Kindly ping... Any comments on this? Thanks, Tao Liu
On Tue, Oct 21, 2025 at 11:24 AM Tao Liu <[email protected]> wrote: > > A) This patchset will introduce the following features to makedumpfile: > > 1) Enable eppic script for memory pages filtering. > 2) Enable btf and kallsyms for symbol type and address resolving. > > B) The purpose of the features are: > > 1) Currently makedumpfile filters mm pages based on page flags, because > flags > can help to determine one page's usage. But this page-flag-checking > method > lacks of flexibility in certain cases, e.g. if we want to filter those mm > pages occupied by GPU during vmcore dumping due to: > > a) GPU may be taking a large memory and contains sensitive data; > b) GPU mm pages have no relations to kernel crash and useless for vmcore > analysis. > > But there is no GPU mm page specific flags, and apparently we don't need > to create one just for kdump use. A programmable filtering tool is more > suitable for such cases. In addition, different GPU vendors may use > different ways for mm pages allocating, programmable filtering is better > than hard coding these GPU specific logics into makedumpfile in this > case. > > 2) Currently makedumpfile already contains a programmable filtering tool, > aka > eppic script, which allows user to write customized code for data > erasing. > However it has the following drawbacks: > > a) cannot do mm page filtering. > b) need to access to debuginfo of both kernel and modules, which is not > applicable in the 2nd kernel. > c) Poor performance, making vmcore dumping time unacceptable (See > the following performance testing). > > makedumpfile need to resolve the dwarf data from debuginfo, to get > symbols > types and addresses. In recent kernel there are dwarf alternatives such > as btf/kallsyms which can be used for this purpose. And btf/kallsyms info > are already packed within vmcore, so we can use it directly. > > With these, this patchset introduces an upgraded eppic, which is based on > btf/kallsyms symbol resolving, and is programmable for mm page filtering. > The following info shows its usage and performance, please note the tests > are performed in 1st kernel: > > $ time ./makedumpfile -d 31 -l > /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore > /tmp/dwarf.out -x /lib/debug/lib/modules/6.11.8-300.fc41.x86_64/vmlinux > --eppic eppic_scripts/filter_amdgpu_mm_pages.c > real 14m6.894s > user 4m16.900s > sys 9m44.695s > > $ time ./makedumpfile -d 31 -l > /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore > /tmp/btf.out --eppic eppic_scripts/filter_amdgpu_mm_pages.c > real 0m10.672s > user 0m9.270s > sys 0m1.130s > > -rw------- 1 root root 367475074 Jun 10 18:06 btf.out > -rw------- 1 root root 367475074 Jun 10 21:05 dwarf.out > -rw-rw-rw- 1 root root 387181418 Jun 10 18:03 > /var/crash/127.0.0.1-2025-06-10-18:03:12/vmcore > > C) Discussion: > > 1) GPU types: Currently only tested with amdgpu's mm page filtering, others > are not tested. > 2) OS: The code can work on rhel-10+/rhel9.5+ on x86_64/arm64/s390/ppc64. > Others are not tested. > > D) Testing: > > 1) If you don't want to create your vmcore, you can find a vmcore which I > created with amdgpu mm pages unfiltered [1], the amdgpu mm pages are > allocated by program [2]. You can use the vmcore in 1st kernel to filter > the amdgpu mm pages by the previous performance testing cmdline. To > verify the pages are filtered in crash: > > Unfiltered: > crash> search -c "!QAZXSW@#EDC" > ffff96b7fa800000: > !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ffff96b87c800000: > !