Why I added new features to crash tool?

Sometimes, some linux kernel in another platform are missing struct task_struct.sched_info.last_arrival element. For this matter, it is hard to know how the processes are executed at the time of order.

The "ps -e" command allows for listing the process at the time of order based on execution launching time.

crash> ps -e

ps: exec_start - task_struct.se.exec_start will be displayed at the time of order

   2123      1   4  e2d8ca40  IN   0.2   33324   7556  Aat_key_press

     36      2   4  eb5d9440  IN   0.0       0      0  [ksoftirqd/4]

   2118      1   4  e203c380  UN   0.2   33324   7556  func_keypress

    904      1   4  d0f04380  IN   0.1   57988   3148  thermal-engine

   1783      1   4  e59e9b00  UN   0.3   50144  13760  wireless_cmdmgr

   1250      1   4  e6eaaf40  UN   0.0   14724   1668  mtsd

    347      2   4  c4f9e540  UN   0.0       0      0  [mmc-cmdqd/0]

    713      2   4  ccdee540  IN   0.0       0      0  [kworker/u16:9]

   1701   1677   4  e58f86c0  UN   0.0    3944   1672  kernel_logger

    342      2   4  c4f98000  IN   0.0       0      0  [cfinteractive]

>   545      1   7  e91bc380  RU   0.4  127608  15532  Binder:482_2

   1793      1   5  e58fbcc0  IN   0.1   19544   2832  MSensorControl

>  1901      1   5  e4bf6540  RU   0.1   64628   5348  TouchLocation

    544      1   5  e91baf40  IN   0.4  127608  15532  DispSync

    616      1   5  e92d2880  IN   0.4  127608  15532  EventThread

   1878      1   5  e4ba3cc0  IN   0.1   82996   5608  SensorEventAckR


As sanity-test, it proves that output of "ps -e" command is the same as that of "ps -l" command.

crash> ps -l

[303201734830] [IN]  PID: 2123   TASK: e2d8ca40  CPU: 4   COMMAND: "Aat_key_press"

[303200690976] [IN]  PID: 36     TASK: eb5d9440  CPU: 4   COMMAND: "ksoftirqd/4"

[303163325351] [UN]  PID: 2118   TASK: e203c380  CPU: 4   COMMAND: "func_keypress"

[303160294830] [IN]  PID: 904    TASK: d0f04380  CPU: 4   COMMAND: "thermal-engine"

[303113625611] [UN]  PID: 1783   TASK: e59e9b00  CPU: 4   COMMAND: "wireless_cmdmgr"

[303113595247] [UN]  PID: 1250   TASK: e6eaaf40  CPU: 4   COMMAND: "mtsd"

[303113557955] [UN]  PID: 347    TASK: c4f9e540  CPU: 4   COMMAND: "mmc-cmdqd/0"

[303113325299] [IN]  PID: 713    TASK: ccdee540  CPU: 4   COMMAND: "kworker/u16:9"

[303112047955] [UN]  PID: 1701   TASK: e58f86c0  CPU: 4   COMMAND: "kernel_logger"

[303111794049] [IN]  PID: 342    TASK: c4f98000  CPU: 4   COMMAND: "cfinteractive"

[303090714882] [RU]  PID: 1901   TASK: e4bf6540  CPU: 5   COMMAND: "TouchLocation"

[303090673424] [IN]  PID: 1793   TASK: e58fbcc0  CPU: 5   COMMAND: "MSensorControl"

[303084315090] [IN]  PID: 544    TASK: e91baf40  CPU: 5   COMMAND: "DispSync"

[303084262278] [IN]  PID: 616    TASK: e92d2880  CPU: 5   COMMAND: "EventThread"

[303083165715] [IN]  PID: 1878   TASK: e4ba3cc0  CPU: 5   COMMAND: "SensorEventAckR"


As for this project, "ps -l" does not work as below.

crash> ps -l

ps: last-run timestamps do not exist in this kernel

Usage:

  ps [-k|-u|-G] [-s] [-p|-c|-t|-[l|m][-C cpu]|-a|-g|-r|-S]

     [pid | task | command] ...

