((pmd_val & PMD_TYPE_MASK) == PMD_TYPE_SECT) {
> + ulong sectionbase = (pmd_val & SECTION_PAGE_MASK_512MB) & PHYS_MASK;
> + if (verbose) {
> + fprintf(fp, " PAGE: %lx (512MB)\n\n", sectionbase);
> + arm64_translate_pte(pmd_val, 0, 0);
> + }
> + *paddr = sectionbase + (vaddr & ~SECTION_PAGE_MASK_512MB);
> + return TRUE;
> + }
> +
> + pte_base = (ulong *)PTOV(pmd_val & PHYS_MASK &
(s32)machdep->pagemask);
> + FILL_PTBL(pte_base, KVADDR, PTRS_PER_PTE_L3_64K * sizeof(ulong));
> + pte_ptr = pte_base + (((vaddr) >> machdep->pageshift) &
> (PTRS_PER_PTE_L3_64K - 1));
> + pte_val = ULONG(machdep->ptbl + PAGEOFFSET(pte_ptr));
> + if (verbose)
> + fprintf(fp, " PTE: %lx => %lx\n", (ulong)pte_ptr,
> pte_val);
> + if (!pte_val)
> + goto no_page;
> +
> + if (pte_val & PTE_VALID) {
> + *paddr = (PAGEBASE(pte_val) & PHYS_MASK) + PAGEOFFSET(vaddr);
> + if (verbose) {
> + fprintf(fp, " PAGE: %lx\n\n", PAGEBASE(*paddr));
> + arm64_translate_pte(pte_val, 0, 0);
> + }
> + } else {
> + if (IS_UVADDR(vaddr, NULL))
> + *paddr = pte_val;
> + if (verbose) {
> + fprintf(fp, "\n");
> + arm64_translate_pte(pte_val, 0, 0);
> + }
> + goto no_page;
> + }
> +
> + return TRUE;
> +no_page:
> + return FALSE;
> +}
> +
> static int
> arm64_vtop_3level_4k(ulong pgd, ulong vaddr, physaddr_t *paddr, int verbose)
> {
> @@ -2348,9 +2445,10 @@ arm64_calc_virtual_memory_ranges(void)
>
> STRUCT_SIZE_INIT(page, "page");
>
> - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> {
> case VM_L2_64K:
> + case VM_L3_64K:
> PUD_SIZE = PGDIR_SIZE_L2_64K;
> break;
> case VM_L3_4K:
> diff --git a/defs.h b/defs.h
> index 56ae06c..d1b49d0 100644
> --- a/defs.h
> +++ b/defs.h
> @@ -2815,7 +2815,7 @@ typedef u64 pte_t;
>
> typedef signed int s32;
>
> -/*
> +/*
> * 3-levels / 4K pages
> */
> #define PTRS_PER_PGD_L3_4K (512)
> @@ -2823,10 +2823,23 @@ typedef signed int s32;
> #define PTRS_PER_PTE_L3_4K (512)
> #define PGDIR_SHIFT_L3_4K (30)
> #define PGDIR_SIZE_L3_4K ((1UL) << PGDIR_SHIFT_L3_4K)
> -#define PGDIR_MASK_L3 4K (~(PGDIR_SIZE_L3_4K-1))
> +#define PGDIR_MASK_L3_4K (~(PGDIR_SIZE_L3_4K-1))
> #define PMD_SHIFT_L3_4K (21)
> -#define PMD_SIZE_L3_4K (1UL << PMD_SHIFT_4K)
> -#define PMD_MASK_L3 4K (~(PMD_SIZE_4K-1))
> +#define PMD_SIZE_L3_4K (1UL << PMD_SHIFT_L3_4K)
> +#define PMD_MASK_L3_4K (~(PMD_SIZE_L3_4K-1))
> +
> +/*
> + * 3-levels / 64K pages
> + */
> +#define PTRS_PER_PGD_L3_64K (64)
> +#define PTRS_PER_PMD_L3_64K (8192)
> +#define PTRS_PER_PTE_L3_64K (8192)
> +#define PGDIR_SHIFT_L3_64K (42)
> +#define PGDIR_SIZE_L3_64K ((1UL) << PGDIR_SHIFT_L3_64K)
> +#define PGDIR_MASK_L3_64K (~(PGDIR_SIZE_L3_64K-1))
> +#define PMD_SHIFT_L3_64K (29)
> +#define PMD_SIZE_L3_64K (1UL << PMD_SHIFT_L3_64K)
> +#define PMD_MASK_L3_64K (~(PMD_SIZE_L3_64K-1))
>
> /*
> * 2-levels / 64K pages
> @@ -2868,9 +2881,10 @@ typedef signed int s32;
> #define KSYMS_START (0x1)
> #define PHYS_OFFSET (0x2)
> #define VM_L2_64K (0x4)
> -#define VM_L3_4K (0x8)
> -#define KDUMP_ENABLED (0x10)
> -#define IRQ_STACKS (0x20)
> +#define VM_L3_64K (0x8)
> +#define VM_L3_4K (0x10)
> +#define KDUMP_ENABLED (0x20)
> +#define IRQ_STACKS (0x40)
>
> /*
> * sources: Documentation/arm64/memory.txt
> --
> 2.1.4
>
> --
> Crash-utility mailing list
> Crash-utility redhat com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
3:14 p.m.
New subject: [PATCH] ARM64 support for 3-level page tables with 64K pages
Hi Jim,
The problem looks to be the use of PAGEOFFSET() into the 512-byte pgd used
for 3-level/64K-pages:
static int
arm64_vtop_3level_64k(ulong pgd, ulong vaddr, physaddr_t *paddr, int verbose)
{
ulong *pgd_base, *pgd_ptr, pgd_val;
ulong *pmd_base, *pmd_ptr, pmd_val;
ulong *pte_base, *pte_ptr, pte_val;
if (verbose)
fprintf(fp, "PAGE DIRECTORY: %lx\n", pgd);
pgd_base = (ulong *)pgd;
FILL_PGD(pgd_base, KVADDR, PTRS_PER_PGD_L3_64K * sizeof(ulong));
pgd_ptr = pgd_base + (((vaddr) >> PGDIR_SHIFT_L3_64K) &
(PTRS_PER_PGD_L3_64K - 1));
pgd_val = ULONG(machdep->pgd + PAGEOFFSET(pgd_ptr));
^^^^^^^^^^^^^^^^^^
For kernel vmalloc addresses, the kernel's "swapper_pg_dir" is used, which
has a base
address that's aligned on a 64k page boundary. So PAGEOFFSET() works as an index.
But for user-space addresses, the mm_struct->pgd is not 64K page aligned so the
use of PAGEOFFSET() calculates an address that's goes way beyond the end of the
512-byte aligned pgd:
crash> for user vm -p | grep -e PGD -e "k "
MM PGD RSS TOTAL_VM
ffff8003d61ec240 ffff8003d5b12c00 11904k 12992k
MM PGD RSS TOTAL_VM
ffff8003d60aec40 ffff8003dcb7ca00 4864k 88448k
MM PGD RSS TOTAL_VM
ffff8000dbf1dc80 ffff8003d69bca00 8704k 92928k
MM PGD RSS TOTAL_VM
ffff8000dbf1e700 ffff8003d69b4a00 8768k 17536k
MM PGD RSS TOTAL_VM
ffff8003d65c9300 ffff8000d4055600 5696k 16576k
MM PGD RSS TOTAL_VM
ffff8003d65c9300 ffff8000d4055600 5696k 16576k
MM PGD RSS TOTAL_VM
ffff8003d65c9840 ffff8000d4051800 1664k 2560k
MM PGD RSS TOTAL_VM
ffff8003d60a8340 ffff8003dcb7fa00 10944k 303552k
MM PGD RSS TOTAL_VM
ffff8003d65c8880 ffff8000d4052c00 19456k 353600k
MM PGD RSS TOTAL_VM
ffff8003d61ab7c0 ffff8003dc86b800 4864k 14016k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8003d60a8340 ffff8003dcb7fa00 10944k 303552k
MM PGD RSS TOTAL_VM
ffff8003d60a8340 ffff8003dcb7fa00 10944k 303552k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8003d61ab7c0 ffff8003dc86b800 4864k 14016k
MM PGD RSS TOTAL_VM
ffff8000c403b7c0 ffff8003d6597800 4928k 5888k
MM PGD RSS TOTAL_VM
ffff8003d59db7c0 ffff8003dcd18600 4352k 5248k
MM PGD RSS TOTAL_VM
ffff8003d61ead40 ffff8003d4107400 3776k 5760k
MM PGD RSS TOTAL_VM
ffff8000c403ad40 ffff8003d6592000 4224k 5120k
MM PGD RSS TOTAL_VM
ffff8003d60a78c0 ffff8003dcb72600 2496k 109888k
MM PGD RSS TOTAL_VM
ffff8003d61a8880 ffff8003dc86b200 2176k 109888k
MM PGD RSS TOTAL_VM
ffff8003d65c8880 ffff8000d4052c00 19456k 353600k
MM PGD RSS TOTAL_VM
ffff8003d65c8880 ffff8000d4052c00 19456k 353600k
...
