[Crash-utility] How to print structs in user space?

Fri Mar 7 14:51:31 UTC 2008

Dheeraj Sangamkar wrote:
> Hi,
> When I debug ioctls, I get parameters which are pointers to structures 
> in user space.
> I am unable to use the struct command to print these structures.
> 
> Currently I am using "rd -u" to read the content of user memory and 
> decode it based on the structure information I have.
> 
> Am I missing something? Is there an easier way to do this?

The crash utility and the embedded gdb module only know about
data structure types that you "feed" them.  So normally it's only
aware of data structures found in the debuginfo data of the vmlinux
file and from any kernel modules that you load with "mod".

That being said, you can use the gdb "add-symbol-file" command
from within a crash session to load the debuginfo data
from a user executable that has been built with -g.

For example, take the crash utility itself.  It's built
with -g by default, so from within a crash session I can
load its debuginfo data to make crash/gdb aware of its
user-space data structures.

For example, the crash utility has this data structure defined
in its "defs.h" file that's used to keep basic information for
each task:

   struct task_context {          /* context stored for each task */
           ulong task;
           ulong thread_info;
           ulong pid;
           char comm[16+1];
           int processor;
           ulong ptask;
           ulong mm_struct;
           struct task_context *tc_next;
   };

Running on a live system:

   # crash
   ...
   crash>

The session obviously has no clue as to what a user-space
data structure looks like:

   crash> struct task_context
   struct: invalid data structure reference: task_context
   crash>

Again, since crash is built with -g, the debuginfo data is contained
within its binary file.  So if I use the gdb "add-symbol-file" to
load its debuginfo data:

   crash> add-symbol-file /usr/bin/crash
   add symbol table from file "/usr/bin/crash" at
   Reading symbols from /usr/bin/crash...done.
   crash>

Now it knows what the structure is:

   crash> struct task_context
   struct task_context {
       ulong task;
       ulong thread_info;
       ulong pid;
       char comm[17];
       int processor;
       ulong ptask;
       ulong mm_struct;
       struct task_context *tc_next;
   }
   SIZE: 48
   crash>

Then to print an instance of a structure that exists in
the user-space of a process:

   (1) you'll need to know where in user space memory it exists.
   (2) you'll need to be in the *context* of that task/process
   (3) you'll need to use the "-u" argument to the "struct" command.

So suppose I know that one of these task_context structures
exists at virtual address 0xac38950 in the crash utility's user
virtual memory.  First I make sure I'm in the proper context:

   crash> set
       PID: 13284
   COMMAND: "crash"
      TASK: ddcb0550  [THREAD_INFO: c6bc7000]
       CPU: 1
     STATE: TASK_RUNNING (ACTIVE)
   crash>

And let the "struct" command know that the address is
argument is a user-space address with the -u option:

   crash> struct task_context ac38950 -u
   struct task_context {
     task = 0xdbd14aa0,
     thread_info = 0xd9916000,
     pid = 0x419c,
     comm = "run-mozilla.sh\000\000",
     processor = 0x0,
     ptask = 0xc76cf000,
     mm_struct = 0xde38ee40,
     tc_next = 0x0
   }
   crash>

Dave