Enter "help ps" for details.


crash> ps -e

crash> ps -e

ps: exec_start - task_struct.se.exec_start will be displayed at the time of order

> 31114      2   3  c2385280  RU   0.0       0      0  [kworker/u8:0]

> 21723      2   0  eb33bc80  RU   0.0       0      0  [kworker/u8:3]

  20759      1   1  d243b700  IN   0.0   42688   1536  atd

> 29684      1   2  c1c31080  RU   0.0       0      0  thread-pool-0

  31741      2   0  c2888580  IN   0.0       0      0  [kworker/0:0]

  32030      2   0  cd6c5d80  IN   0.0       0      0  [kworker/u8:2]

    757      1   1  dccfb700  IN   0.0   50520   1248  thermal-engine

    701      1   1  e4624d00  IN   0.0   10848    904  gbmd

  30403      2   3  e6decd00  IN   0.0       0      0  [kworker/3:2]

     10      2   0  ee45b180  IN   0.0       0      0  [rcuop/0]

      7      2   0  ee45a100  IN   0.0       0      0  [rcu_preempt]

    700      1   0  e4623180  IN   0.0   10848    904  gbmd

    699      1   0  e4623c80  IN   0.0   10848    904  gbmd

  32291      1   0  e6dee300  IN   0.4   70608  14952  cameraserver

    446      1   0  e9de3700  IN   0.0    4868    952  servicemanager

  23230      2   1  e6e41080  IN   0.0       0      0  [kworker/1:2]

    293      2   0  c3e47380  UN   0.0       0      0  [mmc-cmdqd/0]

    289      2   0  c3e45d80  IN   0.0       0      0  [irq/148-7824900]


Patches to add new feature listing the process at the time of order based upon "((struct task_struct).se.exec_start"

diff --git a/defs.h b/defs.h

index a1746cc..c5d26ea 100644

--- a/defs.h

+++ b/defs.h

@@ -952,6 +952,9 @@ struct vaddr_range {


 #define MAX_MACHDEP_ARGS 5  /* for --machdep/-m machine-specific args */


 struct machdep_table {

  ulong flags;

  ulong kvbase;

@@ -1719,6 +1722,11 @@ struct offset_table {                    /* stash of commonly-used offsets */

  long vcpu_struct_rq;

  long task_struct_sched_info;

  long sched_info_last_arrival;

+ long task_struct_sched_entity;

+ long se_exec_start;

+

  long page_objects;

  long kmem_cache_oo;

  long char_device_struct_cdev;

@@ -4426,9 +4434,18 @@ extern long _ZOMBIE_;

 #define PS_BY_REGEX    (0x8000)

 #define PS_NO_HEADER  (0x10000)

 #define PS_MSECS      (0x20000)

+#if 1

+#define PS_EXEC_START    (0x40000)

+#define PS_SUMMARY    (0x80000)

+#else

 #define PS_SUMMARY    (0x40000)

+#endif


+#if 1

+#define PS_EXCLUSIVE (PS_TGID_LIST|PS_ARGV_ENVP|PS_TIMES|PS_CHILD_LIST|PS_PPID_LIST|PS_LAST_RUN|PS_EXEC_START|PS_RLIMIT|PS_MSECS|PS_SUMMARY)

+#else

 #define PS_EXCLUSIVE (PS_TGID_LIST|PS_ARGV_ENVP|PS_TIMES|PS_CHILD_LIST|PS_PPID_LIST|PS_LAST_RUN|PS_RLIMIT|PS_MSECS|PS_SUMMARY)

+#endif


 #define MAX_PS_ARGS    (100)   /* maximum command-line specific requests */


@@ -5102,6 +5119,9 @@ ulong task_state(ulong);

 ulong task_mm(ulong, int);

 ulong task_tgid(ulong);

 ulonglong task_last_run(ulong);

+#if 1

+ulonglong task_exec_start(ulong);

+#endif

 ulong vaddr_in_task_struct(ulong);

 int comm_exists(char *);

 struct task_context *task_to_context(ulong);

diff --git a/filesys.c b/filesys.c

index 9b59998..68452f5 100644

--- a/filesys.c

+++ b/filesys.c

@@ -3671,7 +3671,7 @@ get_live_memory_source(void)

   sprintf(modname1, "%s.o", pc->memory_module);

                 sprintf(modname2, "%s.ko", pc->memory_module);

          while (fgets(buf, BUFSIZE, pipe)) {

-   if (strstr(buf, "invalid option") &&

+   if (strstr(buf, "invalid option: filesys.c 3674") &&

        (uname(&utsname) == 0)) {

     sprintf(buf,

         "/lib/modules/%s/kernel/drivers/char/%s",

diff --git a/main.c b/main.c

index 821bb4e..3985448 100644

--- a/main.c

+++ b/main.c

@@ -408,7 +408,7 @@ main(int argc, char **argv)

    break;


   default:

-   error(INFO, "invalid option: %s\n",

+   error(INFO, "main.c @411, invalid option: %s\n",

     argv[optind-1]);

    program_usage(SHORT_FORM);

   }

diff --git a/memory.c b/memory.c

index 216038d..0b97477 100644

--- a/memory.c

+++ b/memory.c

@@ -1756,9 +1756,11 @@ cmd_wr(void)

  long size;

  struct syment *sp;


+// Guillermo would like to update memory content. 11/22/2016

+#if 0

  if (DUMPFILE())

   error(FATAL, "not allowed on dumpfiles\n");

-

+#endif

  memtype = 0;

  buf = NULL;

  addr = 0;

diff --git a/symbols.c b/symbols.c

index a8d3563..6d80834 100644

--- a/symbols.c

+++ b/symbols.c

@@ -8497,6 +8497,11 @@ dump_offset_table(char *spec, ulong makestruct)

                 OFFSET(sched_rt_entity_run_list));

  fprintf(fp, "       sched_info_last_arrival: %ld\n",

                 OFFSET(sched_info_last_arrival));

+ error(INFO, "dump_offset_table: Initializing task_struct.se.exec_start\n");

+ fprintf(fp, "       se_exec_start: %ld\n",

+                OFFSET(se_exec_start));

         fprintf(fp, "       task_struct_thread_info: %ld\n",

                 OFFSET(task_struct_thread_info));

         fprintf(fp, "           task_struct_nsproxy: %ld\n",

@@ -12518,7 +12523,7 @@ OFFSET_verify(long offset, char *func, char *file, int line, char *item)

  if (offset < 0) {

   void *retaddr[NUMBER_STACKFRAMES] = { 0 };

   SAVE_RETURN_ADDRESS(retaddr);

-  sprintf(errmsg, "invalid structure member offset: %s",

+  sprintf(errmsg, "Guillermo: invalid structure member offset: %s",

    item);

   datatype_error(retaddr, errmsg, func, file, line);

  }

diff --git a/task.c b/task.c

index b857cf6..ee3ac45 100644

--- a/task.c

+++ b/task.c

@@ -268,6 +268,23 @@ task_init(void)

          strcpy(buf, "alias last ps -l");

          alias_init(buf);

  }

+

+ MEMBER_OFFSET_INIT(task_struct_sched_entity, "task_struct", "se");

+ error(INFO, "Guillermo: Initializing task_struct.se.exec_start\n");

+ if (VALID_MEMBER(task_struct_sched_entity)) {

+  STRUCT_SIZE_INIT(sched_entity, "sched_entity");

+  MEMBER_OFFSET_INIT(se_exec_start, "sched_entity", "exec_start");

+  char buf[BUFSIZE];

+         strcpy(buf, "alias last ps -e");

+

+  alias_init(buf);

+  if (VALID_MEMBER(se_exec_start)) {

+   error(INFO, "Guillermo:VALID task_struct.se.exec_start\n");

+  }

+ }

+

  MEMBER_OFFSET_INIT(pid_link_pid, "pid_link", "pid");

  MEMBER_OFFSET_INIT(pid_hash_chain, "pid", "hash_chain");


@@ -2471,6 +2488,35 @@ sort_by_pid(const void *arg1, const void *arg2)

                         t1->pid == t2->pid ? 0 : 1);

 }


+static int

+sort_by_exec_start(const void *arg1, const void *arg2)

+{

+ ulong task_last_run_stamp(ulong);

+ struct task_context *t1, *t2;

+ ulonglong lr1, lr2;

+

+ t1 = (struct task_context *)arg1;

+ t2 = (struct task_context *)arg2;

+

+ lr1 = task_exec_start(t1->task);

+ lr2 = task_exec_start(t2->task);

+

+        return (lr2 < lr1 ? -1 :

+  lr2 == lr1 ? 0 : 1);

