Is it possible to arbitrarily generate (in a module say) a function call
trace?
Simon Turvey
Simon Turvey wrote:
>
> Is it possible to arbitrarily generate (in a module say) a function call
> trace?
>
Just insert the dereference of a NULL pointer where you wan't to have
it.
The oops gives you what you wan't....
Or better attach the gdb to /proc/kmem (you will have to compile the
kernel with
debugging on in front of this action) and have fun.
On Fri, Nov 30, 2001 at 04:33:58PM +0100, Martin Dalecki wrote:
> Simon Turvey wrote:
> >
> > Is it possible to arbitrarily generate (in a module say) a function call
> > trace?
> >
>
> Just insert the dereference of a NULL pointer where you wan't to have
> it.
> The oops gives you what you wan't....
> Or better attach the gdb to /proc/kmem (you will have to compile the
> kernel with
> debugging on in front of this action) and have fun.
I'm using this ia32-only solution, as killing userspace program is not
acceptable under some conditions. Patch below was generated from
my 2.5.0-pre1 tree.
Petr Vandrovec
[email protected]
diff -urdN linux/arch/i386/kernel/traps.c linux/arch/i386/kernel/traps.c
--- linux/arch/i386/kernel/traps.c Sun Sep 30 19:26:08 2001
+++ linux/arch/i386/kernel/traps.c Mon Nov 26 15:40:47 2001
@@ -237,6 +237,42 @@
printk("\n");
}
+void printstate(void) {
+ asm volatile (
+ "pushl %%ss\n\t"
+ "pushl %%esp\n\t"
+ "pushfl\n\t"
+ "pushl %%cs\n\t"
+ "call 1f\n"
+ "1:\n\t"
+ "pushl %%eax\n\t"
+ "pushl %%ds\n\t"
+ "pushl %%es\n\t"
+ "pushl %%eax\n\t"
+ "pushl %%ebp\n\t"
+ "pushl %%edi\n\t"
+ "pushl %%esi\n\t"
+ "pushl %%edx\n\t"
+ "pushl %%ecx\n\t"
+ "pushl %%ebx\n\t"
+ "movl %%esp,%%eax\n\t"
+ "pushl %%eax\n\t"
+ "call show_registers\n\t"
+ "addl $4,%%esp\n\t"
+ "popl %%ebx\n\t"
+ "popl %%ecx\n\t"
+ "popl %%edx\n\t"
+ "popl %%esi\n\t"
+ "popl %%edi\n\t"
+ "popl %%ebp\n\t"
+ "popl %%eax\n\t"
+ "popl %%es\n\t"
+ "popl %%ds\n\t"
+ "popl %%eax\n\t"
+ "addl $20,%%esp\n\t"
+ : : : "memory" );
+}
+
spinlock_t die_lock = SPIN_LOCK_UNLOCKED;
void die(const char * str, struct pt_regs * regs, long err)
diff -urdN linux/kernel/ksyms.c linux/kernel/ksyms.c
--- linux/kernel/ksyms.c Wed Nov 21 22:07:25 2001
+++ linux/kernel/ksyms.c Mon Nov 26 15:40:47 2001
@@ -71,6 +71,9 @@
};
#endif
+extern void printstate(void);
+
+EXPORT_SYMBOL(printstate);
EXPORT_SYMBOL(inter_module_register);
EXPORT_SYMBOL(inter_module_unregister);
On Fri, 30 Nov 2001, Simon Turvey wrote:
> Is it possible to arbitrarily generate (in a module say) a function call
> trace?
gcc has builtin macros to trace back or ( on x86 ) you can simply chain
through %esp/%ebp
- Davide
Davide Libenzi wrote:
>
> On Fri, 30 Nov 2001, Simon Turvey wrote:
>
> > Is it possible to arbitrarily generate (in a module say) a function call
> > trace?
>
> gcc has builtin macros to trace back or ( on x86 ) you can simply chain
> through %esp/%ebp
That only works if you compile with frame pointers, which the kernel
turns off for performance reasons (due to register pressure on the x86).
--
Brian Gerst
On Fri, 30 Nov 2001, Brian Gerst wrote:
> Davide Libenzi wrote:
> >
> > On Fri, 30 Nov 2001, Simon Turvey wrote:
> >
> > > Is it possible to arbitrarily generate (in a module say) a function call
> > > trace?
> >
> > gcc has builtin macros to trace back or ( on x86 ) you can simply chain
> > through %esp/%ebp
>
> That only works if you compile with frame pointers, which the kernel
> turns off for performance reasons (due to register pressure on the x86).
I thought it was a general question not a kernel code one.
Sure -fomit-frame-pointer is on inside the kernel.
- Davide
Davide Libenzi wrote:
>
> On Fri, 30 Nov 2001, Brian Gerst wrote:
>
> > Davide Libenzi wrote:
> > >
> > > On Fri, 30 Nov 2001, Simon Turvey wrote:
> > >
> > > > Is it possible to arbitrarily generate (in a module say) a function call
> > > > trace?
> > >
> > > gcc has builtin macros to trace back or ( on x86 ) you can simply chain
> > > through %esp/%ebp
> >
> > That only works if you compile with frame pointers, which the kernel
> > turns off for performance reasons (due to register pressure on the x86).
>
> I thought it was a general question not a kernel code one.
> Sure -fomit-frame-pointer is on inside the kernel.
With the , well exception, of the scheduler, which does the task
switching by
overwriting his own return address on the stack by the address of the
next jump point in a process, and needs the frame
pointer therefore ;-).
Try using 'lcrash', part of the LKCD project:
http://lkcd.sourceforge.net/
I'm not sure what you mean by arbitrarily (meaning, it could be
at a snapshot point in time, or it could be while it is running,
etc.) E-mail me if you have further questions, I'll try to help.
--Matt
Brian Gerst wrote:
>
> Davide Libenzi wrote:
> >
> > On Fri, 30 Nov 2001, Simon Turvey wrote:
> >
> > > Is it possible to arbitrarily generate (in a module say) a function call
> > > trace?
> >
> > gcc has builtin macros to trace back or ( on x86 ) you can simply chain
> > through %esp/%ebp
>
> That only works if you compile with frame pointers, which the kernel
> turns off for performance reasons (due to register pressure on the x86).
>
> --
>
> Brian Gerst