Академический Документы
Профессиональный Документы
Культура Документы
Kernel Debugging
Decoding an OOPS
List debugging
Memory debugging
Locking debugging
Profiling
Kernel oops
[ 378.675775] BUG: unable to handle kernel paging request at 6b6b6b6b
[ 378.681969] IP: [<c149dbcd>] rfcomm_process_dlcs+0x1b/0x15e
[ 378.687535] *pdpt = 000000002d67c001 *pde = 0000000000000000
[ 378.693272] Oops: 0000 [#1] PREEMPT SMP
[ 378.697188] Modules linked in: wl12xx_compat_sdio(C) btwilink wl12xx_compat(C) mac80211_compat(C)
cfg80211_compat(C) compat(C) fm_drv st_drv fuse snd_soc_mfld_machine snd_soc_sn95031 snd_soc_sst_platform
atomisp lm3554 mt9m114 mt9e013 videobuf_vmalloc videobuf_core atmel_mxt_ts pn544_nxp
[ 378.722657]
[ 378.724140] Pid: 946, comm: krfcommd Tainted: G C 3.0.16-mid8-dirty #34
[ 378.731702] EIP: 0060:[<c149dbcd>] EFLAGS: 00010246 CPU: 0
[ 378.737180] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[ 378.742135] EAX: eb89d8c8 EBX: 6b6b6b6b ECX: eb89d8c8 EDX: eb89d544
[ 378.748394] ESI: eb89d4f0 EDI: ed4f9f70 EBP: ed4f9f68 ESP: ed4f9f50
[ 378.754656] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 378.760047] Process krfcommd (pid: 946, ti=ed4f8000 task=ed4265e0 task.ti=ed4f8000)
[ 378.767692] Stack:
[ 378.769694] c15302c8 eb89d584 00000000 eb89d4f0 ed519920 ed4f9f70 ed4f9f80 c149eb4d
[ 378.777429] 00000000 ed4265e0 00000000 ed4f9f90 ed4f9f9c c149ebc4 0000bf54 00000000
[ 378.785168] 00000000 ee03bf54 c149eb74 ed4f9fe4 c104fe01 00000000 00000000 00000000
[ 378.792908] Call Trace:
[ 378.795351] [<c149eb4d>] rfcomm_process_sessions+0xb7/0xde
[ 378.800912] [<c149ebc4>] rfcomm_run+0x50/0x6c
[ 378.805344] [<c149eb74>] ? rfcomm_process_sessions+0xde/0xde
[ 378.811085] [<c104fe01>] kthread+0x63/0x68
[ 378.815258] [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[ 378.820824] [<c14dad82>] kernel_thread_helper+0x6/0xd
[ 378.825943] Code: 89 d8 e8 0a fe ff ff 8d 65 f8 31 c0 5b 5e 5d c3 55 89 e5 57 56 89 c6 53 8d 64 24 f4 8b 98
d8 03 00 00 8d 56 54 8d 80 d8 03 00 00 <8b> 3b 89 45 f0 89 55 ec e9 24 01 00 00 8b 93 a0 00 00 00 8d 83
[ 378.844811] EIP: [<c149dbcd>] rfcomm_process_dlcs+0x1b/0x15e SS:ESP 0068:ed4f9f50
[ 378.852287] CR2: 000000006b6b6b6b
Stack trace
Call Trace:
[<c149eb4d>] rfcomm_process_sessions+0xb7/0xde
[<c149ebc4>] rfcomm_run+0x50/0x6c
[<c149eb74>] ? rfcomm_process_sessions+0xde/0xde
[<c104fe01>] kthread+0x63/0x68
[<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[<c14dad82>] kernel_thread_helper+0x6/0xd
addr2line
$ addr2line -ie vmlinux
0xc149d76d
/home/tavi/src/linux/net/bluetooth/rfcomm/core.c:1866
$ (gdb) l *(0xc149d76d)
0xc149d76d is in rfcomm_process_dlcs
(/home/tavi/src/linux/net/bluetooth/rfcomm/core.c:1866).
warning: Source file is more recent than executable.
