Debugging Kernel without Debugger

Similar documents
SystemTap for Enterprise

Scalability Efforts for Kprobes

Tracing Lustre. New approach to debugging. ORNL is managed by UT-Battelle for the US Department of Energy

System Wide Tracing User Need

RAS Enhancement Activities for Mission-Critical Linux Systems

Uprobes: User-Space Probes

Helping Developers Help You. Tom Caputi

Contribute To Linux Mainline

Introduction p. 1 Why Linux? p. 2 Embedded Linux Today p. 3 Open Source and the GPL p. 3 Free Versus Freedom p. 4 Standards and Relevant Bodies p.

Linux Foundation Collaboration Summit 2010

Efficient and Large Scale Program Flow Tracing in Linux. Alexander Shishkin, Intel

Analyzing Kernel Behavior by SystemTap

CS354 gdb Tutorial Written by Chris Feilbach

Postmortem Debugging with Coresight HKG18-TR14. Leo Yan, Linaro Support and Solutions Engineering

Low-Overhead Ring-Buffer of Kernel Tracing in a Virtualization System

LinuxCon 2010 Tracing Mini-Summit

Systemtap times April 2009

Userspace Application Tracing with Markers and Tracepoints

Enhancement Activities on the Current Upstream Kernel for Mission-Critical Systems

The State of Kernel Debugging Technology. Jason Wessel - Product Architect for WR Linux Core Runtime - Kernel.org KDB/KGDB Maintainer

1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques

SystemTap update & overview. Josh Stone Software Engineer, Red Hat

RALPH BÖHME, SERNET, SAMBA TEAM UNDERSTANDING AND IMPROVING SAMBA FILESERVER PERFORMANCE HOW I FELL IN LOVE WITH SYSTEMTAP AND PERF

LinuxCon North America 2016 Investigating System Performance for DevOps Using Kernel Tracing

An Event-Based Instrumentation Language for Dynamic Binary Translation Systems

SystemTap Tutorial - Part 1

Overhead Evaluation about Kprobes and Djprobe (Direct Jump Probe)

Debugging and Tracing of Many-core Processors Simon Marchi

Seiji Aguchi. Development Status of Troubleshooting Features, Tracing, Message Logging in Linux Kernel 5/20/2014

User Space Tracing in Small Footprint Devices. (How Low can You Go?)

Laboratorio di Programmazione. Prof. Marco Bertini

Debugging of CPython processes with gdb

Linux Kernel on RISC-V: Where do we stand?

Improving Linux development with better tools

Application Fault Tolerance Using Continuous Checkpoint/Restart

Kernel Debugging with netdump and crash Worcester Linux Users Group January 13th, 2005

ebpf Debugging Infrastructure Current Techniques and Additional Proposals

Debugging realtime application with Ftrace

Malware

Project #1: Tracing, System Calls, and Processes

Yocto Project components

Red Hat Enterprise Linux 5.5

Reboot adieu! Online Linux kernel patching. Udo Seidel

Systems Programming. Fatih Kesgin &Yusuf Yaslan Istanbul Technical University Computer Engineering Department 18/10/2005

NSIGHT ECLIPSE EDITION

Lab 3-2: Exploring the Heap

LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017

Stacktraces in perf and ftrace. Frederic Weisbecker Collaboration summit 2012

Intro to Segmentation Fault Handling in Linux. By Khanh Ngo-Duy

Linux Kernel Validation Tools. Nicholas Mc Guire Distributed & Embedded Systems Lab Lanzhou University, China

A Guide to the Linux Kernel Development Process. Jonathan Corbet LWN.net

Android Debugging and Performance Analysis

Dynamic Tracing and Instrumentation

Ftrace - What s new. Since my last explanation of ftrace (from v3.18) Steven Rostedt 25/10/ VMware Inc. All rights reserved.

Thwarting unknown bugs: hardening features in the mainline Linux kernel

CHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

John A. Ronciak Staff Engineer NCG/NID/LAO Intel Corp.