Dave
----- Original Message -----
----- Original Message -----
> > Adds ARM64 support for 3-level page tables with 64K pages and 48 VA bits.
>
> Nicely done, Jim. Queued for crash-7.1.5:
>
>
https://github.com/crash-utility/crash/commit/ab91852f945bfecfa0bca6a4225...
>
> Thanks,
> Dave
>
Hi Jim,
I just noticed today that your 3-level 64K patch does not work for user
virtual address space.
I haven't looked too deeply into it, but for example on a live system, all
user virtual address
vtop operations fail, all disk-backed user memory space shows the "FILE:"
backing, and the
anonymous space shows "(not mapped)":
crash> help -m | grep VM
flags: 10400069
(KSYMS_START|VM_L3_64K|VMEMMAP|KDUMP_ENABLED|IRQ_STACKS|MACHDEP_BT_TEXT)
crash> sys | grep RELEASE
RELEASE: 4.5.0-0.38.el7.aarch64
crash> set
PID: 1212
COMMAND: "crash"
TASK: ffff8003d74f3f00 [THREAD_INFO: ffff8003d7454000]
CPU: 1
STATE: TASK_RUNNING (ACTIVE)
crash> vm -p
PID: 1212 TASK: ffff8003d74f3f00 CPU: 1 COMMAND: "crash"
MM PGD RSS TOTAL_VM
ffff8000c40363c0 ffff8003db6a9200 211904k 355264k
VMA START END FLAGS FILE
ffff8003de746d40 400000 a00000 875 /root/crash.git/crash
VIRTUAL PHYSICAL
400000 FILE: /root/crash.git/crash OFFSET: 0
410000 FILE: /root/crash.git/crash OFFSET: 10000
420000 FILE: /root/crash.git/crash OFFSET: 20000
430000 FILE: /root/crash.git/crash OFFSET: 30000
440000 FILE: /root/crash.git/crash OFFSET: 40000
450000 FILE: /root/crash.git/crash OFFSET: 50000
... [ cut ] ...
VMA START END FLAGS FILE
ffff8003de745d70 a50000 b00000 100073
VIRTUAL PHYSICAL
a50000 (not mapped)
a60000 (not mapped)
a70000 (not mapped)
a80000 (not mapped)
a90000 (not mapped)
aa0000 (not mapped)
ab0000 (not mapped)
ac0000 (not mapped)
...
In all cases, the PGD value reads as 0 and therefore fails:
crash> vtop 400000
VIRTUAL PHYSICAL
400000 (not mapped)
PAGE DIRECTORY: ffff8003db6a9200
PGD: ffff8003db6a9200 => 0
VMA START END FLAGS FILE
ffff8003de746d40 400000 a00000 875 /root/crash.git/crash
FILE: /root/crash.git/crash OFFSET: 0
crash>
That is the correct PGD address, and when read, it looks like a valid PTE:
crash> rd ffff8003db6a9200
ffff8003db6a9200: 00000043dee60003 ....C...
crash>
vmalloc() addresses translate just fine, and since they use the same
function,
I'm not sure what's going on? Did you ever check user-space translations?
Thanks,
Dave
>
>
> > ---
> > arm64.c | 126
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------
> > defs.h | 28 +++++++++++----
> > 2 files changed, 133 insertions(+), 21 deletions(-)
> >
> > diff --git a/arm64.c b/arm64.c
> > index f6ea7a1..d1c9c3e 100644
> > --- a/arm64.c
> > +++ b/arm64.c
> > @@ -34,6 +34,7 @@ static void arm64_init_kernel_pgd(void);
> > static int arm64_kvtop(struct task_context *, ulong, physaddr_t *, int);
> > static int arm64_uvtop(struct task_context *, ulong, physaddr_t *, int);
> > static int arm64_vtop_2level_64k(ulong, ulong, physaddr_t *, int);
> > +static int arm64_vtop_3level_64k(ulong, ulong, physaddr_t *, int);
> > static int arm64_vtop_3level_4k(ulong, ulong, physaddr_t *, int);
> > static ulong arm64_get_task_pgd(ulong);
> > static void arm64_irq_stack_init(void);
> > @@ -188,15 +189,29 @@ arm64_init(int when)
> > break;
> >
> > case 65536:
> > - machdep->flags |= VM_L2_64K;
> > - machdep->ptrs_per_pgd = PTRS_PER_PGD_L2_64K;
> > - if ((machdep->pgd =
> > - (char *)malloc(PTRS_PER_PGD_L2_64K * 8)) == NULL)
> > - error(FATAL, "cannot malloc pgd space.");
> > - if ((machdep->ptbl =
> > - (char *)malloc(PTRS_PER_PTE_L2_64K * 8)) == NULL)
> > - error(FATAL, "cannot malloc ptbl space.");
> > - machdep->pmd = NULL; /* not used */
> > + if (machdep->machspec->VA_BITS > PGDIR_SHIFT_L3_64K) {
> > + machdep->flags |= VM_L3_64K;
> > + machdep->ptrs_per_pgd = PTRS_PER_PGD_L3_64K;
> > + if ((machdep->pgd =
> > + (char *)malloc(PTRS_PER_PGD_L3_64K * 8)) == NULL)
> > + error(FATAL, "cannot malloc pgd space.");
> > + if ((machdep->pmd =
> > + (char *)malloc(PTRS_PER_PMD_L3_64K * 8)) == NULL)
> > + error(FATAL, "cannot malloc pmd space.");
> > + if ((machdep->ptbl =
> > + (char *)malloc(PTRS_PER_PTE_L3_64K * 8)) == NULL)
> > + error(FATAL, "cannot malloc ptbl space.");
> > + } else {
> > + machdep->flags |= VM_L2_64K;
> > + machdep->ptrs_per_pgd = PTRS_PER_PGD_L2_64K;
> > + if ((machdep->pgd =
> > + (char *)malloc(PTRS_PER_PGD_L2_64K * 8)) == NULL)
> > + error(FATAL, "cannot malloc pgd space.");
> > + if ((machdep->ptbl =
> > + (char *)malloc(PTRS_PER_PTE_L2_64K * 8)) == NULL)
> > + error(FATAL, "cannot malloc ptbl space.");
> > + machdep->pmd = NULL; /* not used */
> > + }
> > machdep->pud = NULL; /* not used */
> > break;
> >
> > @@ -379,6 +394,8 @@ arm64_dump_machdep_table(ulong arg)
> > fprintf(fp, "%sPHYS_OFFSET", others++ ? "|" :
"");
> > if (machdep->flags & VM_L2_64K)
> > fprintf(fp, "%sVM_L2_64K", others++ ? "|" :
"");
> > + if (machdep->flags & VM_L3_64K)
> > + fprintf(fp, "%sVM_L3_64K", others++ ? "|" :
"");
> > if (machdep->flags & VM_L3_4K)
> > fprintf(fp, "%sVM_L3_4K", others++ ? "|" :
"");
> > if (machdep->flags & VMEMMAP)
> > @@ -410,10 +427,14 @@ arm64_dump_machdep_table(ulong arg)
> > fprintf(fp, " processor_speed: arm64_processor_speed()\n");
> > fprintf(fp, " uvtop: arm64_uvtop()->%s()\n",
> > machdep->flags & VM_L3_4K ?