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > crash> rd ffff96b7fa800000 > ffff96b7fa800000: 405753585a415121 !QAZXSW@ > crash> rd ffff96b87c800000 > ffff96b87c800000: 405753585a415121 !QAZXSW@ > > Filtered: > crash> search -c "!QAZXSW@#EDC" > crash> rd ffff96b7fa800000 > rd: page excluded: kernel virtual address: ffff96b7fa800000 type: > "64-bit KVADDR" > crash> rd ffff96b87c800000 > rd: page excluded: kernel virtual address: ffff96b87c800000 type: > "64-bit KVADDR" > > 2) You can use eppic_scripts/print_all_vma.c against an ordinary vmcore to > test only btf/kallsyms functions by output all VMAs if no amdgpu > vmcores/machine avaliable. > > [1]: https://people.redhat.com/~ltao/core/ > [2]: https://gist.github.com/liutgnu/a8cbce1c666452f1530e1410d1f352df > > v2 -> v1: > > 1) Moved maple tree related code(for VMA iteration) into eppic script, so we > don't need to port maple tree code to makedumpfile. > > 2) Reorganized the patchset as follows: > > --- <common modification> --- > 1.Add page filtering function > 2.Supporting main() as the entry of eppic script > > --- <dwarf related modification> --- > 3.dwarf_info: Support kernel address randomization > 4.dwarf_info: Fix a infinite recursion bug for rust > 5.eppic dwarf: support anonymous structs member resolving > 6.Enable page filtering for dwarf eppic > > --- <btf & kallsyms related modification> --- > 7.Implement kernel kallsyms resolving > 8.Implement kernel btf resolving > 9.Implement kernel module's kallsyms resolving > 10.Implement kernel module's btf resolving > 11.Export necessary btf/kallsyms functions to eppic extension > 12.Enable page filtering for btf/kallsyms eppic > 13.Docs: Update eppic related entries > > --- <only for test purpose, don't merge> --- > 14.Introducing 2 eppic scripts to test the dwarf/btf eppic extension > > The modification on dwarf is primary for comparision purpose, that > for the same eppic program, mm page filtering should get exact same > outputs for dwarf & kallsyms/btf based approaches. If outputs unmatch, > this indicates bugs. In fact, we will never take dwarf mm pages filtering > in real use, due to its poor performance as well as inaccessibility > of debuginfo during kdump in 2nd kernel. So patch 3/4/5 won't affect > the function of btf/kallsyms eppic mm page filtering, but there are > functions shared in patch 6, so it is a must-have one. Patch 14 is > only for test purpose, to demonstrate how to write eppic script for > mm page filtering, so it isn't a must-have patch. > > Please note, in patch 14, I have deliberately converted all array > operation into pointer operation, e.g. modified "node->slot[i]" into > "*((unsigned long *)&(node->slot) + i)". This is because there are > bugs for array operation support in extension_eppic.c. I didn't have > effort to test and fix them all because as I mentioned previously, > mm page filtering in dwarf side is only for comparision and will > never be used in real use. There is no such issue for kallsyms/btf > eppic side. > > 3) Since we ported maple tree code to eppic script, several bugs found > both for eppic library & eppic btf support. Please use master branch > of eppic library to co-compile with this patchset. > > Tao Liu (14): > Add page filtering function > Supporting main() as the entry of eppic script > dwarf_info: Support kernel address randomization > dwarf_info: Fix a infinite recursion bug for rust > eppic dwarf: support anonymous structs member resolving > Enable page filtering for dwarf eppic > Implement kernel kallsyms resolving > Implement kernel btf resolving > Implement kernel module's kallsyms resolving > Implement kernel module's btf resolving > Export necessary btf/kallsyms functions to eppic extension > Enable page filtering for btf/kallsyms eppic > Docs: Update eppic related entries > Introducing 2 eppic scripts to test the dwarf/btf eppic extension > > Makefile | 6 +- > btf.c | 919 +++++++++++++++++++++++++ > btf.h | 177 +++++ > dwarf_info.c | 7 + > eppic_scripts/filter_amdgpu_mm_pages.c | 255 +++++++ > eppic_scripts/print_all_vma.c | 239 +++++++ > erase_info.c | 120 +++- > erase_info.h | 19 + > extension_btf.c | 258 +++++++ > extension_eppic.c | 106 ++- > extension_eppic.h | 6 +- > kallsyms.c | 392 +++++++++++ > kallsyms.h | 41 ++ > makedumpfile.8.in | 24 +- > makedumpfile.c | 21 +- > makedumpfile.h | 11 + > print_info.c | 11 +- > 17 files changed, 2550 insertions(+), 62 deletions(-) > create mode 100644 btf.c > create mode 100644 btf.h > create mode 100644 eppic_scripts/filter_amdgpu_mm_pages.c > create mode 100644 eppic_scripts/print_all_vma.c > create mode 100644 extension_btf.c > create mode 100644 kallsyms.c > create mode 100644 kallsyms.h > > -- > 2.47.0 >