Unix and C Program Development SEEM

Reverse Engineering with IDA Pro. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

What's New in CDT 7.0? dominique dot toupin at ericsson dot com

NSIGHT ECLIPSE EDITION

CS/COE 0449 term 2174 Lab 5: gdb

An Introduction to Python (TEJ3M & TEJ4M)

Short Introduction to Tools on the Cray XC systems

Improving Linux Development with better tools. Andi Kleen. Oct 2013 Intel Corporation

Embedded Linux Primer, Second Edition

Introduction to UNIX. Logging in. Basic System Architecture 10/7/10. most systems have graphical login on Linux machines

NSIGHT ECLIPSE EDITION

Section 1: Tools. Contents CS162. January 19, Make More details about Make Git Commands to know... 3

SIMD Instructions outside and inside Oracle 12c. Laurent Léturgez 2016

Recitation: Cache Lab & C

CNIT 127: Exploit Development. Ch 3: Shellcode. Updated

syscall_intercept A user space library for intercepting system calls Author Name, Company Krzysztof Czuryło, Intel

Lab 2: Buffer Overflows

Debugging uclinux on Coldfire

Embedded Linux kernel and driver development training 5-day session

Reboot Reloaded. Patching the Linux Kernel Online. Vojtěch Pavlík. Dr. Udo Seidel. Director SUSE Labs SUSE

Debugging and Version control

Scientific Programming in C IX. Debugging

The Challenges of XDP Hardware Offload

Reviewing gcc, make, gdb, and Linux Editors 1

The Ephemeral Smoking Gun

Chapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on

Debugging. ICS312 Machine-Level and Systems Programming. Henri Casanova

Operating System System Call & Debugging Technique

Tecniche di debugging nel kernel Linux. Andrea Righi -

ELC The future of Tracing and Profiling for Power Management and Accelerators. Making Wireless. Jean Pihet v1.

Adding Inter-event Capabilities to the Linux Trace Event Subsystem

manifold Documentation

Djprobe Kernel probing with the smallest overhead

Linux ftrace, , Android Systrace. Android [2][3]. Linux ftrace. Linux. Intel VTune[6] perf timechart[7]. ,, GPU Intel. .

Testing real-time Linux: What to test and how.

Intel GFX CI and IGT. What services do we provide, our roadmaps, and lessons learnt! Martin Peres & Arek Hiler Feb 3 rd 2018

CUDA Development Using NVIDIA Nsight, Eclipse Edition. David Goodwin

A Practical approach of tailoring Linux Kernel. Junghwan Kang /

Building Debian-Based Products: Experiences in Collaboration

OSTRA: Experiments With on-the-fly Source Patching

Intel Parallel Studio XE 2017 Composer Edition BETA C++ - Debug Solutions Release Notes

CS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!

CSE 451: Operating Systems. Sec$on 2 Interrupts, system calls, and project 1

Transcription:

Debugging Kernel without Debugger Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Software Platform Research Dept. Yokohama Research Lab. Hitachi Ltd., 1

Who am I? Masami Hiramatsu Researcher in Hitachi Yokohama Research Lab. Responsible for Linux kernel development Working on tracing/debugging/virtualization/embedded etc... Linux kernel developer Kprobes maintainer Perftools developer 2

Table of Contents Debugging Kernel Printk KDB SystemTap Preferred Features Perf Probe Ftrace with Dynamic Events 3

Debugging the Kernel What we want to know Which points were passed? What value the variables have? Kernel Features/tools Printk KDB Easy to use. Everyone knows! Local debugging with KDB Remote debugging with KGDB via GDB SystemTap Scriptable tracing tool Ftrace/Perftools In-kernel tools 4

Printk Easy to use, but... Requires rebuilding kernel Hard to use on production system Takes a time, especially on early stage of trouble shooting. Sometimes timing bug vanishes... Especially on multi-thread racing bug This should be the last resort If there is no other ways... 5

KDB KDB is a great feature No need to use any tool :) But, runtime kernel debugging is sometimes hard Bugs depends on timing (e.g. device initialization) KDB itself can t use debuginfo It s KGDB which is a debugger! No online disassembler It is hard to put breakpoint via local KDB 6

SystemTap SystemTap An infrastructure to simplify the gathering of information about the running Linux system. Pros Programmable dynamic event tracing Dynamic == you can define event on every line of kernel source without rebuilding kernel :) Cons Requires a kernel build environment :-( Depends on stable kernel module APIs Sometimes it breaks on newer/developing kernel tree Script Language Always we need to write a script for tracing even one event. Out of tree... 7

Preferred Features What features should debugging tools have? Analyze accurate behavior Without rebuilding kernel Without remote machine (use KVM!) No additional language In the mainline (hopefully) no additional tools, just using kernel 8

Perf Probe Perf-tools has a tracing feature Perf Probe provides dynamic printk like feature Perf probe doesn t do anything except what you want! perf probe + perftools ~= SystemTap (script language + compiler) And more feature perf probe + perf script ~= SystemTap (original script language + compiler) + perl or python 9