1861 struct list_head *p, *n;
1862
1863 BT_DBG("session %p state %ld", s, s->state);
1864
1865 list_for_each_safe(p, n, &s->dlcs) {
1866 d = list_entry(p, struct rfcomm_dlc, list);
1867
1868 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1869
__rfcomm_dlc_close(d, ETIMEDOUT);
1870
continue;
list_add(&e2.lh, &list);
23
24
list_for_each(i, &list) {
25
26
27
28
list_del(x->lh);
29
30}
31
objdump -dSr
list_add(&e1.lh, &list);
list_add(&e2.lh, &list);
list_for_each(i, &list) {
48: 8b 3d 00 00 00 00 mov 0x0,%edi
4a: R_386_32 list
4e: eb 18 jmp 68 <crush_it+0x68>
struct list_m *x = list_entry(i, struct list_m, lh);
printk("list_for_each %d\n", x->a);
50: ff 77 08 pushl 0x8(%edi)
53: 68 00 00 00 00 push $0x0
54: R_386_32 .rodata.str1.1
58: e8 fc ff ff ff call 59 <crush_it+0x59>
59: R_386_PC32 printk
List debugging
Operaiile cu liste folosesc valori poision
0x00100100 (next pointer) and 0x00200200 (prev
pointer) pentru a prinde accesri de elemente
neiniializate
[1185.368428] BUG: unable to handle kernel paging request at 00100108
[ 1185.374653] IP: [<f27db050>] crush_it+0x50/0x75 [crusher]
list_for_each(i, &list) {
struct list_m *x = list_entry(i, struct list_m, lh);
printk("list_for_each %d\n", x->a);
list_del(x);
}
Memory debugging
CONFIG_DEBUG_SLAB
CONFIG_SLUB_DEBUG_ON
Poison based memory debuggers
Poison
0x5a5a5a5a
0x5a5a5a5a
Allocated
buffer
Poison
0x6b6b6b6b
0x6b6b6b6b
Buffer overflow
[ 20.628752] slab error in verify_redzone_free(): cache `dummy':
memory outside object was overwritten
[ 20.637983] Pid: 1282, comm: insmod Not tainted 3.0.16-mid10-00007ga4a6b62-dirty #70
[ 20.638003] Call Trace:
[ 20.638050] [<c10cc1de>] __slab_error+0x17/0x1c
[ 20.638087] [<c10cc7ca>] __cache_free+0x12c/0x317
[ 20.638128] [<f27f1138>] ? buffer_overflow+0x4c/0x57 [crusher]
[ 20.638166] [<c10ccaba>] kmem_cache_free+0x2b/0xaf
[ 20.638213] [<f27f1138>] buffer_overflow+0x4c/0x57 [crusher]
[ 20.638257] [<f27f12aa>] crush_it+0x6c/0xa9 [crusher]
[ 20.638292] [<f27f12ef>] init_module+0x8/0xd [crusher]
[ 20.638323] [<c1001072>] do_one_initcall+0x72/0x119
[ 20.638358] [<f27f12e7>] ? crush_it+0xa9/0xa9 [crusher]
[ 20.638394] [<c106b8ae>] sys_init_module+0xc8d/0xe77
[ 20.638446] [<c14d7d18>] syscall_call+0x7/0xb
[ 20.638478] eb002bf8: redzone 1:0xd84156c5635688c0, redzone 2:0x0
Lockdep checker
CONFIG_DEBUG_LOCKDEP
Detecteaz lock inversion, dependene circulare,
bug-uri de locking n contexte softirq sau hardirq
Menine starea dependenelor ntre clase de
lockuri pentru a reduce complexitatea si a permite
verificarea la run-time
Pentru a reduce complexitatea i mai mult, un
scenariu este verificat o singur dat i rezultatul
este meninut ntr-un hash table
Exemplu: deacklock AB BA
noinline int
noinline int
deadlock_thread_a(void *arg)
deadlock_thread_b(void *arg)
mutex_lock(&a);
mutex_lock(&b);
schedule_timeout(HZ);
schedule_timeout(HZ);
