[Crash-utility] PATCH 00/10] teach crash to work with "live" ramdump

Dave Anderson anderson at redhat.com
Mon Apr 25 16:19:13 UTC 2016 


Hi Oleg,

Just to (maybe) clarify my first reply...

As I see it, this facility is simply another LIVE_SYSTEM memory source,
of which there currently are /dev/mem, /proc/kcore and /dev/crash.  The
essential difference between them is the pc->readmem plugin:

  /dev/mem -> read_dev_mem
  /proc/kcore -> read_proc_kcore
  /dev/crash -> read_memory_device

The CRASHBUILTIN stuff and related stuff you ran into is only there because
live system analysis typically does not require a crash command line option, 
so crash has to figure what to do when a user just enters "crash".  

In this QEMU/KVM live system case, it would be much easier to initialize things
based upon the crash command line option that specifies it.

Dave


----- Original Message -----
> 
> 
> ----- Original Message -----
> > Hi Dave,
> > 
> > Recently I used crash-tool for the first time and I was pleasantly
> > surprised,
> > it really looks like a very useful and handy debugging tool ;)
> > 
> > And I was surprised again when I figured out that it can be used to debug
> > the
> > live system on the same machine. Cool!
> > 
> > Now I am wondering if we can teach it to debug the live guests runnning
> > under
> > qemu/kvm. This looks certainly possible, qemu supports gdb remote protocol.
> > 
> > But. this obviously needs more work. And. Afaics crash-tool needs some
> > fixes
> > anyway. See 01/10-07/10, but probably it needs more changes, so far I only
> > tried to audit task.c and kernel.c. I tried to document every change, but I
> > am very new to this code so I can be easily wrong.
> > 
> > So can't we teach it to work with live/raw RAM dumpfiles for the start? See
> > 09/10 and 10/10.
> > 
> > With these changes I can run qemu-kvm with the
> > 
> > 	-object memory-backend-file,id=MEM,size=128m,mem-path=/tmp/MEM,share=on
> > 	-numa node,memdev=MEM
> > 
> > options and then do
> > 
> > 	$ crash path-to-guests-vmlinux live:/tmp/MEM at 0
> > 
> > to debug the live guest, No need to dump-guest-memory + restart
> > /usr/bin/crash
> > which can be slow.
> > 
> > What do you think?
> > 
> > Oleg.
> > 
> >  defs.h    |  1 +
> >  filesys.c |  8 ++++----
> >  kernel.c  |  7 +++----
> >  main.c    | 11 +++++++++++
> >  ramdump.c | 49 ++++++++++++++++++++++++++++++++++---------------
> >  task.c    | 13 ++++++-------
> >  tools.c   |  2 +-
> >  7 files changed, 60 insertions(+), 31 deletions(-)
>  
> 
> Hi Oleg,
> 
> This is going to take some time for me to digest.  But without my studying it
> at all, there are a couple things that immediately come to mind.
> 
> First, a couple of nits about the files being modified.
> 
> I see that your overloading the ramdump.c file, but the ramdump facility was
> proposed and added by companies that use a firmware-based facility for
> dumping
> raw ARM/ARM64/MIPS RAM into one or more ramdump files, typically because they
> do/did not have kdump capability with their embedded hardware.  I really
> don't
> feel comfortable conflating that facility with a remote/live QEMU/KVM memory
> source.  Those companies support it, and so any changes that you've added to
> ramdump.c should be accomplished elsewhere.
> 
> Also, we don't want to get this confused in any way with the REMOTE_xxx
> stuff.  The remote.c file and remote access facility was deprecated many
> years ago, but recently resurrected in crash-7.0.4 by Verizon specifically
> for use like so:
> 
>        - Resurrection of the remote analysis capability for use with the
>          "xen-crashd" daemon running on a Xen Dom0 host, which communicates
>          with a paused or shutdown DomU guest kernel.  The daemon can be
>          accessed like so:
> 
>            $ crash localhost:5001,/dev/xenmem vmlinux
> 
>          (dslutz at verizon.com
> 
> I don't think you are modifying their "resurrected" usage, but just an FYI
> since
> you refer to it in your patches.
> 
> >From a crash utility perspective, this QEMU/KVM live memory source is a
> >completely
> new live memory source, and as such should have its own source file and/or
> set of
> functions, as is the case with the other actual dumpfile types, or live
> memory
> sources /proc/kcore, /dev/mem and /dev/crash.
> 
> Now, more to the point...
> 
> Anyway, this is a great idea, and one I've pondered in the past, but is there
> a
> concrete reason that it could not be a simple matter of plugging in a new
> function
> into pc->readmem()?  Currently there are 20+ pluggable readmem functions that
> exist
> for supporting all of the supported dumpfile types and live memory sources.
> Regardless of how it's accomplished, the plug-in basically just needs to be
> able to
> take a physical address and a count (all guaranteed to be contained within a
> page),
> and access/return it.  How it accomplishes that task is hidden from the
> mainstream
> crash code.
> 
> Thanks,
>   Dave
> 
> 
> 
>  
> 
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>

More information about the Crash-utility mailing list