-
Notifications
You must be signed in to change notification settings - Fork 0
/
atom.xml
142 lines (122 loc) · 5.29 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title><![CDATA[Gavin Guo]]></title>
<link href="http://bboymimi.github.io/atom.xml" rel="self"/>
<link href="http://bboymimi.github.io/"/>
<updated>2017-08-12T22:53:56+08:00</updated>
<id>http://bboymimi.github.io/</id>
<author>
<name><![CDATA[Gavin Guo]]></name>
</author>
<generator uri="http://octopress.org/">Octopress</generator>
<entry>
<title type="html"><![CDATA[Kernel Debugging 小技巧]]></title>
<link href="http://bboymimi.github.io/blog/2017/08/12/kernel-debugging-xiao-ji-qiao/"/>
<updated>2017-08-12T17:09:44+08:00</updated>
<id>http://bboymimi.github.io/blog/2017/08/12/kernel-debugging-xiao-ji-qiao</id>
<content type="html"><![CDATA[<p>(節錄自 Gavin Guo <a href="https://twlinuxkernelhackers.hackpad.com/Wiki-M37dy9c6AZt#:h=Debugging">原始貼文</a>)</p>
<h1>coredump</h1>
<p>相信很多時候在看到 coredump 的時候裡面會有一段:</p>
<pre><code>Code: 00 49 8b 50 08 4d 8b 28 49 8b 40 10 4d 85
ed 0f 84 5a 01 00 00 48 85 c0 0f 84 51 01 00 00
49 63 44 24 20 49 8b 3c 24 48 8d 4a 01 <49> 8b 5c
05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74
b5 49
</code></pre>
<p>其實這個在沒有debug symbol的情況下可以利用kernel
source裡面的decodecode script快速的知道fault的問題所在:</p>
<pre><code class="bash">$ echo "Code: 00 49 8b 50 08 4d 8b 28 49 8b 40 10
4d 85 ed 0f 84 5a 01 00 00 48 85 c0 0f 84 51 01
00 00 49 63 44 24 20 49 8b 3c 24 48 8d 4a 01 <49>
8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84
c0 74 b5 49" | ./scripts/decodecode
Code: 00 49 8b 50 08 4d 8b 28 49 8b 40 10 4d 85
ed 0f 84 5a 01 00 00 48 85 c0 0f 84 51 01 00 00
49 63 44 24 20 49 8b 3c 24 48 8d 4a 01 <49> 8b 5c
05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74
b5 49
All code
========
0: 00 49 8b add %cl,-0x75(%rcx)
3: 50 push %rax
4: 08 4d 8b or %cl,-0x75(%rbp)
7: 28 49 8b sub %cl,-0x75(%rcx)
a: 40 10 4d 85 adc %cl,-0x7b(%rbp)
e: ed in (%dx),%eax
f: 0f 84 5a 01 00 00 je 0x16f
15: 48 85 c0 test %rax,%rax
18: 0f 84 51 01 00 00 je 0x16f
1e: 49 63 44 24 20 movslq 0x20(%r12),%rax
23: 49 8b 3c 24 mov (%r12),%rdi
27: 48 8d 4a 01 lea 0x1(%rdx),%rcx
2b:* 49 8b 5c 05 00 mov 0x0(%r13,%rax,1),%rbx <-- trapping instruction
30: 4c 89 e8 mov %r13,%rax
33: 65 48 0f c7 0f cmpxchg16b %gs:(%rdi)
38: 0f 94 c0 sete %al
3b: 84 c0 test %al,%al
3d: 74 b5 je 0xfffffffffffffff4
3f: 49 rex.WB
Code starting with the faulting instruction
===========================================
0: 49 8b 5c 05 00 mov 0x0(%r13,%rax,1),%rbx
5: 4c 89 e8 mov %r13,%rax
8: 65 48 0f c7 0f cmpxchg16b %gs:(%rdi)
d: 0f 94 c0 sete %al
10: 84 c0 test %al,%al
12: 74 b5 je 0xffffffffffffffc9
14: 49 rex.WB
</code></pre>
<h1>crashdump</h1>
<p>一般我們在做 server 的 maintaining 的時候會從客戶那邊拿到 crashdump 的巨大 memory dump 檔案,之後再用 crash 這個 tool 打開,看 dmesg,撈 memory data,嘗試找出問題的所在。那麼如果你可以 access 到機器的情況下,有沒有辦法用 crash 來看當下的 memory data,進而檢查系統 work 的正不正常??有的</p>
<pre><code>$ sudo apt-get install -y crash
$ sudo crash /usr/lib/debug/boot/vmlinux-3.13.0-48-generic --mod /usr/lib/debug/lib/modules/3.13.0-48-generic/ /proc/kcore
crash 7.0.3
Copyright (C) 2002-2013 Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation
Copyright (C) 1999-2006 Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited
Copyright (C) 2006, 2007 VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011 NEC Corporation
Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions. Enter "help copying" to see the conditions.
This program has absolutely no warranty. Enter "help warranty" for details.
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...
KERNEL: /usr/lib/debug/boot/vmlinux-3.13.0-48-generic
DUMPFILE: /proc/kcore
CPUS: 4
DATE: Mon Jun 15 21:11:02 2015
UPTIME: 00:29:43
LOAD AVERAGE: 0.15, 0.05, 0.06
TASKS: 224
NODENAME: gavin-Inspiron-7447
RELEASE: 3.13.0-48-generic
VERSION: #80~precise1hf00073670v20150319b2-Ubuntu SMP Thu Mar 19 11:01:43
MACHINE: x86_64 (2793 Mhz)
MEMORY: 3.9 GB
PID: 2370
COMMAND: "crash"
TASK: ffff8800b30fb000 [THREAD_INFO: ffff8800b4a74000]
CPU: 0
STATE: TASK_RUNNING (ACTIVE)
</code></pre>
<p>可以嘗試看看下面的指令</p>
<pre><code>crash> p *(struct kmem_cache *) kmalloc_caches
crash> p saved_command_line
crash> p uts_init_ns
crash> log
crash> kmem -S
crash> help
</code></pre>
<p>當然會有疑惑,這能不能直接把 kernel 停下來,像是 gdb 一樣 debug?答案當然是不行。</p>
]]></content>
</entry>
</feed>