Easy Usage of Perf Probe Typical Usecase 1) Investigate target code List target functions with -F Find the target line number with -L Check which local variables can be accessed with V 2) Define events Add an event with -a (or just pass event definition) 3) Trace it With perf record 4) Analyze it With perf report or perf script 10

Perf Probe: Example Probe setting and tracing on vfs_read 1) Investigate target code # perf probe -F # perf probe -L vfs_read # perf probe -V vfs_read:4 2) Define events # perf probe -a 'vfs_read:4 file file->f_mode' 3) Trace it # perf record -e probe:vfs_read -arf ls -l 4) Analyze it # perf script See tools/perf/documentation/perf-probe.txt, for details. Useful Links: https://events.linuxfoundation.org/slides/lfcs2010_hiramatsu.pdf http://blog.vmsplice.net/2011/03/how-to-use-perf-probe.html 11

Recent Upstream Works Hardware branch tracer Offline Module Tracing Uprobes 12

Offline/Online Module Tracing Perf Probe can puts events on modules (drivers) It is also possible to put events on off-line modules Motivation: trace driver initialization Usage Online module: Most of driver troubles happen on initializing device # perf probe m <MODULE_NAME> XXX_func # perf record e probe:xxx_func <do-something> # perf report Offline module: # perf probe m <PATH_TO_MODULE> XXX_initfunc # perf record e probe:xxx_initfunc modprobe XXX # perf report 13

Module Tracing Example Tracing OpenvSwitch init function # perf probe -m /lib/modules/3.3.0- rc7+/kernel/net/openvswitch/openvswitch.ko -a "ovs_vport_init:7 dev_table" Added new events: probe:ovs_vport_init (on ovs_vport_init:7 with dev_table) probe:ovs_vport_init_1 (on ovs_vport_init:7 with dev_table) probe:ovs_vport_init_2 (on ovs_vport_init:7 with dev_table) You can now use it in all perf tools, such as: perf record -e probe:ovs_vport_init_2 -ar sleep 1 # perf record e probe:ovs_ * modprobe openvswitch # perf script... modprobe 5796 [000] 1863.444330: ovs_vport_init: (ffffffffa00d7734) dev_table=0 modprobe 5796 [000] 1863.444335: ovs_vport_init_1: (ffffffffa00d773f) dev_table=ffff8801adf14000 14

Uprobes with Perf Probe Uprobes implementation is under going on tip-tree (perf/uprobes) Add new events on user program -x option for specifying program binary # perf probe x /lib64/libc.so.6 malloc Currently, you can only use symbols Debuginfo analyzer will be able to handle user programs too. 15

Debugging without Tools Debugging methods: what do we need to know? 1) Which path did kernel execute? 2) What value the variables had? 3) From where the kernel reached? How does the ftrace help us? 1) function-call graph and traceevent (static and dynamic) 2) traceevent (static and dynamic) 3) stacktrace 16

Easy Usage of Ftrace Debugging a kernel on small system (e.g. lkvm, embedded) Your tools: kallsyms, disassembler, ftrace Don t be so sad, still you have great power tools in kernel! 1) Mount debugfs 2) Find related functions in /proc/kallsyms 3) Disassemble the functions 4) Put events on the functions 5) Trace it. 17

Ftrace: Example Probe setting and tracing on vfs_read 1) Mount debugfs # mount t debugfs none /sys/kernel/debug 2) Find related functions # grep read /proc/kallsyms 3) Analyze Binary without any tool! # cat vfs_read > /sys/kernel/debug/x86/disassembler # cat /sys/kernel/debug/x86/disassembler 4) Add event # echo 'p vfs_read+.. %di +0x3c(%di):u32' >> kprobe_events 5) Trace it! # echo 1 > events/kprobes/p_vfs_read_../enable # cat trace 18

X86 Disassembler Features Support only most popular instructions Support rawcode/address dump feature Symbols are automatically solved (by kallsyms) No-MMX, No-SSE, No-AVX, etc. Because these instructions rarely(0.01%?) used in kernel It is easy to enhance it to support those, but who cares? AT&T-like syntax (not fully compatible with objdump) Operand-size suffixes (d,q,dq etc.) are ignored. Some instructions name isn t correct.(e.g. cbw) If you revert the AT&T-rize patch, it shows in Intel syntax. 19

x86 Disassembler interfaces In-kernel disassembler can show assembly code This is only for x86 and fun! You don t need outer-tools except shell and kernel! E.g. Debugging kernel on busybox is now possible :) Interfaces via debugfs: /sys/kernel/debug/x86/disassembler Write a target kernel function name or address and read it. via KDB: dis command is now available This helps you to put breakpoint on-line, a lot! via panic message: kernel dumps assembly code Instead of useless byte code, it shows assembly code. via userspace tool: tools/bogodis Just for testing. 20