> > - "arm64_vtop_3level_4k" : "arm64_vtop_2level_64k");
> > + "arm64_vtop_3level_4k" :
> > + machdep->flags & VM_L3_64K ?
> > + "arm64_vtop_3level_64k" : "arm64_vtop_2level_64k");
> > fprintf(fp, " kvtop: arm64_kvtop()->%s()\n",
> > machdep->flags & VM_L3_4K ?
> > - "arm64_vtop_3level_4k" : "arm64_vtop_2level_64k");
> > + "arm64_vtop_3level_4k" :
> > + machdep->flags & VM_L3_64K ?
> > + "arm64_vtop_3level_64k" : "arm64_vtop_2level_64k");
> > fprintf(fp, " get_task_pgd: arm64_get_task_pgd()\n");
> > fprintf(fp, " dump_irq: generic_dump_irq()\n");
> > fprintf(fp, " get_stack_frame: arm64_get_stack_frame()\n");
> > @@ -719,10 +740,12 @@ arm64_kvtop(struct task_context *tc, ulong kvaddr,
> > physaddr_t *paddr, int verbos
> > kernel_pgd = vt->kernel_pgd[0];
> > *paddr = 0;
> >
> > - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> > + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> > {
> > case VM_L2_64K:
> > return arm64_vtop_2level_64k(kernel_pgd, kvaddr, paddr, verbose);
> > + case VM_L3_64K:
> > + return arm64_vtop_3level_64k(kernel_pgd, kvaddr, paddr, verbose);
> > case VM_L3_4K:
> > return arm64_vtop_3level_4k(kernel_pgd, kvaddr, paddr, verbose);
> > default:
> > @@ -740,10 +763,12 @@ arm64_uvtop(struct task_context *tc, ulong uvaddr,
> > physaddr_t *paddr, int verbos
> >
> > *paddr = 0;
> >
> > - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> > + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> > {
> > case VM_L2_64K:
> > return arm64_vtop_2level_64k(user_pgd, uvaddr, paddr, verbose);
> > + case VM_L3_64K:
> > + return arm64_vtop_3level_64k(user_pgd, uvaddr, paddr, verbose);
> > case VM_L3_4K:
> > return arm64_vtop_3level_4k(user_pgd, uvaddr, paddr, verbose);
> > default:
> > @@ -820,6 +845,78 @@ no_page:
> > return FALSE;
> > }
> >
> > +static int
> > +arm64_vtop_3level_64k(ulong pgd, ulong vaddr, physaddr_t *paddr, int
> > verbose)
> > +{
> > + ulong *pgd_base, *pgd_ptr, pgd_val;
> > + ulong *pmd_base, *pmd_ptr, pmd_val;
> > + ulong *pte_base, *pte_ptr, pte_val;
> > +
> > + if (verbose)
> > + fprintf(fp, "PAGE DIRECTORY: %lx\n", pgd);
> > +
> > + pgd_base = (ulong *)pgd;
> > + FILL_PGD(pgd_base, KVADDR, PTRS_PER_PGD_L3_64K * sizeof(ulong));
> > + pgd_ptr = pgd_base + (((vaddr) >> PGDIR_SHIFT_L3_64K) &
> > (PTRS_PER_PGD_L3_64K - 1));
> > + pgd_val = ULONG(machdep->pgd + PAGEOFFSET(pgd_ptr));
> > + if (verbose)
> > + fprintf(fp, " PGD: %lx => %lx\n",
(ulong)pgd_ptr,
> > pgd_val);
> > + if (!pgd_val)
> > + goto no_page;
> > +
> > + /*
> > + * #define __PAGETABLE_PUD_FOLDED
> > + */
> > +
> > + pmd_base = (ulong *)PTOV(pgd_val & PHYS_MASK &
(s32)machdep->pagemask);
> > + FILL_PMD(pmd_base, KVADDR, PTRS_PER_PMD_L3_64K * sizeof(ulong));
> > + pmd_ptr = pmd_base + (((vaddr) >> PMD_SHIFT_L3_64K) &
> > (PTRS_PER_PMD_L3_64K
> > - 1));
> > + pmd_val = ULONG(machdep->pmd + PAGEOFFSET(pmd_ptr));
> > + if (verbose)
> > + fprintf(fp, " PMD: %lx => %lx\n",
(ulong)pmd_ptr,
> > pmd_val);
> > + if (!pmd_val)
> > + goto no_page;
> > +
> > + if ((pmd_val & PMD_TYPE_MASK) == PMD_TYPE_SECT) {
> > + ulong sectionbase = (pmd_val & SECTION_PAGE_MASK_512MB) &
PHYS_MASK;
> > + if (verbose) {
> > + fprintf(fp, " PAGE: %lx (512MB)\n\n", sectionbase);
> > + arm64_translate_pte(pmd_val, 0, 0);
> > + }
> > + *paddr = sectionbase + (vaddr & ~SECTION_PAGE_MASK_512MB);
> > + return TRUE;
> > + }
> > +
> > + pte_base = (ulong *)PTOV(pmd_val & PHYS_MASK &
(s32)machdep->pagemask);
> > + FILL_PTBL(pte_base, KVADDR, PTRS_PER_PTE_L3_64K * sizeof(ulong));
> > + pte_ptr = pte_base + (((vaddr) >> machdep->pageshift) &
> > (PTRS_PER_PTE_L3_64K - 1));
> > + pte_val = ULONG(machdep->ptbl + PAGEOFFSET(pte_ptr));
> > + if (verbose)
> > + fprintf(fp, " PTE: %lx => %lx\n",
(ulong)pte_ptr,
> > pte_val);
> > + if (!pte_val)
> > + goto no_page;
> > +
> > + if (pte_val & PTE_VALID) {
> > + *paddr = (PAGEBASE(pte_val) & PHYS_MASK) + PAGEOFFSET(vaddr);
> > + if (verbose) {
> > + fprintf(fp, " PAGE: %lx\n\n", PAGEBASE(*paddr));
> > + arm64_translate_pte(pte_val, 0, 0);
> > + }
> > + } else {
> > + if (IS_UVADDR(vaddr, NULL))
> > + *paddr = pte_val;
> > + if (verbose) {
> > + fprintf(fp, "\n");
> > + arm64_translate_pte(pte_val, 0, 0);
> > + }
> > + goto no_page;
> > + }
> > +
> > + return TRUE;
> > +no_page:
> > + return FALSE;
> > +}
> > +
> > static int
> > arm64_vtop_3level_4k(ulong pgd, ulong vaddr, physaddr_t *paddr, int
> > verbose)
> > {
> > @@ -2348,9 +2445,10 @@ arm64_calc_virtual_memory_ranges(void)
> >
> > STRUCT_SIZE_INIT(page, "page");
> >
> > - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> > + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> > {
> > case VM_L2_64K:
> > + case VM_L3_64K:
> > PUD_SIZE = PGDIR_SIZE_L2_64K;
> > break;
> > case VM_L3_4K:
> > diff --git a/defs.h b/defs.h
> > index 56ae06c..d1b49d0 100644
> > --- a/defs.h
> > +++ b/defs.h
> > @@ -2815,7 +2815,7 @@ typedef u64 pte_t;
> >
> > typedef signed int s32;
> >
> > -/*
> > +/*
> > * 3-levels / 4K pages
> > */
> > #define PTRS_PER_PGD_L3_4K (512)
> > @@ -2823,10 +2823,23 @@ typedef signed int s32;
> > #define PTRS_PER_PTE_L3_4K (512)
> > #define PGDIR_SHIFT_L3_4K (30)
> > #define PGDIR_SIZE_L3_4K ((1UL) << PGDIR_SHIFT_L3_4K)
> > -#define PGDIR_MASK_L3 4K (~(PGDIR_SIZE_L3_4K-1))
> > +#define PGDIR_MASK_L3_4K (~(PGDIR_SIZE_L3_4K-1))
> > #define PMD_SHIFT_L3_4K (21)
> > -#define PMD_SIZE_L3_4K (1UL << PMD_SHIFT_4K)
> > -#define PMD_MASK_L3 4K (~(PMD_SIZE_4K-1))
> > +#define PMD_SIZE_L3_4K (1UL << PMD_SHIFT_L3_4K)
> > +#define PMD_MASK_L3_4K (~(PMD_SIZE_L3_4K-1))
> > +
> > +/*
> > + * 3-levels / 64K pages
> > + */
> > +#define PTRS_PER_PGD_L3_64K (64)
> > +#define PTRS_PER_PMD_L3_64K (8192)
> > +#define PTRS_PER_PTE_L3_64K (8192)
> > +#define PGDIR_SHIFT_L3_64K (42)
> > +#define PGDIR_SIZE_L3_64K ((1UL) << PGDIR_SHIFT_L3_64K)
> > +#define PGDIR_MASK_L3_64K (~(PGDIR_SIZE_L3_64K-1))
> > +#define PMD_SHIFT_L3_64K (29)
> > +#define PMD_SIZE_L3_64K (1UL << PMD_SHIFT_L3_64K)
> > +#define PMD_MASK_L3_64K (~(PMD_SIZE_L3_64K-1))
> >
> > /*
> > * 2-levels / 64K pages
> > @@ -2868,9 +2881,10 @@ typedef signed int s32;
> > #define KSYMS_START (0x1)
> > #define PHYS_OFFSET (0x2)
> > #define VM_L2_64K (0x4)
> > -#define VM_L3_4K (0x8)
> > -#define KDUMP_ENABLED (0x10)
> > -#define IRQ_STACKS (0x20)
> > +#define VM_L3_64K (0x8)
> > +#define VM_L3_4K (0x10)
> > +#define KDUMP_ENABLED (0x20)
> > +#define IRQ_STACKS (0x40)
> >
> > /*
> > * sources: Documentation/arm64/memory.txt
> > --
> > 2.1.4
> >
> > --
> > Crash-utility mailing list
> > Crash-utility redhat com
> > https://www.redhat.com/mailman/listinfo/crash-utility
> >
10:34 a.m.
