[PATCH v2][makedumpfile 00/14] btf/kallsyms based eppic extension for mm page filtering

HAGIO KAZUHITO(萩尾 一仁) k-hagio-ab at nec.com
Fri Nov 28 00:04:24 PST 2025 

On 2025/11/24 13:46, Tao Liu wrote:
> Kindly ping... Any comments on this?

Hi Tao,

I'm sorry for the delay. I think I can look into this next month.

Thanks,
Kazu

> 
> Thanks,
> Tao Liu
> 
> On Tue, Oct 21, 2025 at 11:24 AM Tao Liu <ltao at redhat.com> wrote:
>>
>> A) This patchset will introduce the following features to makedumpfile:
>>
>>    1) Enable eppic script for memory pages filtering.
>>    2) Enable btf and kallsyms for symbol type and address resolving.
>>
>> B) The purpose of the features are:
>>
>>    1) Currently makedumpfile filters mm pages based on page flags, because flags
>>       can help to determine one page's usage. But this page-flag-checking method
>>       lacks of flexibility in certain cases, e.g. if we want to filter those mm
>>       pages occupied by GPU during vmcore dumping due to:
>>
>>       a) GPU may be taking a large memory and contains sensitive data;
>>       b) GPU mm pages have no relations to kernel crash and useless for vmcore
>>          analysis.
>>
>>       But there is no GPU mm page specific flags, and apparently we don't need
>>       to create one just for kdump use. A programmable filtering tool is more
>>       suitable for such cases. In addition, different GPU vendors may use
>>       different ways for mm pages allocating, programmable filtering is better
>>       than hard coding these GPU specific logics into makedumpfile in this case.
>>
>>    2) Currently makedumpfile already contains a programmable filtering tool, aka
>>       eppic script, which allows user to write customized code for data erasing.
>>       However it has the following drawbacks:
>>
>>       a) cannot do mm page filtering.
>>       b) need to access to debuginfo of both kernel and modules, which is not
>>          applicable in the 2nd kernel.
>>       c) Poor performance, making vmcore dumping time unacceptable (See
>>          the following performance testing).
>>
>>       makedumpfile need to resolve the dwarf data from debuginfo, to get symbols
>>       types and addresses. In recent kernel there are dwarf alternatives such
>>       as btf/kallsyms which can be used for this purpose. And btf/kallsyms info
>>       are already packed within vmcore, so we can use it directly.
>>
>>    With these, this patchset introduces an upgraded eppic, which is based on
>>    btf/kallsyms symbol resolving, and is programmable for mm page filtering.
>>    The following info shows its usage and performance, please note the tests
>>    are performed in 1st kernel:
>>
>>    $ time ./makedumpfile -d 31 -l /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore
>>      /tmp/dwarf.out -x /lib/debug/lib/modules/6.11.8-300.fc41.x86_64/vmlinux
>>      --eppic eppic_scripts/filter_amdgpu_mm_pages.c
>>          real    14m6.894s
>>          user    4m16.900s
>>          sys     9m44.695s
>>
>>    $ time ./makedumpfile -d 31 -l /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore
>>      /tmp/btf.out --eppic eppic_scripts/filter_amdgpu_mm_pages.c
>>          real    0m10.672s
>>          user    0m9.270s
>>          sys     0m1.130s
>>
>>    -rw------- 1 root root 367475074 Jun 10 18:06 btf.out
>>    -rw------- 1 root root 367475074 Jun 10 21:05 dwarf.out
>>    -rw-rw-rw- 1 root root 387181418 Jun 10 18:03 /var/crash/127.0.0.1-2025-06-10-18:03:12/vmcore
>>
>> C) Discussion:
>>
>>    1) GPU types: Currently only tested with amdgpu's mm page filtering, others
>>       are not tested.
>>    2) OS: The code can work on rhel-10+/rhel9.5+ on x86_64/arm64/s390/ppc64.
>>       Others are not tested.
>>
>> D) Testing:
>>
>>    1) If you don't want to create your vmcore, you can find a vmcore which I
>>       created with amdgpu mm pages unfiltered [1], the amdgpu mm pages are
>>       allocated by program [2]. You can use the vmcore in 1st kernel to filter
>>       the amdgpu mm pages by the previous performance testing cmdline. To
>>       verify the pages are filtered in crash:
>>
>>       Unfiltered:
>>       crash> search -c "!QAZXSW@#EDC"
>>       ffff96b7fa800000: !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>>       ffff96b87c800000: !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>>       crash> rd ffff96b7fa800000
>>       ffff96b7fa800000:  405753585a415121                    !QAZXSW@
>>       crash> rd ffff96b87c800000
>>       ffff96b87c800000:  405753585a415121                    !QAZXSW@
>>
>>       Filtered:
>>       crash> search -c "!QAZXSW@#EDC"
>>       crash> rd ffff96b7fa800000
>>       rd: page excluded: kernel virtual address: ffff96b7fa800000  type: "64-bit KVADDR"
>>       crash> rd ffff96b87c800000
>>       rd: page excluded: kernel virtual address: ffff96b87c800000  type: "64-bit KVADDR"
>>
>>    2) You can use eppic_scripts/print_all_vma.c against an ordinary vmcore to