X86 Disassembler internal Disassembler relays on x86 instruction decoder Based on same opecode map data Use similar AWK script to generate instruction format table at build time Git repository Awk script Instruction attribute table include Instruction decoder X86- opcodemap.txt Generating at build time Use Awk script Instruction format table include disassembl er 21

Another function: Stacktrace Ftrace with dynamic event allows you to get stacktrace everywhere. Just write 1 into tracing/options/stacktrace # echo 1 > /sys/kernel/debug/tracing/options/stacktrace # echo 1 > /sys/kernel/debug/tracing/events/probe/enable # modprobe openvswitch # cat trace... modprobe-6935 [000] d... 41899.099670: ovs_vport_init: (ovs_vport_init+0x24/0x50 [openvswitch]) dev_table=0 modprobe-6935 [000] d... 41899.099675: <stack trace> => => do_one_initcall => sys_init_module => system_call_fastpath modprobe-6935 [000] d... 41899.099678: ovs_vport_init_1: (ovs_vport_init+0x2f/0x50 [openvswitch]) dev_table=ffff8801adf16000 modprobe-6935 [000] d... 41899.099680: <stack trace> => => do_one_initcall => sys_init_module 22

Summary Perftool is a powerful tool for debugging kernel Without any out-of-tree tools. Perftools is shipped with kernel :) If you don t have perftools, you can use ftrace Ftrace is a native debugging tool in kernel Recent x86 disassembler helps it a lot! We don t need external Debugger 23

Future Work What features do we need for debugging? Linux already have debugger, tracer, etc. Refactoring tracing/debugging subsystems Refactoring among similar features Ex) SW breakpoint is used by *probes/kgdb Ingo Molnar is working for consolidation Many ring-buffers in kernel Ex) Perf, ftrace, relayfs etc. Virtualization isn t matter? Guest tracing is similar to application tracing (LTTng helps?) 24

Questions? Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> 25

END Debugging Kernel without Debugger Linux Collaboration Summit 2012 Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Yokohama Research Lab. Hitachi Ltd.,

Trademarks Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Intel and Core are trademarks or registered trademarks of Intel Corporation in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. 27

28

APPENDIX 29

Example1 Add new event on socket and record it e.g. # perf probe -a "sock_sendmsg sock size # perf probe -a "sock_recvmsg sock size # perf record -e probe:* -afr top (exit) # perf trace rdesktop-15710 [001] 96311.971853: sock_recvmsg: (ffffffff814486c0) sock=ffff880161c94780 size=4 rdesktop-15710 [001] 96311.971868: sock_recvmsg: (ffffffff814486c0) sock=ffff880161c94780 size=d9 rdesktop-15710 [001] 96311.998124: sock_sendmsg: (ffffffff81448850) sock=ffff880161c94780 size=3d cupsd-980 [001] 96312.414984: sock_recvmsg: (ffffffff814486c0) sock=ffff8801abecf480 size=604 rdesktop-15710 [001] 96312.511370: sock_recvmsg: (ffffffff814486c0) sock=ffff880161c94780 size=4 30

Example2 Perf probe scripting is also available e.g.) # perf trace -g perl generated Perl script: perf-trace.pl # vi perf-trace.pl sub trace_end { print("sent total size: n"); while (($sock, $size) = each (%sockstat_send)) { printf("socket:%x %d bytes n", $sock, $size) }... } sub probe::sock_sendmsg {... $sockstat_send{$sock} += $size; } # perf trace -s perl:perf-trace.pl Sent total size: socket:ffff880161c94780 488 bytes Received total size: socket ffff8801abecf480 1540 bytes socket ffff880161c94780 24258 bytes 31

X86 Disassembler API Simple API disassemble(char *buf, size_t len, struct insn *insn) Print assembly code at address into buf. If next is given, put the next instruction address in that. Buf : a buffer to where disassembled code is stored Len: Length of buf Insn: Disassemble target instruction E.g. disassemble 1 instruction at given address kernel_insn_init(&insn, address); if (disassemble(buf, len, &insn) >= 0) printk( %p: %s, address, buf); 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback