[Crash-utility] [RFC PATCH] struct: Fix handing of percpu symbols

Dave Anderson anderson at redhat.com
Thu Apr 21 18:59:16 UTC 2016 


----- Original Message -----
> 
> 
> ----- Original Message -----
> > On Mon 2016-04-18 11:22 -0400, Dave Anderson wrote:
> > 
> > Hi Dave,
> > 
> > > I may be missing something, but it seems like you just need it to calculate
> > > cpuaddr each time through the loop, and then you're done with it.  But then
> > > you rewind() it, store it, and keep tmpfp open across the do_datatype_addr()
> > > call?  What am I missing?
> > 
> > sure -- but I'd prefer to avoid the use of tmpfile()/fclose() in the for loop.
> > Albeit since we set OPEN_ONLY_ONCE, the following should be fine:
> 
> Yep, much better...
> 
> Thanks,
>   Dave


Hi Aaron,

Sorry for the delay in getting around to testing this patch.

Anyway, the tmpfile() portion certainly looks better, but I didn't have
any luck with my testing of the patch functionality.

My first test attempt was with the kmalloc-32 slab freelist corruption vmcores
that I'm looking at, just because they involve the kmem_cache data structure,
which contains a per-cpu pointer to each cpu's the kmem_cache_cpu structure:

  struct kmem_cache {
        struct kmem_cache_cpu __percpu *cpu_slab;
        ...

First -- looking at it without your patch -- here is the kmem_cache.cpu_slab
per-cpu pointer:

  crash> kmem_cache.cpu_slab ffff880333001c00
    cpu_slab = 0x163c0
  crash>

Taking that percpu address, I can look at each cpu's instance of the 
kmem_cache_cpu structure like so, and can see the corruptio of cpu 3's
freelist pointer:

  crash> kmem_cache_cpu 0x163c0:a
  [0]: ffff88033fc163c0
  struct kmem_cache_cpu {
    freelist = 0xffff88031c028fa0, 
    tid = 31034440, 
    page = 0xffffea000c700a00, 
    partial = 0xffffea000ca5d380
  }
  [1]: ffff88033fc963c0
  struct kmem_cache_cpu {
    freelist = 0xffff8802d44c91c0, 
    tid = 28218351, 
    page = 0xffffea000b513240, 
    partial = 0x0
  }
  [2]: ffff88033fd163c0
  struct kmem_cache_cpu {
    freelist = 0xffff8802d442ba80, 
    tid = 25768102, 
    page = 0xffffea000b510ac0, 
    partial = 0xffffea000c9bce40
  }
  [3]: ffff88033fd963c0
  struct kmem_cache_cpu {
    freelist = 0xffff001090e33f80, 
    tid = 26298247, 
    page = 0xffffea0006438cc0, 
    partial = 0xffffea0002ec8b80
  }
  crash> 

Now, with your patch applied, I get this:

  crash> kmem_cache_cpu 163c0:a
  struct: invalid percpu symbol value: 163c0
  crash> 

I tried it both with your original patch, and with your original patch 
with your updated open_tmpfile() segment jammed in.

Dave

More information about the Crash-utility mailing list