From: alexandre.ferrieux@orange.com
To: <linux-trace-users@vger.kernel.org>
Subject: Ftrace, KASLR and gdb
Date: Thu, 9 May 2024 14:44:22 +0200 [thread overview]
Message-ID: <b3a8fb9f-7746-421e-81c7-c890d676a871@orange.com> (raw)
Hi,
Ftrace is a jewel to dig into the kernel, be it for troubleshooting, perf tuning
or just understanding.
But when one needs to disassemble the running kernel (eg to move kprobes around
in a function, in order to understand a given code path), KASLR makes it
impossible for gdb to get useful symbol addresses, even with a debug image.
That said, /proc/kallsyms always gives the accurate, present symbol addresses.
But, to my knowledge, gdb isn't able to import /proc/kallsyms as a symbol table.
To circumvent this, I've written a small userland tool, usling libbfd, that
creates an ELF file out of /proc/kallsyms. Passing this ELF file to gdb instead
of "vmlinux", and /proc/kcore as core, then allows for a perfect gdb session on
the running kernel. Of course this ELF file is only valid until the next reboot,
but that's okay as its creation is fast.
Now, my question: did I miss an alternative ?
In other words, is there some kind of "kallsyms plug-in" for gdb somewhere ?
Or, taking the problem from the other side, some kernel module exposing a
"/proc/kallsyms.elf" or similar, for direct consumption by gdb ?
Or another method, that people routinely use for the same purpose ?
Thanks in advance,
-Alex
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
next reply other threads:[~2024-05-09 12:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 12:44 alexandre.ferrieux [this message]
2024-05-10 18:12 ` Ftrace, KASLR and gdb Steven Rostedt
2024-05-11 22:44 ` alexandre.ferrieux
2024-05-13 16:25 ` Steven Rostedt
2024-05-13 18:26 ` alexandre.ferrieux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b3a8fb9f-7746-421e-81c7-c890d676a871@orange.com \
--to=alexandre.ferrieux@orange.com \
--cc=linux-trace-users@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.