<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Badari Pulavarty wrote:
<blockquote TYPE=CITE>On Wed, 2005-11-02 at 15:57 -0500, Dave Anderson
wrote:
<br>> > So, the key will be to find a difference between 2.6.10 and
<br>> > 2.6.11's symbol contents.
<br>>
<br>> Hi Badari,
<br>>
<br>> Looking at what appears to be Andi's wholesale patch set that
<br>> made the VM changes, I think it may be possible to use
<br>> "boot_vmalloc_pgt" as a qualifier, because it went away with
<br>> the new scheme. Also, "vmalloc_fault" was added, but since
<br>> it's a static function, its only caller may have inlined it
<br>> in the new kernel.
<br>>
<br>> Also, given the VM changes, I'm still amazed that the virtual
<br>> to physical translation of vmalloc and user page addresses
<br>> still works. Are you sure that "vtop" on vmalloc and user
<br>> space addresses works correctly?
<br>>
<br>> To verify user-space address translation is working, you
<br>> should be able to do something like this. Run crash in a
<br>> live session, and look at the very beginning of its address
<br>> space, and read the first few bytes:
<br>>
<br>> crash> set
<br>> PID: 8052
<br>> COMMAND: "crash"
<br>> TASK: 10018e1f7f0 [THREAD_INFO: 100189e4000]
<br>> CPU: 3
<br>> STATE: TASK_RUNNING (ACTIVE)
<br>> crash> vm
<br>> PID: 8052 TASK: 10018e1f7f0
CPU: 3 COMMAND: "crash"
<br>> MM
PGD RSS
TOTAL_VM
<br>> 1002fc08040 10018286000
63376k 121176k
<br>> VMA
START END FLAGS
FILE
<br>> 1002b8269f8
400000 788000 1875 /usr/bin/crash
<br>> 1002bb5d3c8
888000 8ab000 101873 /usr/bin/crash
<br>> 100288d9408
8ab000 8f8000 100077
<br>> 100302a0688
9aa000 9c2000 101873 /usr/bin/crash
<br>> 10028f49b98
9c2000 1b50000 100077
<br>> 10028f49358 2a95556000 2a95558000 100073
<br>> 1002edad688 2a95584000 2a95587000 100073
<br>> ...
<br>>
<br>> crash> rd -u 0x400000
<br>> 400000:
00010102464c457f
.ELF....
<br>> crash>
<p>Yuck. User virtual is screwed up :(crash> set
<br> PID: 5253
<br>COMMAND: "crash"
<br> TASK: 101269b9730 [THREAD_INFO: 10112fbe000]
<br> CPU: 0
<br> STATE: TASK_RUNNING (ACTIVE)
<br>crash> vm
<br>PID: 5253 TASK: 101269b9730
CPU: 0 COMMAND: "crash"
<br> MM
PGD RSS
TOTAL_VM
<br> 1011cc0b6c0 10114fd3000
126372k 121900k
<br> VMA
START END FLAGS
FILE
<br> 101270d7c08 400000
78b000
<br>1875 /root/crash-4.0-2.8.new/crash
<br> 10127966aa8 88b000
8ad000
<br>101873 /root/crash-4.0-2.8.new/crash
<br> 10037e58268 8ad000
1a67000 100073
<br> 10037e58688 2a95556000 2a95558000 100073
<br> 10009f7c148 2a95574000 2a95577000 100073
<br> 1012731b6c8 2a95577000 2a983b9000
71 /usr/lib/locale/locale-
<br>archive
<br>...
<p>crash> rd -u 0x400000
<br>rd: invalid user virtual address: 400000 type: "64-bit UVADDR"
<p>Ideas on why ?
<br> </blockquote>
<tt>Not really -- I would have thought it would failed much later</tt>
<br><tt>in the x86_64_uvtop() function when translating the virtual</tt>
<br><tt>address to a pte.</tt><tt></tt>
<p><tt>But the message above only comes if the call to IS_UVADDR()</tt>
<br><tt>call fails in readmem():</tt><tt></tt>
<p><tt> /*</tt>
<br><tt> * Screen out any
error conditions.</tt>
<br><tt> */</tt>
<br><tt> switch (memtype)</tt>
<br><tt> {</tt>
<br><tt> case UVADDR:</tt>
<br><tt>
if (!CURRENT_CONTEXT()) {</tt>
<br><tt>
if (PRINT_ERROR_MESSAGE)</tt>
<br><tt>
error(INFO, "no current user process\n");</tt>
<br><tt>
goto readmem_error;</tt>
<br><tt>
}</tt>
<br><tt>
if (!IS_UVADDR(addr, CURRENT_CONTEXT())) {</tt>
<br><tt>
if (PRINT_ERROR_MESSAGE)</tt>
<br><tt>
error(INFO, INVALID_UVADDR, addr, type);</tt>
<br><tt>
goto readmem_error;</tt>
<br><tt>
}</tt>
<br><tt>
break;</tt><tt></tt>
<p><tt>but IS_UVADDR() would translate to a simple call to x86_64_is_uvaddr():</tt><tt></tt>
<p><tt>static int</tt>
<br><tt>x86_64_is_uvaddr(ulong addr, struct task_context *tc)</tt>
<br><tt>{</tt>
<br><tt> return (addr < USERSPACE_TOP);</tt>
<br><tt>}</tt><tt></tt>
<p><tt>...so that make little sense to me -- although it should be easy</tt>
<br><tt>enough to debug.</tt>
<br><tt></tt>
<blockquote TYPE=CITE>
<br>>
<br>> You should see the first bytes of the executable's ELF header,
<br>> as verified by the "ELF" string there.
