On 18 March 2016 at 15:28, Mohammad Y. Zachariah <eng.myz@xxxxxxxxx> wrote:
>
> Hello everyone,
>
> I'm taking the way of analysing kernel core dumps as a learning approach using 'crash tool'. One of the interesting crash commands is 'struct' which can print kernel struct definition and/or the actual contents of the structure.
>
> According to struct help page, I need the virtual address of the struct in order to view/print its contents, for example:
>
> crash> mm_struct.pgd ffff810022e7d080 -px
> pgd_t *pgd = 0xffff81000e3ac000
> -> {
> pgd = 0x2c0a6067
> }
>
> My question is how to find the mm_struct address "ffff810022e7d080" in the above example in the first place??
>
Hello Zach,
1) Determine the struct task_struct * from ps or set command of crash.
Eg:
crash> set 1
PID: 1
COMMAND: "init"
TASK: ffff881029867500 [THREAD_INFO: ffff882029b32000]
CPU: 2
STATE: TASK_INTERRUPTIBLE
crash> ps 1
PID PPID CPU TASK ST %MEM VSZ RSS COMM
1 0 2 ffff881029867500 IN 0.0 24852 1632 init
In above example, struct task_struct * is 0xffff881029867500
2) Determine struct mm_struct * from struct task_struct *
crash> task_struct.mm -ox
struct task_struct {
[0x480] struct mm_struct *mm;
}
crash> task_struct.mm ffff881029867500
mm = 0xffff882026b68700
In above example, struct mm_struct * is 0xffff882026b68700
3) Finally determine pgd_t from struct mm_struct *
crash> mm_struct.pgd -ox
struct mm_struct {
[0x50] pgd_t *pgd;
}
crash> mm_struct.pgd 0xffff882026b68700
pgd = 0xffff882026a9e000
You achieve the above steps in one line;
Eg:
crash> px ((struct task_struct *)0xffff881029867500)->mm.pgd
$1 = (pgd_t *) 0xffff882026a9e000
--
BKS
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
