[PATCH v2][makedumpfile 00/14] btf/kallsyms based eppic extension for mm page filtering
Tao Liu
ltao at redhat.com
Mon Oct 20 15:23:56 PDT 2025
A) This patchset will introduce the following features to makedumpfile:
1) Enable eppic script for memory pages filtering.
2) Enable btf and kallsyms for symbol type and address resolving.
B) The purpose of the features are:
1) Currently makedumpfile filters mm pages based on page flags, because flags
can help to determine one page's usage. But this page-flag-checking method
lacks of flexibility in certain cases, e.g. if we want to filter those mm
pages occupied by GPU during vmcore dumping due to:
a) GPU may be taking a large memory and contains sensitive data;
b) GPU mm pages have no relations to kernel crash and useless for vmcore
analysis.
But there is no GPU mm page specific flags, and apparently we don't need
to create one just for kdump use. A programmable filtering tool is more
suitable for such cases. In addition, different GPU vendors may use
different ways for mm pages allocating, programmable filtering is better
than hard coding these GPU specific logics into makedumpfile in this case.
2) Currently makedumpfile already contains a programmable filtering tool, aka
eppic script, which allows user to write customized code for data erasing.
However it has the following drawbacks:
a) cannot do mm page filtering.
b) need to access to debuginfo of both kernel and modules, which is not
applicable in the 2nd kernel.
c) Poor performance, making vmcore dumping time unacceptable (See
the following performance testing).
makedumpfile need to resolve the dwarf data from debuginfo, to get symbols
types and addresses. In recent kernel there are dwarf alternatives such
as btf/kallsyms which can be used for this purpose. And btf/kallsyms info
are already packed within vmcore, so we can use it directly.
With these, this patchset introduces an upgraded eppic, which is based on
btf/kallsyms symbol resolving, and is programmable for mm page filtering.
The following info shows its usage and performance, please note the tests
are performed in 1st kernel:
$ time ./makedumpfile -d 31 -l /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore
/tmp/dwarf.out -x /lib/debug/lib/modules/6.11.8-300.fc41.x86_64/vmlinux
--eppic eppic_scripts/filter_amdgpu_mm_pages.c
real 14m6.894s
user 4m16.900s
sys 9m44.695s
$ time ./makedumpfile -d 31 -l /var/crash/127.0.0.1-2025-06-10-18\:03\:12/vmcore
/tmp/btf.out --eppic eppic_scripts/filter_amdgpu_mm_pages.c
real 0m10.672s
user 0m9.270s
sys 0m1.130s
-rw------- 1 root root 367475074 Jun 10 18:06 btf.out
-rw------- 1 root root 367475074 Jun 10 21:05 dwarf.out
-rw-rw-rw- 1 root root 387181418 Jun 10 18:03 /var/crash/127.0.0.1-2025-06-10-18:03:12/vmcore
C) Discussion:
1) GPU types: Currently only tested with amdgpu's mm page filtering, others
are not tested.
2) OS: The code can work on rhel-10+/rhel9.5+ on x86_64/arm64/s390/ppc64.
Others are not tested.
D) Testing:
1) If you don't want to create your vmcore, you can find a vmcore which I
created with amdgpu mm pages unfiltered [1], the amdgpu mm pages are
allocated by program [2]. You can use the vmcore in 1st kernel to filter
the amdgpu mm pages by the previous performance testing cmdline. To
verify the pages are filtered in crash:
Unfiltered:
crash> search -c "!QAZXSW@#EDC"
ffff96b7fa800000: !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ffff96b87c800000: !QAZXSW@#EDCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
crash> rd ffff96b7fa800000
ffff96b7fa800000: 405753585a415121 !QAZXSW@
crash> rd ffff96b87c800000
ffff96b87c800000: 405753585a415121 !QAZXSW@
Filtered:
crash> search -c "!QAZXSW@#EDC"
crash> rd ffff96b7fa800000
rd: page excluded: kernel virtual address: ffff96b7fa800000 type: "64-bit KVADDR"
crash> rd ffff96b87c800000
rd: page excluded: kernel virtual address: ffff96b87c800000 type: "64-bit KVADDR"
2) You can use eppic_scripts/print_all_vma.c against an ordinary vmcore to
test only btf/kallsyms functions by output all VMAs if no amdgpu
vmcores/machine avaliable.
