On Mon, Jul 24, 2023 at 10:29 AM HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab@nec.com> wrote:
On 2023/07/24 10:17, HAGIO KAZUHITO(萩尾 一仁) wrote:
> Hi Lianbo,
>
> Thank you for the fix.
>
> On 2023/07/21 13:36, Lianbo Jiang wrote:
>> Currently, the symbol ".rodata" may not be found in some vmlinux, and
>> the strings command will still be used to get the linux banner string,
>> but this gets two strings as below:
>>
>>     # strings /usr/lib/debug/usr/lib/modules/6.5.0-0.rc2.17.fc39.x86_64/vmlinux |grep  "Linux version"
>>     Linux version 6.5.0-0.rc2.17.fc39.x86_64 (mockbuild@23a79bad375e4c2c8c60f2d40df7df49) (gcc (GCC) 13.1.1 20230614 (Red Hat 13.1.1-4), GNU ld version 2.40-9.fc39) # SMP PREEMPT_DYNAMIC
>>     Linux version 6.5.0-0.rc2.17.fc39.x86_64 (mockbuild@23a79bad375e4c2c8c60f2d40df7df49) (gcc (GCC) 13.1.1 20230614 (Red Hat 13.1.1-4), GNU ld version 2.40-9.fc39) #1 SMP PREEMPT_DYNAMIC Mon Jul 17 14:57:35 UTC 2023
>>
>> In the verify_namelist(), the while-loop will only determine if the
>> above first string(linux banner) matches and break the loop. But
>> actually the above second string is correct one. Eventually, crash
>> startup with the following warning:
>>
>>     # ./crash -s /usr/lib/debug/usr/lib/modules/6.5.0-0.rc2.17.fc39.x86_64/vmlinux /var/crash/127.0.0.1-2023-07-20-20\:50\:50/vmcore
>>     WARNING: kernel version inconsistency between vmlinux and dumpfile
>>
>>     # ./crash -s
>>     WARNING: kernel version inconsistency between vmlinux and live memory
>>
>> Let's always try to match the correct one, otherwise still prints a
>> warning as before.
>>
>> Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
>> ---
>>    kernel.c | 2 --
>>    1 file changed, 2 deletions(-)
>>
>> diff --git a/kernel.c b/kernel.c
>> index 546eed95eebd..9801812387bd 100644
>> --- a/kernel.c
>> +++ b/kernel.c
>> @@ -1375,8 +1375,6 @@ verify_namelist()
>>                              buffer3[i++] = *p1++;
>>                      buffer3[i] = NULLCHAR;
>>              }
>> -
>> -            break;
>>            }
>>            pclose(pipe);
>>   
>
> I think you are fixing the fallback routine and that's good, but it's
> better to fix get_linux_banner_from_vmlinux() first if possible.  It's

Thank you for the comments, Kazu.

They are different issues. The fallback routine(strings) also needs to be fixed, and the get_linux_banner_from_vmlinux() failure is another issue.

> much faster.  Isn't it possible?
>
 
As I mentioned in patch log, the symbol ".rodata" was not found in some vmlinux, and so far I haven't got any equivalent symbols to achieve the purpose. 

crash> sym .rodata
symbol not found: .rodata
possible alternatives:
  (none found)
crash> 

But the following change works well for this case:

diff --git a/kernel.c b/kernel.c
index 546eed9..a4ce5bf 100644
--- a/kernel.c
+++ b/kernel.c
@@ -11891,6 +11891,7 @@ check_vmcoreinfo(void)
 static
 int get_linux_banner_from_vmlinux(char *buf, size_t size)
 {
+#if 0
        struct bfd_section *sect;
        long offset;
 
@@ -11917,4 +11918,10 @@ int get_linux_banner_from_vmlinux(char *buf, size_t size)
                return FALSE;
 
        return TRUE;
+#else
+       if (!readmem(symbol_value("linux_banner"), KVADDR, buf, size, "linux_banner", RETURN_ON_ERROR))
+               return FALSE;
+
+       return TRUE;
+#endif
 }

How about reading out the linux_banner string to a buffer with readmem()?


> What do you see in "sections:" in "help -s"?  And probably you can
> determine the section where linux_banner is located, with the address of
> linux_banner and KASLR offset.
>
> crash> help -s
> ...
>               sections:
>                       .text  vma: ffffffff81000000  size: 14686984
>                     .rodata  vma: ffffffff82000000  size: 5366231
>                  .pci_fixup  vma: ffffffff8251e1e0  size: 14112
> ...
> crash> sym linux_banner
> ffffffffb5200a40 (D) linux_banner
> crash> help -D | grep KERNELOFFSET
>         KERNELOFFSET=33200000
>
> crash> eval ffffffffb5200a40 - 0x33200000
> hexadecimal: ffffffff82000a40   --> linux_banner is in ".rodata"

If the vmlinux does not have only the ".rodata" symbol, is it possible
to use "__start_rodata" symbol or something?  i.e. is there no symbol
that has the same address as .rodata section?


I tried the "__start_rodata" symbol, but it does not work.
 
Thanks.
Lianbo

crash> sym .rodata __start_rodata
ffffffffb5200000 (d) .rodata
ffffffffb5200000 (D) __start_rodata

Thanks,
Kazu