Hi Naveen,
On Wed, Apr 3, 2024 at 12:48 PM Naveen Chaudhary
<naveenchaudhary2010@xxxxxxxxxxx> wrote:
>
> I am analyzing the kdump in latest crash utility 8.0.4++.
>
> I think I loaded the module symbols correctly :
> crash> mod
> MODULE NAME TEXT_BASE SIZE OBJECT FILE
> ffff80007a7e2040 npdereference ffff80007a7e0000 12288 (not loaded) [CONFIG_KALLSYMS]
> crash>
> crash> mod -s npdereference /home/naveen/.repos/src/arm64/linux/drivers/naveen/npdereference.ko
> MODULE NAME TEXT_BASE SIZE OBJECT FILE
> ffff80007a7e2040 npdereference ffff80007a7e0000 12288 /home/naveen/.repos/src/arm64/linux/drivers/naveen/npdereference.ko
>
> But still my backtrace doesn't say the correct symbol name :
> #12 [ffff800082c6ba60] _MODULE_INIT_TEXT_START_npdereference at ffff80007a7e602c [npdereference]
>
> The "sym" command also doesn't point me to the source file :
> crash> sym ffff80007a7e602c
> ffff80007a7e602c (m) _MODULE_INIT_TEXT_START_npdereference+44 [npdereference]
> crash>
I think this is correct and expected output from crash. The
"_MODULE_INIT_TEXT_START_npdereference" represents the module_init
function null_deref_module_init(). I know you are expecting the same
string as the latter, but the internal is a little different from your
thought:
The "_MODULE_INIT_TEXT_START_npdereference", or "_MODULE_INIT_START_ +
module_name", is created intentionally as a pseudo-symbol in
crash:symbols.c:store_module_symbols_v2(), as I quote it here:
st->ext_module_symtable[mcnt].value = lm->mod_init_module_ptr;
st->ext_module_symtable[mcnt].type = 'm';
st->ext_module_symtable[mcnt].flags |= MODULE_SYMBOL;
sprintf(buf3, "%s%s", "_MODULE_INIT_START_", mod_name);
The value/address of the symbol is mod_init_module_ptr, aka the
module_init function.
I don't have the history background why it is designed like this.
Let's disassemble nfsv4.ko as an example:
$ objdump -S nfsv4.ko
...
Disassembly of section .init.text:
0000000000000000 <init_module>:
static int __init init_nfs_v4(void)
{
0: e8 00 00 00 00 callq 5 <init_module+0x5>
5: 53 push %rbx
err = nfs_dns_resolver_init();
if (err)
goto out;
err = nfs_idmap_init();
6: e8 00 00 00 00 callq b <init_module+0xb>
b: 89 c3 mov %eax,%ebx
if (err)
The function name is taken as init_module instead of init_nfs_v4. So
just by guessing, such a pseudo name is better for identification.
Thanks,
Tao Liu
>
> Is there a way to make this work correctly or at least make the "sym" command point to right source file. The kernel module here is called "npdereference.ko" and is in-tree (part of kernel source repo).
>
> Regards,
> Naveen
>
> --
> Crash-utility mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxxxxxx
> https://${domain_name}/admin/lists/devel.lists.crash-utility.osci.io/
> Contribution Guidelines: https://github.com/crash-utility/crash/wiki
--
Crash-utility mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxxxxxx
https://${domain_name}/admin/lists/devel.lists.crash-utility.osci.io/
Contribution Guidelines: https://github.com/crash-utility/crash/wiki