New subject: [PATCH] ARM64 support for 3-level page tables with 64K pages
----- Original Message -----
Hi Jim,
The problem looks to be the use of PAGEOFFSET() into the 512-byte pgd used
for 3-level/64K-pages:
I've committed a fix for crash-7.1.6:
https://github.com/crash-utility/crash/commit/ac080651b6fc0e3c8c67d698762...
Fix for the introduction of ARM64 support for 64K pages with 3-level
page tables in crash-7.1.5, which fails to translate user space
virtual addresses. Without the patch, "vtop <user-space address>"
fails to translate all user-space addresses, and any command that
needs to either translate or read user-space memory, such as "vm -p",
"ps -a", and "rd -u" will fail.
(anderson(a)redhat.com)
Dave
static int
arm64_vtop_3level_64k(ulong pgd, ulong vaddr, physaddr_t *paddr, int verbose)
{
ulong *pgd_base, *pgd_ptr, pgd_val;
ulong *pmd_base, *pmd_ptr, pmd_val;
ulong *pte_base, *pte_ptr, pte_val;
if (verbose)
fprintf(fp, "PAGE DIRECTORY: %lx\n", pgd);
pgd_base = (ulong *)pgd;
FILL_PGD(pgd_base, KVADDR, PTRS_PER_PGD_L3_64K * sizeof(ulong));
pgd_ptr = pgd_base + (((vaddr) >> PGDIR_SHIFT_L3_64K) &
(PTRS_PER_PGD_L3_64K - 1));
pgd_val = ULONG(machdep->pgd + PAGEOFFSET(pgd_ptr));
^^^^^^^^^^^^^^^^^^
For kernel vmalloc addresses, the kernel's "swapper_pg_dir" is used, which
has a base
address that's aligned on a 64k page boundary. So PAGEOFFSET() works as an
index.
But for user-space addresses, the mm_struct->pgd is not 64K page aligned so
the
use of PAGEOFFSET() calculates an address that's goes way beyond the end of
the
512-byte aligned pgd:
crash> for user vm -p | grep -e PGD -e "k "
MM PGD RSS TOTAL_VM
ffff8003d61ec240 ffff8003d5b12c00 11904k 12992k
MM PGD RSS TOTAL_VM
ffff8003d60aec40 ffff8003dcb7ca00 4864k 88448k
MM PGD RSS TOTAL_VM
ffff8000dbf1dc80 ffff8003d69bca00 8704k 92928k
MM PGD RSS TOTAL_VM
ffff8000dbf1e700 ffff8003d69b4a00 8768k 17536k
MM PGD RSS TOTAL_VM
ffff8003d65c9300 ffff8000d4055600 5696k 16576k
MM PGD RSS TOTAL_VM
ffff8003d65c9300 ffff8000d4055600 5696k 16576k
MM PGD RSS TOTAL_VM
ffff8003d65c9840 ffff8000d4051800 1664k 2560k
MM PGD RSS TOTAL_VM
ffff8003d60a8340 ffff8003dcb7fa00 10944k 303552k
MM PGD RSS TOTAL_VM
ffff8003d65c8880 ffff8000d4052c00 19456k 353600k
MM PGD RSS TOTAL_VM
ffff8003d61ab7c0 ffff8003dc86b800 4864k 14016k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8003d60a8340 ffff8003dcb7fa00 10944k 303552k
MM PGD RSS TOTAL_VM
ffff8003d60a8340 ffff8003dcb7fa00 10944k 303552k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8000dbf18340 ffff8003d69b1400 7424k 157632k
MM PGD RSS TOTAL_VM
ffff8003d61ab7c0 ffff8003dc86b800 4864k 14016k
MM PGD RSS TOTAL_VM
ffff8000c403b7c0 ffff8003d6597800 4928k 5888k
MM PGD RSS TOTAL_VM
ffff8003d59db7c0 ffff8003dcd18600 4352k 5248k
MM PGD RSS TOTAL_VM
ffff8003d61ead40 ffff8003d4107400 3776k 5760k
MM PGD RSS TOTAL_VM
ffff8000c403ad40 ffff8003d6592000 4224k 5120k
MM PGD RSS TOTAL_VM
ffff8003d60a78c0 ffff8003dcb72600 2496k 109888k
MM PGD RSS TOTAL_VM
ffff8003d61a8880 ffff8003dc86b200 2176k 109888k
MM PGD RSS TOTAL_VM
ffff8003d65c8880 ffff8000d4052c00 19456k 353600k
MM PGD RSS TOTAL_VM
ffff8003d65c8880 ffff8000d4052c00 19456k 353600k
...
Dave
----- Original Message -----
>
> ----- Original Message -----
> > > Adds ARM64 support for 3-level page tables with 64K pages and 48 VA
> > > bits.
> >
> > Nicely done, Jim. Queued for crash-7.1.5:
> >
> >
https://github.com/crash-utility/crash/commit/ab91852f945bfecfa0bca6a4225...
> >
> > Thanks,
> > Dave
> >
>
> Hi Jim,
>
> I just noticed today that your 3-level 64K patch does not work for user
> virtual address space.
> I haven't looked too deeply into it, but for example on a live system, all
> user virtual address
> vtop operations fail, all disk-backed user memory space shows the "FILE:"
> backing, and the
> anonymous space shows "(not mapped)":
>
> crash> help -m | grep VM
> flags: 10400069
>
(KSYMS_START|VM_L3_64K|VMEMMAP|KDUMP_ENABLED|IRQ_STACKS|MACHDEP_BT_TEXT)
> crash> sys | grep RELEASE
> RELEASE: 4.5.0-0.38.el7.aarch64
> crash> set
> PID: 1212
> COMMAND: "crash"
> TASK: ffff8003d74f3f00 [THREAD_INFO: ffff8003d7454000]
> CPU: 1
> STATE: TASK_RUNNING (ACTIVE)
> crash> vm -p
> PID: 1212 TASK: ffff8003d74f3f00 CPU: 1 COMMAND: "crash"
> MM PGD RSS TOTAL_VM
> ffff8000c40363c0 ffff8003db6a9200 211904k 355264k
> VMA START END FLAGS FILE
> ffff8003de746d40 400000 a00000 875 /root/crash.git/crash
> VIRTUAL PHYSICAL
> 400000 FILE: /root/crash.git/crash OFFSET: 0
> 410000 FILE: /root/crash.git/crash OFFSET: 10000
> 420000 FILE: /root/crash.git/crash OFFSET: 20000
> 430000 FILE: /root/crash.git/crash OFFSET: 30000
> 440000 FILE: /root/crash.git/crash OFFSET: 40000
> 450000 FILE: /root/crash.git/crash OFFSET: 50000
> ... [ cut ] ...
> VMA START END FLAGS FILE
> ffff8003de745d70 a50000 b00000 100073
> VIRTUAL PHYSICAL
> a50000 (not mapped)
> a60000 (not mapped)
> a70000 (not mapped)
> a80000 (not mapped)
> a90000 (not mapped)
> aa0000 (not mapped)
> ab0000 (not mapped)
> ac0000 (not mapped)
> ...
>
> In all cases, the PGD value reads as 0 and therefore fails:
>
> crash> vtop 400000
> VIRTUAL PHYSICAL
> 400000 (not mapped)
>
> PAGE DIRECTORY: ffff8003db6a9200
> PGD: ffff8003db6a9200 => 0
>
> VMA START END FLAGS FILE
> ffff8003de746d40 400000 a00000 875 /root/crash.git/crash
>
> FILE: /root/crash.git/crash OFFSET: 0
>
> crash>
>
> That is the correct PGD address, and when read, it looks like a valid PTE:
>
> crash> rd ffff8003db6a9200
> ffff8003db6a9200: 00000043dee60003 ....C...
> crash>
>
> vmalloc() addresses translate just fine, and since they use the same
> function,
> I'm not sure what's going on? Did you ever check user-space translations?
>
> Thanks,
> Dave
>
>
>
> >
> >
> > > ---
> > > arm64.c | 126
> > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------
> > > defs.h | 28 +++++++++++----
> > > 2 files changed, 133 insertions(+), 21 deletions(-)
> > >
> > > diff --git a/arm64.c b/arm64.c
> > > index f6ea7a1..d1c9c3e 100644
> > > --- a/arm64.c
> > > +++ b/arm64.c
> > > @@ -34,6 +34,7 @@ static void arm64_init_kernel_pgd(void);
> > > static int arm64_kvtop(struct task_context *, ulong, physaddr_t *,
> > > int);
> > > static int arm64_uvtop(struct task_context *, ulong, physaddr_t *,
> > > int);
> > > static int arm64_vtop_2level_64k(ulong, ulong, physaddr_t *, int);
> > > +static int arm64_vtop_3level_64k(ulong, ulong, physaddr_t *, int);
> > > static int arm64_vtop_3level_4k(ulong, ulong, physaddr_t *, int);
> > > static ulong arm64_get_task_pgd(ulong);
> > > static void arm64_irq_stack_init(void);
> > > @@ -188,15 +189,29 @@ arm64_init(int when)
> > > break;
> > >
> > > case 65536:
> > > - machdep->flags |= VM_L2_64K;
> > > - machdep->ptrs_per_pgd = PTRS_PER_PGD_L2_64K;
> > > - if ((machdep->pgd =
> > > - (char *)malloc(PTRS_PER_PGD_L2_64K * 8)) == NULL)
> > > - error(FATAL, "cannot malloc pgd space.");
> > > - if ((machdep->ptbl =
> > > - (char *)malloc(PTRS_PER_PTE_L2_64K * 8)) == NULL)
> > > - error(FATAL, "cannot malloc ptbl space.");
> > > - machdep->pmd = NULL; /* not used */
> > > + if (machdep->machspec->VA_BITS > PGDIR_SHIFT_L3_64K) {
> > > + machdep->flags |= VM_L3_64K;
> > > + machdep->ptrs_per_pgd = PTRS_PER_PGD_L3_64K;
> > > + if ((machdep->pgd =
> > > + (char *)malloc(PTRS_PER_PGD_L3_64K * 8)) == NULL)
> > > + error(FATAL, "cannot malloc pgd space.");
> > > + if ((machdep->pmd =
> > > + (char *)malloc(PTRS_PER_PMD_L3_64K * 8)) == NULL)
> > > + error(FATAL, "cannot malloc pmd space.");
> > > + if ((machdep->ptbl =
> > > + (char *)malloc(PTRS_PER_PTE_L3_64K * 8)) == NULL)
> > > + error(FATAL, "cannot malloc ptbl space.");
> > > + } else {
> > > + machdep->flags |= VM_L2_64K;
> > > + machdep->ptrs_per_pgd = PTRS_PER_PGD_L2_64K;
> > > + if ((machdep->pgd =
> > > + (char *)malloc(PTRS_PER_PGD_L2_64K * 8)) == NULL)
> > > + error(FATAL, "cannot malloc pgd space.");
> > > + if ((machdep->ptbl =
> > > + (char *)malloc(PTRS_PER_PTE_L2_64K * 8)) == NULL)
> > > + error(FATAL, "cannot malloc ptbl space.");
> > > + machdep->pmd = NULL; /* not used */
> > > + }
> > > machdep->pud = NULL; /* not used */
> > > break;
> > >
> > > @@ -379,6 +394,8 @@ arm64_dump_machdep_table(ulong arg)
> > > fprintf(fp, "%sPHYS_OFFSET", others++ ? "|" :
"");
> > > if (machdep->flags & VM_L2_64K)
> > > fprintf(fp, "%sVM_L2_64K", others++ ? "|" :
"");
> > > + if (machdep->flags & VM_L3_64K)
> > > + fprintf(fp, "%sVM_L3_64K", others++ ? "|" :
"");
> > > if (machdep->flags & VM_L3_4K)
> > > fprintf(fp, "%sVM_L3_4K", others++ ? "|" :
"");
> > > if (machdep->flags & VMEMMAP)
> > > @@ -410,10 +427,14 @@ arm64_dump_machdep_table(ulong arg)
> > > fprintf(fp, " processor_speed:
arm64_processor_speed()\n");
> > > fprintf(fp, " uvtop: arm64_uvtop()->%s()\n",
> > > machdep->flags & VM_L3_4K ?
> > > - "arm64_vtop_3level_4k" : "arm64_vtop_2level_64k");
> > > + "arm64_vtop_3level_4k" :
> > > + machdep->flags & VM_L3_64K ?
> > > + "arm64_vtop_3level_64k" :
"arm64_vtop_2level_64k");
> > > fprintf(fp, " kvtop: arm64_kvtop()->%s()\n",
> > > machdep->flags & VM_L3_4K ?
> > > - "arm64_vtop_3level_4k" : "arm64_vtop_2level_64k");
> > > + "arm64_vtop_3level_4k" :
> > > + machdep->flags & VM_L3_64K ?
> > > + "arm64_vtop_3level_64k" :
"arm64_vtop_2level_64k");
> > > fprintf(fp, " get_task_pgd: arm64_get_task_pgd()\n");
> > > fprintf(fp, " dump_irq: generic_dump_irq()\n");
> > > fprintf(fp, " get_stack_frame:
arm64_get_stack_frame()\n");
> > > @@ -719,10 +740,12 @@ arm64_kvtop(struct task_context *tc, ulong
> > > kvaddr,
> > > physaddr_t *paddr, int verbos
> > > kernel_pgd = vt->kernel_pgd[0];
> > > *paddr = 0;
> > >
> > > - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> > > + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> > > {
> > > case VM_L2_64K:
> > > return arm64_vtop_2level_64k(kernel_pgd, kvaddr, paddr, verbose);
> > > + case VM_L3_64K:
> > > + return arm64_vtop_3level_64k(kernel_pgd, kvaddr, paddr, verbose);
> > > case VM_L3_4K:
> > > return arm64_vtop_3level_4k(kernel_pgd, kvaddr, paddr, verbose);
> > > default:
> > > @@ -740,10 +763,12 @@ arm64_uvtop(struct task_context *tc, ulong
> > > uvaddr,
> > > physaddr_t *paddr, int verbos
> > >
> > > *paddr = 0;
> > >
> > > - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> > > + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> > > {
> > > case VM_L2_64K:
> > > return arm64_vtop_2level_64k(user_pgd, uvaddr, paddr, verbose);
> > > + case VM_L3_64K:
> > > + return arm64_vtop_3level_64k(user_pgd, uvaddr, paddr, verbose);
> > > case VM_L3_4K:
> > > return arm64_vtop_3level_4k(user_pgd, uvaddr, paddr, verbose);
> > > default:
> > > @@ -820,6 +845,78 @@ no_page:
> > > return FALSE;
> > > }
> > >
> > > +static int
> > > +arm64_vtop_3level_64k(ulong pgd, ulong vaddr, physaddr_t *paddr, int
> > > verbose)
> > > +{
> > > + ulong *pgd_base, *pgd_ptr, pgd_val;
> > > + ulong *pmd_base, *pmd_ptr, pmd_val;
> > > + ulong *pte_base, *pte_ptr, pte_val;
> > > +
> > > + if (verbose)
> > > + fprintf(fp, "PAGE DIRECTORY: %lx\n", pgd);
> > > +
> > > + pgd_base = (ulong *)pgd;
> > > + FILL_PGD(pgd_base, KVADDR, PTRS_PER_PGD_L3_64K * sizeof(ulong));
> > > + pgd_ptr = pgd_base + (((vaddr) >> PGDIR_SHIFT_L3_64K) &
> > > (PTRS_PER_PGD_L3_64K - 1));
> > > + pgd_val = ULONG(machdep->pgd + PAGEOFFSET(pgd_ptr));
> > > + if (verbose)
> > > + fprintf(fp, " PGD: %lx => %lx\n",
(ulong)pgd_ptr,
> > > pgd_val);
> > > + if (!pgd_val)
> > > + goto no_page;
> > > +
> > > + /*
> > > + * #define __PAGETABLE_PUD_FOLDED
> > > + */
> > > +
> > > + pmd_base = (ulong *)PTOV(pgd_val & PHYS_MASK &
> > > (s32)machdep->pagemask);
> > > + FILL_PMD(pmd_base, KVADDR, PTRS_PER_PMD_L3_64K * sizeof(ulong));
> > > + pmd_ptr = pmd_base + (((vaddr) >> PMD_SHIFT_L3_64K) &
> > > (PTRS_PER_PMD_L3_64K
> > > - 1));
> > > + pmd_val = ULONG(machdep->pmd + PAGEOFFSET(pmd_ptr));
> > > + if (verbose)
> > > + fprintf(fp, " PMD: %lx => %lx\n",
(ulong)pmd_ptr,
> > > pmd_val);
> > > + if (!pmd_val)
> > > + goto no_page;
> > > +
> > > + if ((pmd_val & PMD_TYPE_MASK) == PMD_TYPE_SECT) {
> > > + ulong sectionbase = (pmd_val & SECTION_PAGE_MASK_512MB) &
PHYS_MASK;
> > > + if (verbose) {
> > > + fprintf(fp, " PAGE: %lx (512MB)\n\n", sectionbase);
> > > + arm64_translate_pte(pmd_val, 0, 0);
> > > + }
> > > + *paddr = sectionbase + (vaddr & ~SECTION_PAGE_MASK_512MB);
> > > + return TRUE;
> > > + }
> > > +
> > > + pte_base = (ulong *)PTOV(pmd_val & PHYS_MASK &
> > > (s32)machdep->pagemask);
> > > + FILL_PTBL(pte_base, KVADDR, PTRS_PER_PTE_L3_64K * sizeof(ulong));
> > > + pte_ptr = pte_base + (((vaddr) >> machdep->pageshift) &
> > > (PTRS_PER_PTE_L3_64K - 1));
> > > + pte_val = ULONG(machdep->ptbl + PAGEOFFSET(pte_ptr));
> > > + if (verbose)
> > > + fprintf(fp, " PTE: %lx => %lx\n",
(ulong)pte_ptr,
> > > pte_val);
> > > + if (!pte_val)
> > > + goto no_page;
> > > +
> > > + if (pte_val & PTE_VALID) {
> > > + *paddr = (PAGEBASE(pte_val) & PHYS_MASK) + PAGEOFFSET(vaddr);
> > > + if (verbose) {
> > > + fprintf(fp, " PAGE: %lx\n\n", PAGEBASE(*paddr));
> > > + arm64_translate_pte(pte_val, 0, 0);
> > > + }
> > > + } else {
> > > + if (IS_UVADDR(vaddr, NULL))
> > > + *paddr = pte_val;
> > > + if (verbose) {
> > > + fprintf(fp, "\n");
> > > + arm64_translate_pte(pte_val, 0, 0);
> > > + }
> > > + goto no_page;
> > > + }
> > > +
> > > + return TRUE;
> > > +no_page:
> > > + return FALSE;
> > > +}
> > > +
> > > static int
> > > arm64_vtop_3level_4k(ulong pgd, ulong vaddr, physaddr_t *paddr, int
> > > verbose)
> > > {
> > > @@ -2348,9 +2445,10 @@ arm64_calc_virtual_memory_ranges(void)
> > >
> > > STRUCT_SIZE_INIT(page, "page");
> > >
> > > - switch (machdep->flags & (VM_L2_64K|VM_L3_4K))
> > > + switch (machdep->flags & (VM_L2_64K|VM_L3_64K|VM_L3_4K))
> > > {
> > > case VM_L2_64K:
> > > + case VM_L3_64K:
> > > PUD_SIZE = PGDIR_SIZE_L2_64K;
> > > break;
> > > case VM_L3_4K:
> > > diff --git a/defs.h b/defs.h
> > > index 56ae06c..d1b49d0 100644
> > > --- a/defs.h
> > > +++ b/defs.h
> > > @@ -2815,7 +2815,7 @@ typedef u64 pte_t;
> > >
> > > typedef signed int s32;
> > >
> > > -/*
> > > +/*
> > > * 3-levels / 4K pages
> > > */
> > > #define PTRS_PER_PGD_L3_4K (512)
> > > @@ -2823,10 +2823,23 @@ typedef signed int s32;
> > > #define PTRS_PER_PTE_L3_4K (512)
> > > #define PGDIR_SHIFT_L3_4K (30)
> > > #define PGDIR_SIZE_L3_4K ((1UL) << PGDIR_SHIFT_L3_4K)
> > > -#define PGDIR_MASK_L3 4K (~(PGDIR_SIZE_L3_4K-1))
> > > +#define PGDIR_MASK_L3_4K (~(PGDIR_SIZE_L3_4K-1))
> > > #define PMD_SHIFT_L3_4K (21)
> > > -#define PMD_SIZE_L3_4K (1UL << PMD_SHIFT_4K)
> > > -#define PMD_MASK_L3 4K (~(PMD_SIZE_4K-1))
> > > +#define PMD_SIZE_L3_4K (1UL << PMD_SHIFT_L3_4K)
> > > +#define PMD_MASK_L3_4K (~(PMD_SIZE_L3_4K-1))
> > > +
> > > +/*
> > > + * 3-levels / 64K pages
> > > + */
> > > +#define PTRS_PER_PGD_L3_64K (64)
> > > +#define PTRS_PER_PMD_L3_64K (8192)
> > > +#define PTRS_PER_PTE_L3_64K (8192)
> > > +#define PGDIR_SHIFT_L3_64K (42)
> > > +#define PGDIR_SIZE_L3_64K ((1UL) << PGDIR_SHIFT_L3_64K)
> > > +#define PGDIR_MASK_L3_64K (~(PGDIR_SIZE_L3_64K-1))
> > > +#define PMD_SHIFT_L3_64K (29)
> > > +#define PMD_SIZE_L3_64K (1UL << PMD_SHIFT_L3_64K)
> > > +#define PMD_MASK_L3_64K (~(PMD_SIZE_L3_64K-1))
> > >
> > > /*
> > > * 2-levels / 64K pages
> > > @@ -2868,9 +2881,10 @@ typedef signed int s32;
> > > #define KSYMS_START (0x1)
> > > #define PHYS_OFFSET (0x2)
> > > #define VM_L2_64K (0x4)
> > > -#define VM_L3_4K (0x8)
> > > -#define KDUMP_ENABLED (0x10)
> > > -#define IRQ_STACKS (0x20)
> > > +#define VM_L3_64K (0x8)
> > > +#define VM_L3_4K (0x10)
> > > +#define KDUMP_ENABLED (0x20)
> > > +#define IRQ_STACKS (0x40)
> > >
> > > /*
> > > * sources: Documentation/arm64/memory.txt
> > > --
> > > 2.1.4
> > >
> > > --
> > > Crash-utility mailing list
> > > Crash-utility redhat com
> > > https://www.redhat.com/mailman/listinfo/crash-utility
> > >
3:56 p.m.