+}

+

+static void

+sort_context_array_by_exec_start(void)

+{

+        ulong curtask;

+

+ curtask = CURRENT_TASK();

+ qsort((void *)tt->context_array, (size_t)tt->running_tasks,

+  sizeof(struct task_context), sort_by_exec_start);

+ set_context(curtask, NO_PID);

+}


 static int

 sort_by_last_run(const void *arg1, const void *arg2)

@@ -2897,8 +2943,11 @@ cmd_ps(void)

  BZERO(&psinfo, sizeof(struct psinfo));

  cpuspec = NULL;

  flag = 0;

-

+#if 1

+ while ((c = getopt(argcnt, args, "SgstcpkuGlemarC:")) != EOF) {

+#else

         while ((c = getopt(argcnt, args, "SgstcpkuGlmarC:")) != EOF) {

+#endif

                 switch(c)

   {

   case 'k':

@@ -2978,7 +3027,18 @@ cmd_ps(void)

    check_ps_exclusive(flag, PS_LAST_RUN);

    flag |= PS_LAST_RUN;

    break;

-

+  case 'e':

+   if (INVALID_MEMBER(se_exec_start)) {

+    error(INFO,

+                            "exec_start timestamps do not exist in this kernel\n");

+    argerrs++;

+    break;

+   }

+   check_ps_exclusive(flag, PS_EXEC_START);

+   flag |= PS_EXEC_START;

+   break;

   case 's':

    flag |= PS_KSTACKP;

    break;

@@ -3010,6 +3070,12 @@ cmd_ps(void)


  if (flag & (PS_LAST_RUN|PS_MSECS))

   sort_context_array_by_last_run();

+ else if (flag & PS_EXEC_START) {

+  error(INFO, "exec_start - task_struct.se.exec_start will be displayed at the time of order\n");

+  sort_context_array_by_exec_start();

+ }

  else if (psinfo.cpus) {

   error(INFO, "-C option is only applicable with -l and -m\n");

   goto bailout;

@@ -5299,6 +5365,26 @@ task_tgid(ulong task)

         return (ulong)tgid;

 }


+ulonglong

+task_exec_start(ulong task)

+{

+        ulong exec_start;

+ ulonglong timestamp;

+

+ timestamp = 0;

+        fill_task_struct(task);

+

+ if (VALID_MEMBER(se_exec_start)) {

+  timestamp = tt->last_task_read ?  ULONGLONG(tt->task_struct +

+   OFFSET(task_struct_sched_entity) +

+   OFFSET(se_exec_start)) : 0;

+ }

+

+        return timestamp;

+}

+

 ulonglong

 task_last_run(ulong task)

 {



저작자표시

'리눅스 커널의 구조와 원리 > 3. 커널 디버깅과 코드 학습' 카테고리의 다른 글

[LinuxKernel] Trace32(T32) How to use offsetof/container_of macro?  (0) 2019.03.09

Overview

When debugging ramdump with stability issues, I have been spending most of time casting various data structure as belows.

v.v %s (struct task_struct*)0xC1917FCC

For this matter, I made several macros to minimize the debugging time.

The definition of the macro is below.

sYmbol.NEW.MACRO offsetof(type,member) ((int)(&((type*)0)->member))

sYmbol.NEW.MACRO container_of(ptr,type,member) ((type *)((char *)(ptr)-offsetof(type,member)))


offsetof(type,member)

When analyzing assembly code, I have to know the offset of certain element, assembly code is generated based upon offset value of data structure.

[1]: offset: struct kgsl_context.device is calculated as 0x1C

v.v % offsetof(struct kgsl_context,device)

  (int) offsetof(struct kgsl_context,device) = 28 = 0x1C = '....'

[assemble code]

NSR:C0500F68|E594501C                                  ldr     r5,[r4,#0x1C]

[2]: offset: struct adreno_context.rb

v.v % offsetof(struct adreno_context,rb)

  (int) offsetof(struct adreno_context,rb) = 768 = 0x0300 = '....'

[assemble code]

NSR:C0501054|E5943300                                  ldr     r3,[r4,#0x300]


Code segment for this example

449void adreno_drawctxt_detach(struct kgsl_context *context)

450{

451 struct kgsl_device *device;

452 struct adreno_device *adreno_dev;

453 struct adreno_context *drawctxt;

454 struct adreno_ringbuffer *rb;

455 int ret, count, i;

456 struct kgsl_cmdbatch *list[ADRENO_CONTEXT_CMDQUEUE_SIZE];

//snip

460

461 device = context->device;  // <<--[1]

462 adreno_dev = ADRENO_DEVICE(device);

463 drawctxt = ADRENO_CONTEXT(context);

464 rb = drawctxt->rb; // <<--[2]

465


container_of(ptr,type,member)

(Example1)

In order to find out the total element of "struct task_struct" as per "struct task_struct.tasks.next",

I have to manipulate the T32 many times. For this, let me introduce the container_of(ptr,type,member) macro

v.v %h container_of(0xEE458238,struct task_struct,tasks)

  container_of(0xEE458238,struct task_struct,tasks) = 0xEE458000 -> (

    state = 0x1,

    stack = 0xEE44A000,

//snip

    cputime_expires = (utime = 0x0, stime = 0x0, sum_exec_runtime = 0x0),

    cpu_timers = ((next = 0xEE458380, prev = 0xEE458380), (next = 0xEE458388, pr

    real_cred = 0xE2494D00,

    cred = 0xE2494D00,

    comm = "init",


(where)

  [D:0xC16141E8] init_task = (

    [D:0xC16141E8] state = 0x0,

    [D:0xC16141EC] stack = 0xC1600000,

//snip

    [D:0xC161441C] rcu_blocked_node = 0x0,

    [D:0xC1614420] tasks = (

      [D:0xC1614420] next = 0xEE458238,  // <<--

      [D:0xC1614424] prev = 0xC288B938),

    [D:0xC1614428] pushable_tasks = ([D:0xC1614428] prio = 0x8C, [D:0xC161442C] prio_list = ([D:0xC161442C] next = 0x

//snip

    [D:0xC1614584] cred = 0xC1619D18,

    [D:0xC1614588] comm = "swapper/0",

    [D:0xC1614598] link_count = 0x0,

    [D:0xC161459C] total_link_count = 0x0,


v.v %h %s container_of(0xDB63FE68,struct mutex,wait_list)

  container_of(0xDB63FE68,struct mutex,wait_list) = 0xDB63FE54 -> (

    count = (counter = 0xC0C0A56C),

    wait_lock = (rlock = (raw_lock = (slock = 0xC16A057C, tickets = (owner = 0x057C, next = 0xC16A)), magic = 0xC0C08C70, o

    wait_list = (next = 0xDAC43DB8, prev = 0xC15DBC40),

    owner = 0xE0396E00,

    name = 0xDB63FE68 -> ".=..@.].",

    magic = 0xFFFFFFFF)


  container_of(0xDAC43DB8,struct mutex,wait_list) = 0xDAC43DA4 -> (

    count = (counter = 0xC0C0A56C),

    wait_lock = (rlock = (raw_lock = (slock = 0xC16A057C, tickets = (owner = 0x0

    wait_list = (next = 0xDAC55E68, prev = 0xDB63FE68),

    owner = 0xDD5C5D80,

    name = 0xDAC43DB8 -> "h^..h.c..]\..=..``v.,.].",

    magic = 0xDB766060)


(where)  binder_main_lock = (

    count = (counter = 0xFFFFFFFF),

    wait_lock = (rlock = (raw_lock = (slock = 0xF1CCF1CC, tickets = (owner = 0xF

    wait_list = (

      next = 0xDB63FE68 // <<--

        next = 0xDAC43DB8 // <<--

          next = 0xDAC55E68 -> (

            next = 0xC15DBC40 -> (

              next = 0xDB63FE68,


container_of_double_vcast(ptr,type,member,new_member,cast_type)

Definition

sYmbol.NEW.MACRO container_double_vcast(ptr,type,member,new_member,cast_type) ((cast_type *)(*(type *)((char *)(ptr)-offsetof(type,member)+offsetof(type,new_member))))

