[Crash-utility] Problem in command net -s
Dave Anderson
anderson at redhat.com
Fri Jan 27 14:31:46 UTC 2012
----- Original Message -----
> This problem effects net -s and net -S, as the pointer to the socket
> is 4 bytes off, which of course means that all information about the
> socket is garbage. Example:
>
> Before patch:
> crash> net -s
> PID: 377 TASK: cc4dc360 CPU: 0 COMMAND: "NetworkStats"
> FD SOCKET SOCK FAMILY:TYPE SOURCE-PORT
> DESTINATION-PORT
> ....
> 101 cf55b784 cc450a40 214324:23124
> ....
>
> After patch:
> crash> net -s
> PID: 377 TASK: cc4dc360 CPU: 0 COMMAND: "NetworkStats"
> FD SOCKET SOCK FAMILY:TYPE SOURCE-PORT
> DESTINATION-PORT
> ....
> 101 cf55b780 cc450a40 INET6:DGRAM 0:0:0:0:0:0:0:0-50170
> 0:0:0:0:0:0:0:0-0
> ....
OK, I was just wondering whether it caused a segmentation violation
or something else.
> This problem was really found by Pavel Modilaynen
> (Pavel.Modilaynen at sonyericsson.com) working in the same group as I
> do. We saw the same kind of information using struct -o that you
> found yourself. The only reason I can think of for the 8-byte
> alignment is that the struct vfs_inode itself starts with an 8-byte
> struct.
>
> That we might not have exactly the same alignment rules on ARM and
> x86 worries me. The whole idea to debug an ARM kernel using an x86
> machine is based on the assumption that sizes of types, alignment
> rules, and so on are the same.
>
> Jan
But the same thing would have happened if you were debugging an ARM kernel
using an ARM host, right?
Anyway, I don't think it's a problem. The crash code should have been
using the OFFSET() mechanism to begin with. The SIZE() macro is typically
used for reading the correct amount of data into a buffer, not for this
kind of situation.
Dave
> -----Original Message-----
> From: crash-utility-bounces at redhat.com
> [mailto:crash-utility-bounces at redhat.com] On Behalf Of Dave Anderson
> Sent: torsdag den 26 januari 2012 17:36
> To: Discussion list for crash utility usage, maintenance and development
> Cc: Fänge, Thomas
> Subject: Re: [Crash-utility] Problem in command net -s
>
>
>
> ----- Original Message -----
> >
> >
> > ----- Original Message -----
> > >
> > > Hi Dave
> > >
> > > I found a problem with the net -s command. It concerns line 1451 in net.c
> > >
> > > struct_socket = inode - SIZE(socket);
> > >
> > > As I understand it we have the type
> > >
> > > struct socket_alloc {
> > > struct socket socket;
> > > struct inode vfs_inode;
> > > }
> > >
> > > and we have the address of the second field and want the address of
> > > the first. The calculation, using the size of the socket struct,
> > > used in net.c require that the second field is aligned directly
> > > after the first field. This is unfortunately not true in cases I
> > > have seen. By changing the line 1451 to:
> > >
> > > struct_socket = inode - MEMBER_OFFSET("socket_alloc",
> > > "vfs_inode");
> > >
> > > things work better.
> > >
> > > Is this something you would like to change in Crash? I assume you
> > > will move the offset calculation to somewhere else so it is only
> > > performed once.
> >
> > Probably so...
> >
> > Although I'm curious -- what kernel version do you see this on?
> > It works as expected on RHEL5, RHEL6 and a Fedora 16 3.1.7-based
> > kernel. What do you see when you do this:
> >
> > crash> socket_alloc -o
> > struct socket_alloc {
> > [0] struct socket socket;
> > [48] struct inode vfs_inode;
> > }
> > SIZE: 616
> > crash> socket
> > struct socket {
> > socket_state state;
> > short int type;
> > long unsigned int flags;
> > struct socket_wq *wq;
> > struct file *file;
> > struct sock *sk;
> > const struct proto_ops *ops;
> > }
> > SIZE: 48
> > crash>
> >
> > And just for the changelog description, what havoc does it wreak?
> >
> > Thanks,
> > Dave
>
> Interesing -- I see the problem with the 3 sample ARM dumpfiles I have
> on hand. I would have thought the same issue would be seen with
> a 32-bit x86, but it looks like it's an ARM compiler issue?
>
> Check this comparison -- while the inode structure is different in
> these two kernels, the socket structure is the same:
>
> X86: ARM:
>
> crash> socket_alloc -o crash> socket_alloc -o
> struct socket_alloc { struct socket_alloc {
> [0] struct socket socket; [0] struct socket socket;
> [28] struct inode vfs_inode; [32] struct inode vfs_inode;
> } }
> SIZE: 388 SIZE: 584
> crash> socket -o crash> socket -o
> struct socket { struct socket {
> [0] socket_state state; [0] socket_state state;
> [4] short int type; [4] short int type;
> [8] long unsigned int flags; [8] long unsigned int
> flags;
> [12] struct socket_wq *wq; [12] struct socket_wq *wq;
> [16] struct file *file; [16] struct file *file;
> [20] struct sock *sk; [20] struct sock *sk;
> [24] const struct proto_ops *ops; [24] const struct proto_ops
> *ops;
> } }
> SIZE: 28 SIZE: 28
> crash> crash>
>
> But for whatever reason, the ARM kernel pushes the vfs_inode to
> offset 32 even though the preceding socket structure is 28 bytes long.
>
> Anyway, using the offset instead of the size is a better idea, so I'll
> make that change.
>
> Although -- my sample ARM dumpfiles don't have any tasks with open sockets,
> so I still am interested in seeing what the failure looks like for the
> changelog entry.
>
> Thanks,
> Dave
>
More information about the Crash-utility
mailing list