On Mon, 2016-06-13 at 11:30 -0400, Dave Anderson wrote:
----- Original Message -----
> Dave,
>
> On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> > Hi Takahiro,
> >
> > To address my concerns about your patch, I added a few additional changes and
attached
> > it to this email. The changes are:
> >
> > (1) Prevent the stack dump "below" the #0 level. Yes, the stack data
region is contained within
> > the incoming frame parameters, but it's ugly and we really don't
care to see what's before
> > the #0 crash_kexec and crash_save_cpu #0 frames.
> > (2) Fill in the missing stack dump at the top of the process stack, up to, but
not including
> > the user-space exception frame.
> > (3) Instead of showing the fp of 0 in the top-most frame's stack address,
fill it in with the
> > address of the user-space exception frame.
> >
> > Note that there is no dump of the stack containing the user-space exception
frame, but the
> > register dump itself should suffice.
>
> Well, the essential problem with my patch is that the output from "bt -f"
> looks like:
> #XX ['fp'] 'function' at 'pc' --- (1)
> <function's stack dump> --- (2)
> but that (1) and (2) are not printed as a single stack frame in the same
> iteration of while loop in arm64_back_trace_cmd().
> (I hope you understand what I mean :)
Actually I prefer your first approach. I find this new one confusing, not
to mention unlike any of the other architectures in that the "frame level"
#X address value is not contiguous with the stack addresses that get filled
in by -f.
Taking your picture into account:
stack grows to lower addresses.
/|\
|
| |
new sp +------+ <---
|dyn | |
| vars | |
new fp +- - - + |
|old fp| | a function's stack frame
|old lr| |
|static| |
| vars| |
old sp +------+ <---
|dyn |
| vars |
old fp +------+
| |
Your first patch seemed natural to me because for any "#X" line containing a
function
name, that function's dynamic variables, the "old fp/old lr" pair, and the
function's
static variables were dumped below it (i.e., at higher stack addresses).
> To be consistent with the out format of x86, the output should be
> <function's stack dump>
> #XX ['fp'] 'function' at 'pc'
>
> Unfortunately, this requires that arm64_back_trace_cmd() and other functions should
be overhauled.
> Please take a look at my next patch though it is uncompleted and still has room for
improvement.
I don't know what you mean by "consistent with the out format of x86"?
With x86_64,
each #<level> line is simply the stack address where the function pushed its
return
address as a result of its making a "callq" to the next function. Any local
variables of
the calling function would be at the next higher stack addresses:
I've been confused by the address in []'s on arm64. Is this supposed to
be the stack address where the return address is stored, or does it vary
by arch?
On x86_64 (crash-7.1.4-1.el6_6):
crash> bt | grep " vfs_read at "
#5 [ffff89b6e510ff08] vfs_read at ffffffff811dea1c
crash> rd ffff89b6e510ff08
ffff89b6e510ff08: ffffffff811dea1c ........
On arm64 (crash-7.1.5-1.el7.aarch64) this isn't the case:
crash> bt | grep " vfs_read at "
#7 [ffff80015b93fdb0] vfs_read at ffff800000236b0c
crash> rd ffff80015b93fdb0
ffff80015b93fdb0: ffff80015c92e100 ...\....
...
#X [stack address] function2 at 'return address'
<function2's local variables>
#Y [stack address] function1 at 'return address'
<functions1's local variables>
...
So for digging out local stack variables associated with a function, it's a simple
matter of looking "below" it in the "bt -f" output.
Dave
> Thanks,
> -Takahiro AKASHI
>
>
> > If you can live with the display, I'll clean up the patch, and maybe add
> > the stack-layout diagram
> > from your last post into a comment. It was quite helpful, especially in
> > comparison to the
> > x86_64 model, which is what I was mistakenly using as a guide.
> >
> > Thanks,
> > Dave
> >
> >
> >
>
> > diff --git a/arm64.c b/arm64.c
> > index 86ec348..3b29ef4 100644
> > --- a/arm64.c
> > +++ b/arm64.c
> > @@ -1407,13 +1407,14 @@ arm64_print_stackframe_entry(struct bt_info *bt,
> > int level, struct arm64_stackfr
> > value_to_symstr(frame->pc, buf,
> > bt->radix);
> > }
> >
> > - if (bt->flags & BT_FULL) {
> > - arm64_display_full_frame(bt, frame->sp);
> > - bt->frameptr = frame->sp;
> > + if ((bt->flags & BT_FULL) && level) {
> > + arm64_display_full_frame(bt, frame->fp);
> > + bt->frameptr = frame->fp;
> > }
> >
> > fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ?
" " : "",
> > level,
> > - frame->sp, name_plus_offset ? name_plus_offset : name,
> > frame->pc);
> > +// frame->fp, name_plus_offset ? name_plus_offset : name,
> > frame->pc);
> > + frame->fp ? frame->fp : bt->stacktop -
USER_EFRAME_OFFSET,
> > name_plus_offset ? name_plus_offset : name, frame->pc);
> >
> > if (BT_REFERENCE_CHECK(bt))
> > arm64_do_bt_reference_check(bt, frame->pc, name);
> > @@ -1447,8 +1448,12 @@ arm64_display_full_frame(struct bt_info *bt, ulong
> > sp)
> > if (bt->frameptr == sp)
> > return;
> >
> > - if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt))
> > - return;
> > + if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt)) {
> > + if (sp == 0)
> > + sp = bt->stacktop - USER_EFRAME_OFFSET;
> > + else
> > + return;
> > + }
> >
> > words = (sp - bt->frameptr) / sizeof(ulong);
> >
> > @@ -1471,12 +1476,10 @@ arm64_unwind_frame(struct bt_info *bt, struct
> > arm64_stackframe *frame)
> > {
> > unsigned long high, low, fp;
> > unsigned long stack_mask;
> > - unsigned long irq_stack_ptr, orig_sp, sp_in;
> > + unsigned long irq_stack_ptr, orig_sp;
> > struct arm64_pt_regs *ptregs;
> > struct machine_specific *ms;
> >
> > - sp_in = frame->sp;
> > -
> > stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
> > fp = frame->fp;
> >
> > @@ -1513,7 +1516,7 @@ arm64_unwind_frame(struct bt_info *bt, struct
> > arm64_stackframe *frame)
> > ptregs = (struct arm64_pt_regs
> > *)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
> > frame->sp = orig_sp;
> > frame->pc = ptregs->pc;
> > - bt->bptr = sp_in;
> > + bt->bptr = fp;
> > if (CRASHDEBUG(1))
> > error(INFO,
> > "arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc:
%lx\n",
> > @@ -1904,8 +1907,10 @@ arm64_print_exception_frame(struct bt_info *bt,
> > ulong pt_regs, int mode, FILE *o
> > ulong LR, SP, offset;
> > char buf[BUFSIZE];
> >
> > +#if 0 /* FIXME? */
> > if (bt->flags & BT_FULL)
> > arm64_display_full_frame(bt, pt_regs);
> > +#endif
> >
> > if (CRASHDEBUG(1))
> > fprintf(ofp, "pt_regs: %lx\n", pt_regs);
>
> > --
> > Crash-utility mailing list
> > Crash-utility(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/crash-utility
>
> --
> Crash-utility mailing list
> Crash-utility(a)redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
3:42 a.m.
On Tue, Jun 14, 2016 at 04:56:43PM -0400, Dave Wysochanski wrote:
On Mon, 2016-06-13 at 11:30 -0400, Dave Anderson wrote:
>
> ----- Original Message -----
> > Dave,
> >
> > On Fri, Jun 10, 2016 at 04:37:42PM -0400, Dave Anderson wrote:
> > > Hi Takahiro,
> > >
> > > To address my concerns about your patch, I added a few additional changes
and attached
> > > it to this email. The changes are:
> > >
> > > (1) Prevent the stack dump "below" the #0 level. Yes, the stack
data region is contained within
> > > the incoming frame parameters, but it's ugly and we really
don't care to see what's before
> > > the #0 crash_kexec and crash_save_cpu #0 frames.
