[Crash-utility] change the content of memory using crash on a live system -- use kprobes!

Dheeraj Sangamkar dheerajrs at gmail.com
Fri Mar 7 19:04:27 UTC 2008 

Thanks a million Dave,
I will try using the kprobes approach.

Dheeraj

On Fri, Mar 7, 2008 at 1:33 AM, Dave Anderson <anderson at redhat.com> wrote:

>
> As it turns out, another way to work around the /dev/mem restriction
> is with kprobes.
>
> The devmem_is_allowed() function looks like this, and for
> the purposes of using it by the crash utility, we'd like it
> to return 1 always:
>
>   int devmem_is_allowed(unsigned long pagenr)
>   {
>           if (pagenr <= 256)
>                   return 1;
>           if (!page_is_ram(pagenr))
>                   return 1;
>           return 0;
>   }
>
> I took the sample kretprobes.c file from Documentation/kprobes.txt
> and set a kretprobe in devmem_is_allowed() that forces a return
> value of 1:
>
>   static int ret_handler(struct kretprobe_instance *ri, struct pt_regs
> *regs)
>   {
>           regs->eax = 1;
>           return 0;
>   }
>
>
> Here's the "kretprobes.c" module I used:
>
>   #include <linux/kernel.h>
>   #include <linux/module.h>
>   #include <linux/kprobes.h>
>
>   static const char *probed_func = "devmem_is_allowed";
>
>   /* Return-probe handler: force return value to be 1. */
>   static int ret_handler(struct kretprobe_instance *ri, struct pt_regs
> *regs)
>   {
>        regs->eax = 1;
>        return 0;
>   }
>
>   static struct kretprobe my_kretprobe = {
>        .handler = ret_handler,
>        /* Probe up to 20 instances concurrently. */
>        .maxactive = 20
>   };
>
>   static int __init kretprobe_init(void)
>   {
>        int ret;
>        my_kretprobe.kp.symbol_name = (char *)probed_func;
>
>        if ((ret = register_kretprobe(&my_kretprobe)) < 0) {
>                printk("register_kretprobe failed, returned %d\n", ret);
>                return -1;
>        }
>        printk("Planted return probe at %p\n", my_kretprobe.kp.addr);
>
>        return 0;
>   }
>
>   static void __exit kretprobe_exit(void)
>   {
>        unregister_kretprobe(&my_kretprobe);
>        printk("kretprobe unregistered\n");
>        /* nmissed > 0 suggests that maxactive was set too low. */
>        printk("Missed probing %d instances of %s\n",
>                my_kretprobe.nmissed, probed_func);
>   }
>
>   module_init(kretprobe_init)
>   module_exit(kretprobe_exit)
>   MODULE_LICENSE("GPL");
>
> And then build it with the supplied Makefile snippet:
>
> obj-m := kretprobes.o
> KDIR := /lib/modules/$(shell uname -r)/build
> PWD := $(shell pwd)
> default:
>        $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
> clean:
>        rm -f *.mod.c *.ko *.o
>
> Load the module, and then while it's running, "crash /dev/mem" will
> override its  default usage of "/dev/crash" and just work.
>
> This was on a RHEL5 kernel, but it should work for RHEL4 as well:
>
>   $ crash /dev/mem
>
>   crash 4.0-6.1
>   Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008  Red Hat, Inc.
>   Copyright (C) 2004, 2005, 2006  IBM Corporation
>   Copyright (C) 1999-2006  Hewlett-Packard Co
>   Copyright (C) 2005, 2006  Fujitsu Limited
>   Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
>   Copyright (C) 2005  NEC Corporation
>   Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
>   Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
>   This program is free software, covered by the GNU General Public
> License,
>   and you are welcome to change it and/or distribute copies of it under
>   certain conditions.  Enter "help copying" to see the conditions.
>   This program has absolutely no warranty.  Enter "help warranty" for
> details.
>
>   GNU gdb 6.1
>   Copyright 2004 Free Software Foundation, Inc.
>   GDB is free software, covered by the GNU General Public License, and you
> are
>   welcome to change it and/or distribute copies of it under certain
> conditions.
>   Type "show copying" to see the conditions.
>   There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
>   This GDB was configured as "i686-pc-linux-gnu"...
>
>         KERNEL: /usr/lib/debug/lib/modules/2.6.18-53.el5/vmlinux
>       DUMPFILE: /dev/mem
>           CPUS: 2
>           DATE: Thu Mar  6 14:43:06 2008
>         UPTIME: 23 days, 04:50:13
>   LOAD AVERAGE: 0.14, 0.20, 0.20
>          TASKS: 175
>       NODENAME: crash.boston.redhat.com
>        RELEASE: 2.6.18-53.el5
>        VERSION: #1 SMP Wed Oct 10 16:34:02 EDT 2007
>        MACHINE: i686  (1993 Mhz)
>         MEMORY: 511.5 MB
>            PID: 15518
>        COMMAND: "crash"
>           TASK: cb0ffaa0  [THREAD_INFO: d976c000]
>            CPU: 0
>          STATE: TASK_RUNNING (ACTIVE)
>
>   crash> p panic_on_oops
>   panic_on_oops = $2 = 1
>   crash> wr panic_on_oops 2
>   crash> p panic_on_oops
>   panic_on_oops = $3 = 2
>   crash>
>
> Dave
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20080308/da04c18c/attachment.htm>

More information about the Crash-utility mailing list