DavidSpickett wrote: > Thus the readonly option I added here isn't tied to security because lldb > wouldn't load /dev/mem if there is no root privilege at the first place.
I didn't think of that actually, I was just going on vibes to be honest. That's a great justification for "safety". :+1: > By kernel dump, I mean kernel crash dump described > [here](https://docs.freebsd.org/en/books/developers-handbook/kerneldebug/). > I'll reword the PR description. Thanks, this helped me clear up a big point of confusion for me (and those manual pages are great btw). Is there anywhere that documents LLDB commands for similar things? If the feature is not mature enough to put in the FreeBSD manual then I think it would be fine to have a page on the LLDB site instead. For example I have one that collects all the important trivia for AArch64 Linux (https://lldb.llvm.org/use/aarch64-linux.html). Not a requirement, but if you are going to write up a summary of your work anyway, consider doing that too. It's always nice to have a single place to send people too to show off what you did (aside from the release notes ofc :) ). > Kernel crash dump is/isn't kernel crash dump depending on its format. Full > kernel crash dump is a elf core. I figured out why I'm so confused. This full elf core fits my usual expectations for `lldb <program> --core <core>`. So I'm used to this always being post-mortem debugging (after the process has finished). However, for the FreeBSDKernelCore plugin, there is also the option to use this /dev/mem which is the running kernel. Which didn't make sense to me because that's not a "core file". But that's just me fixating on the naming. If I think about core file plugins more as "get memory from this place", then /dev/mem is just another place. So: ``` (lldb) target create <kernel elf> --core /dev/mem ``` Is basically saying: ``` (lldb) target create <kernel elf> --get-my-memory-from /dev/mem ``` I'm so used to `--core` only ever being an offline file, so this is surprising to me. So with that cleared up... > Implement ProcessFreeBSDKernelCore::DoWriteMemory() to write data on kernel > crash dump or /dev/mem. I wonder if this setting should only apply to /dev/mem, and writes should never be allowed for offline crash dump debugging. The average user of userspace debugging would not expect to be able to write to memory read from a core. Since we read the file from disk, I'm not sure it could work without significant effort. Perhaps there is a use case for doing so, but I'd need to see that either it's allowed by the other kernel debuggers, or that you're going to implement it, and how you will do that. There is a blocker for what I'm suggesting though. If the FreeBSDKernelCore cannot tell whether it's reading from /dev/mem, or from a crash dump (or the code to do so would be unwieldy) then we cannot do this. I suspect writes in a crash dump session would fail anyway, so we could rely on users to quickly realise why that's the case. Can you show me what kgdb allows, if anything, and what happens in lldb if you write during a crash dump session? https://github.com/llvm/llvm-project/pull/183553 _______________________________________________ lldb-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
