2009/9/22 Krzysztof Poc <[email protected]>:
> Hello
>
> I have 2 questions about core dumping.
>
> 1. I read in man core about dumping the following mappings:
> bit 0 Dump anonymous private mappings.
> bit 1 Dump anonymous shared mappings.
> bit 2 Dump file-backed private mappings.
> bit 3 Dump file-backed shared mappings.
>
> Could you assign each mapping to a ELF program section e.g. code, data,
> stack, heap, bss etc.
>
this features sound quite weird, yes from man pages - this was written:
"Since kernel 2.6.23, the Linux-specific /proc/PID/coredump_filter file
can be used to control which memory segments are written to the core
dump file in the event that a core dump is performed for the process
with the corresponding process ID.
The value in the file is a bit mask of memory mapping types (see
mmap(2)). If a bit is set in the mask, then memory mappings of the
corresponding type are dumped; otherwise they are not dumped. The bits
in this file have the following meanings:
bit 0 Dump anonymous private mappings.
bit 1 Dump anonymous shared mappings.
bit 2 Dump file-backed private mappings.
bit 3 Dump file-backed shared mappings."
but don't forget that since /proc/PID/coredump_filter is available, it
means that the process is still alive, so no core generated yet. so
if u are interested in the mapping, perhaps how about /proc/PID/maps?
(or /proc/PID/smaps, as both can provide mapping info).
> 2. Is there any tool that shows me what an individual mappings in a core
> dump file are ?
> e.g.:
> start-address end-address type-of-mapping
> 0x0 0x100 code
>
> Great thanks for help.
>
as mentioned above. or if u just "objdump -x core.pid" file:
Sections:
Idx Name Size VMA LMA File off Algn
0 note0 00000558 0000000000000000 0000000000000000 000003f8 2**0
CONTENTS, READONLY
1 .reg/6341 000000d8 0000000000000000 0000000000000000 0000047c 2**2
CONTENTS
2 .reg 000000d8 0000000000000000 0000000000000000 0000047c 2**2
CONTENTS
3 .auxv 00000130 0000000000000000 0000000000000000 0000060c 2**3
CONTENTS
4 .reg2/6341 00000200 0000000000000000 0000000000000000 00000750 2**2
CONTENTS
5 .reg2 00000200 0000000000000000 0000000000000000 00000750 2**2
CONTENTS
6 load1 00000000 0000000000400000 0000000000000000 00001000 2**12
ALLOC, READONLY, CODE
7 load2 00001000 0000000000600000 0000000000000000 00001000 2**12
CONTENTS, ALLOC, LOAD
8 load3 00021000 0000000000601000 0000000000000000 00002000 2**12
CONTENTS, ALLOC, LOAD
9 load4 00000000 0000003be5400000 0000000000000000 00023000 2**12
ALLOC, READONLY, CODE
10 load5 00001000 0000003be561f000 0000000000000000 00023000 2**12
CONTENTS, ALLOC, LOAD, READONLY
11 load6 00001000 0000003be5620000 0000000000000000 00024000 2**12
CONTENTS, ALLOC, LOAD
12 load7 00000000 0000003be5800000 0000000000000000 00025000 2**12
ALLOC, READONLY, CODE
The VMA correspond to the memory address range u are asking.
anyway, if u are interested in how each of the above sections are
generated inside the core file.....here goes the logic:
fs/exec.c:do_coredump() call binfmt->core_dump(), where binfmt pointer
is ELF type, and so elf_core_dump() in fs/binfmt_elf.c is called.
Inside elf_core_dump() is the following logic:
1985 /* Write program headers for segments dump */
1986 for (vma = first_vma(current, gate_vma); vma != NULL;
1987 vma = next_vma(vma, gate_vma)) {
1988 struct elf_phdr phdr;
1989
1990 phdr.p_type = PT_LOAD;
1991 phdr.p_offset = offset;
1992 phdr.p_vaddr = vma->vm_start;
1993 phdr.p_paddr = 0;
1994 phdr.p_filesz = vma_dump_size(vma, mm_flags);
1995 phdr.p_memsz = vma->vm_end - vma->vm_start;
1996 offset += phdr.p_filesz;
1997 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
1998 if (vma->vm_flags & VM_WRITE)
1999 phdr.p_flags |= PF_W;
2000 if (vma->vm_flags & VM_EXEC)
where vma_dump_size()'s value is depending on how you have set the
bitmap as mentioned in the man pages. if u want to dump all
file-backed pages as well, the size here will be non-zero (dumping
file-back pages really is not-necessary, as the content is easily
extracted from the ELF file).
anyway, if there is anything u want to modify to be generated when
coredump occurred u can do it here....
--
Regards,
Peter Teoh
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to [email protected]
Please read the FAQ at http://kernelnewbies.org/FAQ