<br>>
<br>> To verify module virtual addresses translation, try disassembling
<br>> a module text address, say some ext3 function, and verifying that
<br>> it makes sense?
<br>>
<p>vmalloc space seems to be fine:
<p>> Thanks, crash> mod
<br> MODULE
NAME SIZE OBJECT
FILE
<br>ffffffff88012600 dm_mod 70872
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff8805ef80 ipv6
312832 (not loaded) [CONFIG_KALLSYMS]
<br>ffffffff8806e200 parport 47244
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff88073800 lp
17232 (not loaded) [CONFIG_KALLSYMS]
<br>ffffffff8807fd00 parport_pc 33896 (not loaded)
[CONFIG_KALLSYMS]
<br>ffffffff8808ab00 usbserial 39280 (not
loaded) [CONFIG_KALLSYMS]
<br>ffffffff8808e900 hw_random 7968
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff88098f80 uhci_hcd 38304
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff880a4600 ehci_hcd 39944
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff880acd80 i2c_core 29568
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff880b1700 i2c_i801 11540
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff880b6000 joydev 13952
(not loaded) [CONFIG_KALLSYMS]
<br>ffffffff880bb000 edd
13984 (not loaded) [CONFIG_KALLSYMS]
<p>crash> dis ip6_dst_lookup
<br>0xffffffff88017c30 <ip6_dst_lookup>: push
%rbp
<br>0xffffffff88017c31 <ip6_dst_lookup+1>: mov
%rsp,%rbp
<br>0xffffffff88017c34 <ip6_dst_lookup+4>: sub
$0x40,%rsp
<br>0xffffffff88017c38 <ip6_dst_lookup+8>: mov
%r12,0xffffffffffffffe0(%
<br>rbp)
<br>0xffffffff88017c3c <ip6_dst_lookup+12>: xor %r12d,%r12d
<br>0xffffffff88017c3f <ip6_dst_lookup+15>: test %rdi,%rdi
<br>0xffffffff88017c42 <ip6_dst_lookup+18>: mov %r13,0xffffffffffffffe8(%
<br>rbp)
<br>0xffffffff88017c46 <ip6_dst_lookup+22>: mov %r14,0xfffffffffffffff0(%
<br>rbp)
<br>0xffffffff88017c4a <ip6_dst_lookup+26>: mov %r15,0xfffffffffffffff8(%
<br>rbp)
<br>0xffffffff88017c4e <ip6_dst_lookup+30>: mov %rbx,0xffffffffffffffd8(%
<br>rbp)
<br>0xffffffff88017c52 <ip6_dst_lookup+34>: mov %rdi,%r13
<br>0xffffffff88017c55 <ip6_dst_lookup+37>: mov %rsi,%r14
<br>0xffffffff88017c58 <ip6_dst_lookup+40>: mov %rdx,%r15
<br>0xffffffff88017c5b <ip6_dst_lookup+43>: movq $0x0,(%rsi)
<br>0xffffffff88017c62 <ip6_dst_lookup+50>: je
0xffffffff88017e45
<br>0xffffffff88017c68 <ip6_dst_lookup+56>: mov 0x230(%rdi),%rax
<br>0xffffffff88017c6f <ip6_dst_lookup+63>: lea 0x88(%rdi),%r12
<br>0xffffffff88017c76 <ip6_dst_lookup+70>: mov %r12,%rdi
<br>0xffffffff88017c79 <ip6_dst_lookup+73>: mov %rax,0xffffffffffffffd0(%
<br>rbp)
<br>0xffffffff88017c7d <ip6_dst_lookup+77>: mov 0x4c(%rax),%edx
<br>0xffffffff88017c80 <ip6_dst_lookup+80>: mov %edx,0xffffffffffffffcc(%
<br>rbp)
<br>0xffffffff88017c83 <ip6_dst_lookup+83>: callq 0xffffffff80404620
<br><_read_lock>
<br>0xffffffff88017c88 <ip6_dst_lookup+88>: mov 0x70(%r13),%rbx
<br><tt></tt> </blockquote>
<tt>Hmmm, OK if that makes sense to you. My 2.6.9 version of</tt>
<br><tt>ip6_dst_lookup() doesn't have a call to _read_lock(), but</tt>
<br><tt>maybe it's changed...</tt><tt></tt>
<p><tt>But the fact that you've got a module list means that the</tt>
<br><tt>linked list of modules -- which is linked by a list_head in</tt>
<br><tt>the module data structures themselves -- means that their</tt>
<br><tt>vmalloc addresses must be resolving OK.</tt><tt></tt>
<p><tt>Dave</tt>
<br> </html>