[1]: https://people.redhat.com/~ltao/core/
[2]: https://gist.github.com/liutgnu/a8cbce1c666452f1530e1410d1f352df
v2 -> v1:
1) Moved maple tree related code(for VMA iteration) into eppic script, so we
don't need to port maple tree code to makedumpfile.
2) Reorganized the patchset as follows:
--- <common modification> ---
1.Add page filtering function
2.Supporting main() as the entry of eppic script
--- <dwarf related modification> ---
3.dwarf_info: Support kernel address randomization
4.dwarf_info: Fix a infinite recursion bug for rust
5.eppic dwarf: support anonymous structs member resolving
6.Enable page filtering for dwarf eppic
--- <btf & kallsyms related modification> ---
7.Implement kernel kallsyms resolving
8.Implement kernel btf resolving
9.Implement kernel module's kallsyms resolving
10.Implement kernel module's btf resolving
11.Export necessary btf/kallsyms functions to eppic extension
12.Enable page filtering for btf/kallsyms eppic
13.Docs: Update eppic related entries
--- <only for test purpose, don't merge> ---
14.Introducing 2 eppic scripts to test the dwarf/btf eppic extension
The modification on dwarf is primary for comparision purpose, that
for the same eppic program, mm page filtering should get exact same
outputs for dwarf & kallsyms/btf based approaches. If outputs unmatch,
this indicates bugs. In fact, we will never take dwarf mm pages filtering
in real use, due to its poor performance as well as inaccessibility
of debuginfo during kdump in 2nd kernel. So patch 3/4/5 won't affect
the function of btf/kallsyms eppic mm page filtering, but there are
functions shared in patch 6, so it is a must-have one. Patch 14 is
only for test purpose, to demonstrate how to write eppic script for
mm page filtering, so it isn't a must-have patch.
Please note, in patch 14, I have deliberately converted all array
operation into pointer operation, e.g. modified "node->slot[i]" into
"*((unsigned long *)&(node->slot) + i)". This is because there are
bugs for array operation support in extension_eppic.c. I didn't have
effort to test and fix them all because as I mentioned previously,
mm page filtering in dwarf side is only for comparision and will
never be used in real use. There is no such issue for kallsyms/btf
eppic side.
3) Since we ported maple tree code to eppic script, several bugs found
both for eppic library & eppic btf support. Please use master branch
of eppic library to co-compile with this patchset.
Tao Liu (14):
Add page filtering function
Supporting main() as the entry of eppic script
dwarf_info: Support kernel address randomization
dwarf_info: Fix a infinite recursion bug for rust
eppic dwarf: support anonymous structs member resolving
Enable page filtering for dwarf eppic
Implement kernel kallsyms resolving
Implement kernel btf resolving
Implement kernel module's kallsyms resolving
Implement kernel module's btf resolving
Export necessary btf/kallsyms functions to eppic extension
Enable page filtering for btf/kallsyms eppic
Docs: Update eppic related entries
Introducing 2 eppic scripts to test the dwarf/btf eppic extension
Makefile | 6 +-
btf.c | 919 +++++++++++++++++++++++++
btf.h | 177 +++++
dwarf_info.c | 7 +
eppic_scripts/filter_amdgpu_mm_pages.c | 255 +++++++
eppic_scripts/print_all_vma.c | 239 +++++++
erase_info.c | 120 +++-
erase_info.h | 19 +
extension_btf.c | 258 +++++++
extension_eppic.c | 106 ++-
extension_eppic.h | 6 +-
kallsyms.c | 392 +++++++++++
kallsyms.h | 41 ++
makedumpfile.8.in | 24 +-
makedumpfile.c | 21 +-
makedumpfile.h | 11 +
print_info.c | 11 +-
17 files changed, 2550 insertions(+), 62 deletions(-)
create mode 100644 btf.c
create mode 100644 btf.h
create mode 100644 eppic_scripts/filter_amdgpu_mm_pages.c
create mode 100644 eppic_scripts/print_all_vma.c
create mode 100644 extension_btf.c
create mode 100644 kallsyms.c
create mode 100644 kallsyms.h
--
2.47.0
More information about the kexec
mailing list