>>       test only btf/kallsyms functions by output all VMAs if no amdgpu
>>       vmcores/machine avaliable.
>>
>> [1]: https://people.redhat.com/~ltao/core/
>> [2]: https://gist.github.com/liutgnu/a8cbce1c666452f1530e1410d1f352df
>>
>> v2 -> v1:
>>
>> 1) Moved maple tree related code(for VMA iteration) into eppic script, so we
>>     don't need to port maple tree code to makedumpfile.
>>
>> 2) Reorganized the patchset as follows:
>>
>>      --- <common modification> ---
>>      1.Add page filtering function
>>      2.Supporting main() as the entry of eppic script
>>
>>      --- <dwarf related modification> ---
>>      3.dwarf_info: Support kernel address randomization
>>      4.dwarf_info: Fix a infinite recursion bug for rust
>>      5.eppic dwarf: support anonymous structs member resolving
>>      6.Enable page filtering for dwarf eppic
>>
>>      --- <btf & kallsyms related modification> ---
>>      7.Implement kernel kallsyms resolving
>>      8.Implement kernel btf resolving
>>      9.Implement kernel module's kallsyms resolving
>>      10.Implement kernel module's btf resolving
>>      11.Export necessary btf/kallsyms functions to eppic extension
>>      12.Enable page filtering for btf/kallsyms eppic
>>      13.Docs: Update eppic related entries
>>
>>      --- <only for test purpose, don't merge> ---
>>      14.Introducing 2 eppic scripts to test the dwarf/btf eppic extension
>>
>>     The modification on dwarf is primary for comparision purpose, that
>>     for the same eppic program, mm page filtering should get exact same
>>     outputs for dwarf & kallsyms/btf based approaches. If outputs unmatch,
>>     this indicates bugs. In fact, we will never take dwarf mm pages filtering
>>     in real use, due to its poor performance as well as inaccessibility
>>     of debuginfo during kdump in 2nd kernel. So patch 3/4/5 won't affect
>>     the function of btf/kallsyms eppic mm page filtering, but there are
>>     functions shared in patch 6, so it is a must-have one. Patch 14 is
>>     only for test purpose, to demonstrate how to write eppic script for
>>     mm page filtering, so it isn't a must-have patch.
>>
>>     Please note, in patch 14, I have deliberately converted all array
>>     operation into pointer operation, e.g. modified "node->slot[i]" into
>>     "*((unsigned long *)&(node->slot) + i)". This is because there are
>>     bugs for array operation support in extension_eppic.c. I didn't have
>>     effort to test and fix them all because as I mentioned previously,
>>     mm page filtering in dwarf side is only for comparision and will
>>     never be used in real use. There is no such issue for kallsyms/btf
>>     eppic side.
>>
>> 3) Since we ported maple tree code to eppic script, several bugs found
>>     both for eppic library & eppic btf support. Please use master branch
>>     of eppic library to co-compile with this patchset.
>>
>> Tao Liu (14):
>>    Add page filtering function
>>    Supporting main() as the entry of eppic script
>>    dwarf_info: Support kernel address randomization
>>    dwarf_info: Fix a infinite recursion bug for rust
>>    eppic dwarf: support anonymous structs member resolving
>>    Enable page filtering for dwarf eppic
>>    Implement kernel kallsyms resolving
>>    Implement kernel btf resolving
>>    Implement kernel module's kallsyms resolving
>>    Implement kernel module's btf resolving
>>    Export necessary btf/kallsyms functions to eppic extension
>>    Enable page filtering for btf/kallsyms eppic
>>    Docs: Update eppic related entries
>>    Introducing 2 eppic scripts to test the dwarf/btf eppic extension
>>
>>   Makefile                               |   6 +-
>>   btf.c                                  | 919 +++++++++++++++++++++++++
>>   btf.h                                  | 177 +++++
>>   dwarf_info.c                           |   7 +
>>   eppic_scripts/filter_amdgpu_mm_pages.c | 255 +++++++
>>   eppic_scripts/print_all_vma.c          | 239 +++++++
>>   erase_info.c                           | 120 +++-
>>   erase_info.h                           |  19 +
>>   extension_btf.c                        | 258 +++++++
>>   extension_eppic.c                      | 106 ++-
>>   extension_eppic.h                      |   6 +-
>>   kallsyms.c                             | 392 +++++++++++
>>   kallsyms.h                             |  41 ++
>>   makedumpfile.8.in                      |  24 +-
>>   makedumpfile.c                         |  21 +-
>>   makedumpfile.h                         |  11 +
>>   print_info.c                           |  11 +-
>>   17 files changed, 2550 insertions(+), 62 deletions(-)
>>   create mode 100644 btf.c
>>   create mode 100644 btf.h
>>   create mode 100644 eppic_scripts/filter_amdgpu_mm_pages.c
>>   create mode 100644 eppic_scripts/print_all_vma.c
>>   create mode 100644 extension_btf.c
>>   create mode 100644 kallsyms.c
>>   create mode 100644 kallsyms.h
>>
>> --
>> 2.47.0
>>

More information about the kexec mailing list