> > > (2) Fill in the missing stack dump at the top of the process stack, up to,
but not including
> > > the user-space exception frame.
> > > (3) Instead of showing the fp of 0 in the top-most frame's stack
address, fill it in with the
> > > address of the user-space exception frame.
> > >
> > > Note that there is no dump of the stack containing the user-space
exception frame, but the
> > > register dump itself should suffice.
> >
> > Well, the essential problem with my patch is that the output from "bt
-f"
> > looks like:
> > #XX ['fp'] 'function' at 'pc' --- (1)
> > <function's stack dump> --- (2)
> > but that (1) and (2) are not printed as a single stack frame in the same
> > iteration of while loop in arm64_back_trace_cmd().
> > (I hope you understand what I mean :)
>
> Actually I prefer your first approach. I find this new one confusing, not
> to mention unlike any of the other architectures in that the "frame
level"
> #X address value is not contiguous with the stack addresses that get filled
> in by -f.
>
> Taking your picture into account:
>
> stack grows to lower addresses.
> /|\
> |
> | |
> new sp +------+ <---
> |dyn | |
> | vars | |
> new fp +- - - + |
> |old fp| | a function's stack frame
> |old lr| |
> |static| |
> | vars| |
> old sp +------+ <---
> |dyn |
> | vars |
> old fp +------+
> | |
>
> Your first patch seemed natural to me because for any "#X" line containing
a function
> name, that function's dynamic variables, the "old fp/old lr" pair, and
the function's
> static variables were dumped below it (i.e., at higher stack addresses).
>
>
> > To be consistent with the out format of x86, the output should be
> > <function's stack dump>
> > #XX ['fp'] 'function' at 'pc'
> >
> > Unfortunately, this requires that arm64_back_trace_cmd() and other functions
should be overhauled.
> > Please take a look at my next patch though it is uncompleted and still has room
for improvement.
>
> I don't know what you mean by "consistent with the out format of x86"?
With x86_64,
> each #<level> line is simply the stack address where the function pushed its
return
> address as a result of its making a "callq" to the next function. Any
local variables of
> the calling function would be at the next higher stack addresses:
>
I've been confused by the address in []'s on arm64. Is this supposed to
be the stack address where the return address is stored, or does it vary
by arch?
A stack usage will vary from arch to arch.
On x86_64 (crash-7.1.4-1.el6_6):
crash> bt | grep " vfs_read at "
#5 [ffff89b6e510ff08] vfs_read at ffffffff811dea1c
crash> rd ffff89b6e510ff08
ffff89b6e510ff08: ffffffff811dea1c ........
I'm not quite familiar with other archs, but an example of
"crash> bt -f 1592" in "crash> help bt" doesn't match with
your case above neither.
On arm64 (crash-7.1.5-1.el7.aarch64) this isn't the case:
crash> bt | grep " vfs_read at "
#7 [ffff80015b93fdb0] vfs_read at ffff800000236b0c
crash> rd ffff80015b93fdb0
ffff80015b93fdb0: ffff80015c92e100 ...\....
Nor on arm64.
Please take a look at an ascii art in my previous e-mail, which
illustrates a stack usage on arm64.
Thanks,
-Takahiro AKASHI
> ...
> #X [stack address] function2 at 'return address'
> <function2's local variables>
> #Y [stack address] function1 at 'return address'
> <functions1's local variables>
> ...
>
> So for digging out local stack variables associated with a function, it's a
simple
> matter of looking "below" it in the "bt -f" output.
>
> Dave
>
>
> > Thanks,
> > -Takahiro AKASHI
> >
> >
> > > If you can live with the display, I'll clean up the patch, and maybe
add
> > > the stack-layout diagram
> > > from your last post into a comment. It was quite helpful, especially in
> > > comparison to the
> > > x86_64 model, which is what I was mistakenly using as a guide.
> > >
> > > Thanks,
> > > Dave
> > >
> > >
> > >
> >
> > > diff --git a/arm64.c b/arm64.c
> > > index 86ec348..3b29ef4 100644
> > > --- a/arm64.c
> > > +++ b/arm64.c
> > > @@ -1407,13 +1407,14 @@ arm64_print_stackframe_entry(struct bt_info *bt,
> > > int level, struct arm64_stackfr
> > > value_to_symstr(frame->pc, buf,
> > > bt->radix);
> > > }
> > >
> > > - if (bt->flags & BT_FULL) {
> > > - arm64_display_full_frame(bt, frame->sp);
> > > - bt->frameptr = frame->sp;
> > > + if ((bt->flags & BT_FULL) && level) {
> > > + arm64_display_full_frame(bt, frame->fp);
> > > + bt->frameptr = frame->fp;
> > > }
> > >
> > > fprintf(ofp, "%s#%d [%8lx] %s at %lx", level < 10 ?
" " : "",
> > > level,
> > > - frame->sp, name_plus_offset ? name_plus_offset :
name,
> > > frame->pc);
> > > +// frame->fp, name_plus_offset ? name_plus_offset :
name,
> > > frame->pc);
> > > + frame->fp ? frame->fp : bt->stacktop -
USER_EFRAME_OFFSET,
> > > name_plus_offset ? name_plus_offset : name, frame->pc);
> > >
> > > if (BT_REFERENCE_CHECK(bt))
> > > arm64_do_bt_reference_check(bt, frame->pc, name);
> > > @@ -1447,8 +1448,12 @@ arm64_display_full_frame(struct bt_info *bt, ulong
> > > sp)
> > > if (bt->frameptr == sp)
> > > return;
> > >
> > > - if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt))
> > > - return;
> > > + if (!INSTACK(sp, bt) || !INSTACK(bt->frameptr, bt)) {
> > > + if (sp == 0)
> > > + sp = bt->stacktop - USER_EFRAME_OFFSET;
> > > + else
> > > + return;
> > > + }
> > >
> > > words = (sp - bt->frameptr) / sizeof(ulong);
> > >
> > > @@ -1471,12 +1476,10 @@ arm64_unwind_frame(struct bt_info *bt, struct
> > > arm64_stackframe *frame)
> > > {
> > > unsigned long high, low, fp;
> > > unsigned long stack_mask;
> > > - unsigned long irq_stack_ptr, orig_sp, sp_in;
> > > + unsigned long irq_stack_ptr, orig_sp;
> > > struct arm64_pt_regs *ptregs;
> > > struct machine_specific *ms;
> > >
> > > - sp_in = frame->sp;
> > > -
> > > stack_mask = (unsigned long)(ARM64_STACK_SIZE) - 1;
> > > fp = frame->fp;
> > >
> > > @@ -1513,7 +1516,7 @@ arm64_unwind_frame(struct bt_info *bt, struct
> > > arm64_stackframe *frame)
> > > ptregs = (struct arm64_pt_regs
> > > *)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(orig_sp))];
> > > frame->sp = orig_sp;
> > > frame->pc = ptregs->pc;
> > > - bt->bptr = sp_in;
> > > + bt->bptr = fp;
> > > if (CRASHDEBUG(1))
> > > error(INFO,
> > > "arm64_unwind_frame: switch stacks: fp: %lx sp: %lx pc:
%lx\n",
> > > @@ -1904,8 +1907,10 @@ arm64_print_exception_frame(struct bt_info *bt,
> > > ulong pt_regs, int mode, FILE *o
> > > ulong LR, SP, offset;
> > > char buf[BUFSIZE];
> > >
> > > +#if 0 /* FIXME? */
> > > if (bt->flags & BT_FULL)
> > > arm64_display_full_frame(bt, pt_regs);
> > > +#endif
> > >
> > > if (CRASHDEBUG(1))
> > > fprintf(ofp, "pt_regs: %lx\n", pt_regs);
> >
> > > --
> > > Crash-utility mailing list
> > > Crash-utility(a)redhat.com
> > > https://www.redhat.com/mailman/listinfo/crash-utility
> >
> > --
> > Crash-utility mailing list
> > Crash-utility(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/crash-utility
> >
>
> --
> Crash-utility mailing list
> Crash-utility(a)redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
3084
days inactive
3093
days old
devel@lists.crash-utility.osci.io
13 comments
3 participants
participants (3)
-
AKASHI Takahiro -
Dave Anderson -
Dave Wysochanski