subject:"How to get object virtual address from a kernel core dump"

Re: How to get object virtual address from a kernel core dump

2016-03-22 Thread Buland Kumar Singh

On 18 March 2016 at 15:28, Mohammad Y. Zachariah  wrote:
>
> Hello everyone,
>
> I'm taking the way of analysing kernel core dumps as a learning approach 
> using 'crash tool'. One of the interesting crash commands is 'struct' which 
> can print kernel struct definition and/or the actual contents of the 
> structure.
>
> According to struct help page, I need the virtual address of the struct in 
> order to view/print its contents, for example:
>
> crash> mm_struct.pgd 810022e7d080 -px
>   pgd_t *pgd = 0x81000e3ac000
>   -> {
>pgd = 0x2c0a6067
>  }
>
> My question is how to find the mm_struct address "810022e7d080" in the 
> above example in the first place??
>

Hello Zach,

1) Determine the struct task_struct * from ps or set command of crash.

Eg:
crash> set 1
PID: 1
COMMAND: "init"
   TASK: 881029867500  [THREAD_INFO: 882029b32000]
CPU: 2
  STATE: TASK_INTERRUPTIBLE

crash> ps 1
   PIDPPID  CPU   TASKST  %MEM VSZRSS  COMM
  1  0   2  881029867500  IN   0.0   24852   1632  init

In above example, struct task_struct * is 0x881029867500

2) Determine struct mm_struct * from struct task_struct *

crash> task_struct.mm -ox
struct task_struct {
  [0x480] struct mm_struct *mm;
}

crash> task_struct.mm 881029867500
  mm = 0x882026b68700

In above example, struct mm_struct * is 0x882026b68700

3) Finally determine pgd_t from struct mm_struct *

crash> mm_struct.pgd -ox
struct mm_struct {
   [0x50] pgd_t *pgd;
}

crash> mm_struct.pgd 0x882026b68700
  pgd = 0x882026a9e000


You achieve the above steps in one line;

Eg:
crash> px ((struct task_struct *)0x881029867500)->mm.pgd
$1 = (pgd_t *) 0x882026a9e000

-- 
BKS

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to get object virtual address from a kernel core dump

2016-03-22 Thread Arun Sudhilal

Hello Zach,

On Fri, Mar 18, 2016 at 3:28 PM, Mohammad Y. Zachariah 
wrote:

> Hello everyone,
>
> I'm taking the way of analysing kernel core dumps as a learning approach
> using 'crash tool'. One of the interesting crash commands is 'struct' which
> can print kernel struct definition and/or the actual contents of the
> structure.
>
> According to struct help page, I need the virtual address of the struct in
> order to view/print its contents, for example:
>
> crash> mm_struct.pgd 810022e7d080 -px
>   pgd_t *pgd = 0x81000e3ac000
>   -> {
>pgd = 0x2c0a6067
>  }
>
> My question is how to find the mm_struct address "810022e7d080" in the
> above example in the first place??
>

crash tool has a 'ps'  command, which outputs all the task and their task
struct address.

Thanks,
Arun

>
> Thank you for your help in advance.
> Zach
>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to get object virtual address from a kernel core dump

2016-03-22 Thread Manoj Nayak

task_struct contains mm_struct.

If we have pid of the process then task_struct can be obtained from pid
using following two methods.

1.
Please check find_task_by_pid() function in kernel. We can write a similar
macro to convert pid to task_struct.

2. We can write a macro that traverses all task starting from init_task and
check the required pid.

#define for_each_task(p) \
for (p = _task ; (p = p->next_task) != _task ; )


If process is the current one then current_thread_info()->task provides
task_struct for current task.
We can write a macro similar to current_thread_info().

pid-> task_struct->mm_struct.

Regards
Manoj Nayak
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

How to get object virtual address from a kernel core dump

2016-03-19 Thread Mohammad Y. Zachariah

Hello everyone,

I'm taking the way of analysing kernel core dumps as a learning approach
using 'crash tool'. One of the interesting crash commands is 'struct' which
can print kernel struct definition and/or the actual contents of the
structure.

According to struct help page, I need the virtual address of the struct in
order to view/print its contents, for example:

crash> mm_struct.pgd 810022e7d080 -px
  pgd_t *pgd = 0x81000e3ac000
  -> {
   pgd = 0x2c0a6067
 }

My question is how to find the mm_struct address "810022e7d080" in the
above example in the first place??

Thank you for your help in advance.
Zach
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to get object virtual address from a kernel core dump

Re: How to get object virtual address from a kernel core dump

Re: How to get object virtual address from a kernel core dump

How to get object virtual address from a kernel core dump

4 matches

Site Navigation

Mail list logo

Footer information