(Example1: PHONEMODEL-1958)

container_of_double_vcast(0xDAC43DB8,struct mutex,wait_list,owner,struct task_struct)

  container_of_double_vcast(0xDAC43DB8,struct mutex,wait_list,owner,struct task_struct) = 0xDD5C5D80 -> (

    state = 0x2,

    stack = 0xDAC42000,

    usage = (counter = 0x2),

    flags = 0x00400040,

    ptrace = 0x0,

    wake_entry = (next = 0x0),

    on_cpu = 0x0,

    on_rq = 0x0,

    prio = 0x78,

    static_prio = 0x78,


(where)

  binder_main_lock = (  // <<-- type: struct mutex

    count = (counter = 0xFFFFFFFF),

    wait_lock = (rlock = (raw_lock = (slock = 0xF1CCF1CC, tickets = (owner = 0xF

    wait_list // <<-- member

      next = 0xDB63FE68

        next = 0xDAC43DB8 // <<--  ptr

          next = 0xDAC55E68 -> (

            next = 0xC15DBC40 -> (

              next = 0xDB63FE68,

              prev = 0xDAC55E68),

            prev = 0xDAC43DB8),

          prev = 0xDB63FE68),

        prev = 0xC15DBC40),

      prev = 0xDAC55E68),

    owner = 0xD9E6A100,  // <<-- new_member, cast_type: struct task_struct

    name = 0x0,

    magic = 0xC15DBC2C)


container_down_vcast(ptr,type,member,cast)

Definition

sYmbol.NEW.MACRO container_down_vcast(ptr,type,member,cast) ((cast *)(*(type *)((char *)(ptr)+offsetof(type,member))))


v.v % container_down_vcast(0xC15DBC2C,struct mutex,owner,struct task_struct)

v.v % container_down_vcast(0xC15DBC2C,struct mutex,owner,struct task_struct)

  container_down_vcast(0xC15DBC2C,struct mutex,owner,struct task_struct) = 0xD9E6A100 -> (

    state = 1,

    stack = 0xD9ECC000,

    usage = (counter = 2),

//snip

    min_flt = 304,

    maj_flt = 0,

    cputime_expires = (utime = 0, stime = 0, sum_exec_runtime = 0),

    cpu_timers = ((next = 0xD9E6A448, prev = 0xD9E6A448), (next = 0xD9E6A450, prev = 0xD9E6A450), (next = 0xD9E6A45

    real_cred = 0xDEEF1900,

    cred = 0xDEEF1900,

    comm = "Binder_4",

    link_count = 0,


(where)

  [D:0xC15DBC2C] binder_main_lock = (  // <<-- ptr: 0xC15DBC2C, type: struct mutex

    [D:0xC15DBC2C] count = ([D:0xC15DBC2C] counter = -1),

    [D:0xC15DBC30] wait_lock = ([D:0xC15DBC30] rlock = ([D:0xC15DBC30] raw_lock

    [D:0xC15DBC40] wait_list = ([D:0xC15DBC40] next = 0xDB63FE68, [D:0xC15DBC44]

    [D:0xC15DBC48] owner = 0xD9E6A100,  // <<--member, cast: struct task_struct

    [D:0xC15DBC4C] name = 0x0,

    [D:0xC15DBC50] magic = 0xC15DBC2C)


threadoffset(ptr)

Definition

sYmbol.NEW.MACRO threadoffset(ptr) ((ptr ~0x1fff))

sYmbol.NEW.MACRO thread_of(ptr) ((struct thread_info *)((int *)threadoffset(ptr)))

When kernel crash occurs, the kernel dumps below logs

[ 1894.897301] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM

[ 1894.897314] Modules linked in: texfat(PO)

[ 1894.897333] CPU: 2 PID: 4324 Comm: Binder_4 Tainted: P        W  O 3.10.49-g184f2e4 #1

[ 1894.897347] task: d9e6a100 ti: d9ecc000 task.ti: d9ecc000

[ 1894.897362] PC is at __list_add+0x9c/0xd0

[ 1894.897376] LR is at __list_add+0x58/0xd0

[ 1894.897390] pc : [<c032e9e8>]    lr : [<c032e9a4>]    psr: 000f0093

[ 1894.897390] sp : d9ecdd90  ip : 00000000  fp : dc08da00

[ 1894.897409] r10: d9ecc000  r9 : c16a39ec  r8 : d9e6a100

[ 1894.897422] r7 : 00000000  r6 : d9ecddb8  r5 : c15dbc40  r4 : c0004860

[ 1894.897435] r3 : 00000000  r2 : 00001201  r1 : c16a28a8  r0 : 00000000

[ 1894.897450] Flags: nzcv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user

