Differential D56250
kvm: introduce kvm_convert_to_elf() Authored by minsoochoo0122_proton.me on Sat, Apr 4, 2:59 AM. Tags None Referenced Files
Details
Since debugging kernel crash dumps requires libkvm, cross-debugging them is Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me> With D56256, run $ sudo LD_LIBRARY_PATH=/usr/obj/usr/src/freebsd/main/arm64.aarch64/lib/libkvm ./dump2elf -k /boot/kernel/kernel -c /var/crash/vmcore.last ~/vmcore.elf # or $ sudo LD_LIBRARY_PATH=/usr/obj/usr/src/freebsd/main/arm64.aarch64/lib/libkvm ./dump2elf -r -k /boot/kernel/kernel -c /var/crash/vmcore.last ~/vmcore.elf.raw The result shows: $ ls -lh /var/crash/vmcore.3 -rw------- 1 root wheel 13G Apr 15 03:17 /var/crash/vmcore.3 $ ls -lh vmcore.elf -rw-r--r-- 1 root minsoochoo 1.1G Apr 20 06:26 vmcore.elf
Diff Detail
Event TimelineComment Actions This is improvement for D19253, but I moved this to libkvm so utilities like savecore(8) can invoke this easily. Should I open this to fulldump as well and thus rename it to kvm_convert_to_elf()? The reason I'm asking this is because I'm planning to copy .gnu_build_id from kernel to elf core so debuggers can reject it if UUID doesn't match. I can implement it for fulldump while kernel is dumping, but it seems redundant to implement it again in libkvm for minidump.
Comment Actions The point of this feature is to facilitate cross-platform debugging, thus this needs to accept full dumps as well. As a result, the name has changed from kvm_minidump_to_elf() to kvm_convert_to_elf(). Live kernel (/dev/mem) is still unsupported since kvm_walk_pages() doesn't work for that. Comment Actions Hmmm, cross debugging of cross-architectures does work on a FreeBSD host? However, this isn't really a full ELF core dump. You would need to extract register values from the PCBs and store those as register set notes if you want debuggers to really work, and that is kind of complicated anyway as kthreads only include a subset of registers in the pcb unlike userspace core dumps, so in reality NT_PRTSTATUS for core dumps just needs to look different (use a different struct reg layout in essence). This is part of why I really just want to implement this in the kernel directly instead of trying to post-process. libkvm itself is not in a position to find pcb's, for that you need the debug symbols of the kernel and you need to walk the allproc list, etc. Comment Actions Oh, I meant debugging across different operating systems (e.g. FreeBSD arm64 dump on Linux amd64 LLDB). This was something we wanted since the foundation sponsored LLDB's kernel debugging project, but the approach at that time was to port libkvm to other OSes (libfbsdvmcore). The end result was portable libkvm, but the issue was that most distros didn't ship LLDB with that third-party library, hence debugging FreeBSD crash dump was impossible without building LLDB from source with that library included. Also libfbsdvmcore had to catch up with libkvm, but it has been unmaintained for years. My intent here was to have memory dump without NT_PR* notes, basically an alternative to libkvm. In this way, LLDB can reuse existing mechanism of finding offsets and iterating allproc, etc and the only modification needed is updating Process::DoLoadCore(), Process::DoMemoryRead(), and Process::DoMemoryWrite() for ELF core format. But as you said, this is different from most ELF core format with NT_PR*. If kernel wants to save dump as ELF on crash, it would require elf(3)-ish code in kernel binary. Then it needs to save the dump somewhere, which is dumpdev, but fulldump/minidump is already stored there. Also libkvm needs be updated to accept ELF core dump so it can read it after savecore(8). What was the reason for creating minidump format if ELF core can serve the same purpose? Edit: I prefer having ELF core dump on crash which replaces fulldump/minidump. But again, there might be reason why developers created minidump format instead of existing ELF core format. | |||||||||||||||||||||||||||||||||||||||||||||