mutex_lock(&b);
mutex_lock(&a);
mutex_unlock(&b);
mutex_unlock(&a);
mutex_unlock(&a);
mutex_unlock(&b);
return 0;
return 0;
}
Kmemleak
Un memory leak detector ce urmrete alocrile i
pointerii alocai ntr-un mod similar cu un garbage
collector
Cnd pointerii ctre zona alocat nu mai sunt
detectabili i zona nu a fost eliberat se detectaz
un memory leak
Scaneaz memoria alocat i stiva kernel a
proceselor pentru a detecta dac mai exist
pointeri folosii
CONFIG_DEBUG_KMEMLEAK
Kmemleak (2)
Setup
# mount -t debugfs nodev /sys/kernel/debug/
Kmemleak (3)
noinline void mem_leak(void)
{
kmalloc(10, GFP_KERNEL);
return;
}
unreferenced object 0xecf5c670 (size 32):
comm "insmod", pid 1806, jiffies 4294793093 (age 117.527s)
hex dump (first 32 bytes):
5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a a5 ZZZZZZZZZZZZZZZ.
backtrace:
[<c14c5c4a>] kmemleak_alloc+0x21/0x3f
[<c10cdffe>] kmem_cache_alloc_trace+0x48e/0x4ce
[<f130b018>] mem_leak+0x18/0x1a [crusher]
[<f130b3de>] crush_it+0xdf/0xe3 [crusher]
[<f130b3ea>] init_module+0x8/0xa [crusher]
[<c1001072>] do_one_initcall+0x72/0x119
[<c106b95b>] sys_init_module+0xcb3/0xea0
Kmemcheck
Paging based memory debugger
Nu folosete pagini de gard ci marcheaz toate
paginile alocate ca fiind invalide pentru a genera
PF
Page fault handler-ul ruleaza kmemchecker-ul
Dac verificarea trece, pagina se marcheaz ca
valid i se activeaz modul single stepping
Dup excepia generat de single stepping se
seteaz pagina ca fiind invalid
perf
Statistical profiler
Suport colectarea backtrace-urilor (kernel +
userspace)
Poate filtra evenimentele dup proces,
procesor dar funcioneaz i pe ntreg
sistemul
Perf top
PerfTop: 121 irqs/sec kernel:95.9% exact: 0.0% [1000Hz cycles], (all, 2 CPUs)
------------------------------------------------------------------------------samples pcnt function DSO
_______ _____ ___________________________ _____________________
31.00 17.4% dvmAsmInstructionStartCode /system/lib/libdvm.so
23.00 12.9% getdelim /system/bin/perf
15.00 8.4% update_iter [kernel.kallsyms]
13.00 7.3% format_decode [kernel.kallsyms]
12.00 6.7% map__process_kallsym_symbol /system/bin/perf
10.00 5.6% vsnprintf [kernel.kallsyms]
10.00 5.6% number [kernel.kallsyms]
7.00 3.9% hex2u64 /system/bin/perf
7.00 3.9% pthread_mutex_lock /system/lib/libc.so
6.00 3.4% lock_acquire [kernel.kallsyms]
5.00 2.8% strstr /system/lib/libc.so
5.00 2.8% __lock_acquire [kernel.kallsyms]
Perf record/report
# perf record g ls
# perf report
# Events: 42 cycles
#
# Overhead Command Shared Object Symbol
# ........ ....... ................. ......................
#
11.79% ls [kernel.kallsyms] [k] check_poison_obj
|
--- check_poison_obj
|
|--57.86%-- __kmalloc
|
kzalloc.clone.0
perf_event_mmap
mmap_region
do_mmap_pgoff
|--52.60%-- sys_mmap_pgoff
Alte tool-uri
ftrace
kprobes
sparse (make C=1)
coccinelle
patchwork
checkpatch.pl
printk
dump_stack