[ 1894.897464] Control: 10c0383d  Table: 9e06006a  DAC: 00000015

[ 1894.897476] Process Binder_4 (pid: 4324, stack limit = 0xd9ecc238)

[ 1894.897489] Stack: (0xd9ecdd90 to 0xd9ece000)

[ 1894.897504] dd80:                                     00000000 c0004860 c15dbc40 c15dbc2c

[ 1894.897522] dda0: 600f0013 d9ecc030 c15dbc30 c0c08bcc d9ecdddc c15dbc40 d9ecddb8 d9ecddb8

[ 1894.897540] ddc0: 11111111 d9ecddb8 600f0013 c15dbc2c de364e00 b786a844 d9ecc038 c1660598

[ 1894.897557] dde0: 00000000 d9ecc000 dc08da00 c0c08e70 ddf0f000 c072d020 ded48000 c018b544

[ 1894.897574] de00: 00000000 800f0193 00000028 dd041600 c8002ab0 b781ee04 00000000 db0d1c00

[ 1894.897591] de20: c8002ad0 00000000 00000000 b786a840 b786a940 ddf0f01c d9ecdee0 d9ecc000


With any stack address, the (struct thread_info*) can be casted with the single command.

v.v %all thread_of(0xd9ecdd90)

  (struct thread_info *) thread_of(0xd9ecdd90) = 0xD9ECC000 = __bss_stop+0x1855F

    (long unsigned int) flags = 0 = 0x0 = '....',

    (int) preempt_count = 3 = 0x3 = '....',

    (mm_segment_t) addr_limit = 3204448256 = 0xBF000000 = '....',

    (struct task_struct *) task = 0xD9E6A100 = __bss_stop+0x184FD964 -> ((long i

    (struct exec_domain *) exec_domain = 0xC1579CDC = default_exec_domain -> ((c

    (__u32) cpu = 2 = 0x2 = '....',

    (__u32) cpu_domain = 21 = 0x15 = '....',

    (struct cpu_context_save) cpu_context = ((__u32) r4 = 3740230976 = 0xDEEF654

    (__u32) syscall = 0 = 0x0 = '....',

    (__u8 [16]) used_cp = "",

    (long unsigned int [2]) tp_value = ([0] = 3001371000 = 0xB2E54978 = '..Ix',

    (union fp_state) fpstate = ((struct fp_hard_struct) hard = ((unsigned int [3

    (union vfp_state) vfpstate = ((struct vfp_hard_struct) hard = ((__u64 [32])

    (struct restart_block) restart_block = ((long int (*)()) fn = 0xC0131A64 = d


v.v %all thread_of(0xd9ecddc0)

  (struct thread_info *) thread_of(0xd9ecddc0) = 0xD9ECC000 = __bss_stop+0x1855F

    (long unsigned int) flags = 0 = 0x0 = '....',

    (int) preempt_count = 3 = 0x3 = '....',

    (mm_segment_t) addr_limit = 3204448256 = 0xBF000000 = '....',

    (struct task_struct *) task = 0xD9E6A100 = __bss_stop+0x184FD964 -> ((long i

    (struct exec_domain *) exec_domain = 0xC1579CDC = default_exec_domain -> ((c

    (__u32) cpu = 2 = 0x2 = '....',

    (__u32) cpu_domain = 21 = 0x15 = '....',

    (struct cpu_context_save) cpu_context = ((__u32) r4 = 3740230976 = 0xDEEF654

    (__u32) syscall = 0 = 0x0 = '....',

    (__u8 [16]) used_cp = "",

    (long unsigned int [2]) tp_value = ([0] = 3001371000 = 0xB2E54978 = '..Ix',

    (union fp_state) fpstate = ((struct fp_hard_struct) hard = ((unsigned int [3

    (union vfp_state) vfpstate = ((struct vfp_hard_struct) hard = ((__u64 [32])

    (struct restart_block) restart_block = ((long int (*)()) fn = 0xC0131A64 = d


저작자표시

'리눅스 커널의 구조와 원리 > 3. 커널 디버깅과 코드 학습' 카테고리의 다른 글

[LinuxKernel] Crash-Utility: add new command "ps -e"  (0) 2019.03.09

+ Recent posts

티스토리툴바