dropwatch - pouzitelnost
Dalibor Toman
dtoman na fortech.cz
Úterý Září 15 14:18:41 CEST 2015
DD,
zasadni problem mam v tom, ze podle dropwatche (a dalsich podobnych jako
perf/SystemTap) nejvice dropu ma byt na adrese 0xffffffff8150ddd6, coz
vychazi podle /proc/kallsym jako funkce tpacket_rcv+76.
Kdyz pomoci crash disassembluju tu funkci v bezicim jadre, pak vidim, ze
ta adresa vychazi nesmyslne (ne tam kde byl volany kfree_skb a a navic
doprostred asm instrukce). Takze bud delam neco spatne nebo urceni
vzniku toho trasovaciho bodu (resp mista volani kfree_skb) v kernelu
hapruje:
disassemble tpacket_rcv
Dump of assembler code for function tpacket_rcv:
0xffffffff8150dd60 <+0>: push rbp
0xffffffff8150dd61 <+1>: mov rbp,rsp
0xffffffff8150dd64 <+4>: push r15
0xffffffff8150dd66 <+6>: push r14
0xffffffff8150dd68 <+8>: push r13
0xffffffff8150dd6a <+10>: push r12
0xffffffff8150dd6c <+12>: push rbx
0xffffffff8150dd6d <+13>: sub rsp,0x88
0xffffffff8150dd74 <+20>: nop DWORD PTR [rax+rax*1+0x0]
0xffffffff8150dd79 <+25>: mov QWORD PTR [rbp-0x98],rcx
0xffffffff8150dd80 <+32>: mov rax,QWORD PTR [rdi+0xd8]
0xffffffff8150dd87 <+39>: mov rbx,rdi
0xffffffff8150dd8a <+42>: mov r15,rsi
0xffffffff8150dd8d <+45>: mov QWORD PTR [rbp-0x80],rax
0xffffffff8150dd91 <+49>: mov eax,DWORD PTR [rdi+0x68]
0xffffffff8150dd94 <+52>: mov DWORD PTR [rbp-0x88],eax
0xffffffff8150dd9a <+58>: mov rax,QWORD PTR [rdi+0xd0]
0xffffffff8150dda1 <+65>: mov QWORD PTR [rbp-0x78],rax
0xffffffff8150dda5 <+69>: mov eax,DWORD PTR [rdi+0xcc]
0xffffffff8150ddab <+75>: mov DWORD PTR [rbp-0x8c],eax
0xffffffff8150ddb1 <+81>: movzx eax,BYTE PTR [rdi+0x7d]
0xffffffff8150ddb5 <+85>: and eax,0x7
0xffffffff8150ddb8 <+88>: cmp al,0x5
0xffffffff8150ddba <+90>: je 0xffffffff8150ddce <tpacket_rcv+110>
0xffffffff8150ddbc <+92>: mov r12,QWORD PTR [rdx+0x38]
0xffffffff8150ddc0 <+96>: mov rdx,QWORD PTR [r12+0x38]
0xffffffff8150ddc5 <+101>: cmp QWORD PTR [rsi+0x408],rdx
0xffffffff8150ddcc <+108>: je 0xffffffff8150ddea <tpacket_rcv+138>
0xffffffff8150ddce <+110>: mov rdi,rbx
0xffffffff8150ddd1 <+113>: call 0xffffffff8145dc50 <kfree_skb>
0xffffffff8150ddd6 <+118>: add rsp,0x88
0xffffffff8150dddd <+125>: xor eax,eax
0xffffffff8150dddf <+127>: pop rbx
0xffffffff8150dde0 <+128>: pop r12
0xffffffff8150dde2 <+130>: pop r13
0xffffffff8150dde4 <+132>: pop r14
0xffffffff8150dde6 <+134>: pop r15
0xffffffff8150dde8 <+136>: leave
0xffffffff8150dde9 <+137>: ret
0xffffffff8150ddea <+138>: cmp QWORD PTR [rsi+0x158],0x0
0xffffffff8150ddf2 <+146>: je 0xffffffff8150dfac <tpacket_rcv+588>
0xffffffff8150ddf8 <+152>: cmp WORD PTR [r12+0x42],0x2
0xffffffff8150ddff <+159>: je 0xffffffff8150dfa4 <tpacket_rcv+580>
0xffffffff8150de05 <+165>: mov esi,DWORD PTR [rbp-0x80]
0xffffffff8150de08 <+168>: sub esi,DWORD PTR [rdi+0xc4]
0xffffffff8150de0e <+174>: sub esi,DWORD PTR [rbp-0x78]
0xffffffff8150de11 <+177>: call 0xffffffff8145d7a0 <skb_push>
0xffffffff8150de16 <+182>: mov r13d,DWORD PTR [rbx+0x68]
0xffffffff8150de1a <+186>: movzx eax,BYTE PTR [rbx+0x7c]
...
D. Toman
Další informace o konferenci Linux