Commit Graph

1321 Commits

Author SHA1 Message Date
Omar Sandoval
faaf01ad1b Add drgn.StackTrace.prog and drgn_stack_trace_program()
If we only have the stack trace available, it's useful to get the
program it came from. This'll be used eventually for helpers that take a
stack trace.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-08-11 14:45:54 -07:00
Imran Khan
4296653090 tests: add test cases for Linux llist helpers.
Use the test kernel module to setup tests and add test_llist.py to
carry out testing.

Signed-off-by: Imran Khan <imran.f.khan@oracle.com>
2022-08-08 08:22:32 -07:00
Imran Khan
585bc6a3be Add helpers for lockless single lists (llist).
Kernel makes use of several lockless singly lists (free_ipc_list,
delayed_mntput_list etc.) so having some helpers to traverse
these lists can be useful.

Signed-off-by: Imran Khan <imran.f.khan@oracle.com>
2022-08-08 08:22:32 -07:00
Omar Sandoval
b535b8f82e vmtest: don't use BusyBox
We don't specifically need BusyBox; we just need a reasonable Linux
userspace, which we can assume is already available on the host, whether
it's coreutils+util-linux, BusyBox, or something else.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-08-01 11:23:26 -07:00
Omar Sandoval
1b8d0ae82b vmtest.vm: change to host's working directory by default
The test command does this, and I always end up doing it when I'm doing
manual testing with the vmtest.vm CLI, so let's just do it by default.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-08-01 10:59:05 -07:00
Omar Sandoval
2c38ea5219 docs: update required Sphinx version to 5.1.1
Just picking up the newest version. Also fix the following warning:

  WARNING: extlinks: Sphinx-6.0 will require a caption string to contain exactly one '%s' and all other '%' need to be escaped as '%%'.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-27 10:04:20 -07:00
Omar Sandoval
0d95ac0d6e docs: fix stray reference to symbol finder
"Object finder" was renamed from "symbol finder" awhile ago, but we
forgot to update the advanced usage documentation.

Fixes: 0c5df56fba ("libdrgn: replace symbol index with object index")
Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-27 09:40:43 -07:00
Omar Sandoval
e3ba4d2f99 drgn 0.0.20
Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-25 16:52:28 -07:00
Omar Sandoval
c47dd9952e Update elfutils in manylinux wheels to 0.187
Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-25 16:52:24 -07:00
Omar Sandoval
e9d16732d6 libdrgn: x86_64: fix page table iteration over non-canonical range
We're currently checking whether the iterator has entered the
non-canonical range when fetching the last level of the page table, but
the cutover actually happens while we're in the last level. Fix it by
doing the check unconditionally.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-24 00:03:45 -07:00
Omar Sandoval
43f045ae1a tests: add BPF helper tests
These require a fair bit of scaffolding, but it's worth it to fill one
of our major testing gaps.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-21 23:17:04 -07:00
Omar Sandoval
3b2a4d7b20 tests: factor out temporary cgroup creation function
Some BPF tests want a temporary cgroup to test with.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-21 17:35:24 -07:00
Omar Sandoval
901c1fb190 tests: factor out function for raising OSError from ctypes call
We duplicate this in a few places, and for the BPF tests we will want it
again.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-21 17:34:53 -07:00
Quentin Monnet
764a858ee6 helpers: Add BPF helpers for iterating over BPF links and BTF objects
Similarly to the helpers available to iterate over eBPF programs and
maps, add helpers for links and BTF objects. The implementation is very
straightforward.

Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[Omar: add kernel version comments]
Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-21 11:32:32 -07:00
Omar Sandoval
d20b446d2c drgn.helpers.linux.bpf: handle more kernel versions in cgroup_bpf_prog_for_each{,_effective}()
The helpers only work since Linux v4.15, but it's easy to make them work
before that. We can also easily handle kernels without cgroup BPF
programs (either before Linux v4.10 or without CONFIG_CGROUP_BPF) and
yield nothing.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-20 00:15:12 -07:00
Omar Sandoval
a2e811cef8 drgn.helpers.linux.bpf: only look up struct bpf_{map,prog} once
This is the same idea as commit 4da28ba0a1 ("helpers: only lookup type
once for for_each_entry helpers").

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-20 00:15:11 -07:00
Omar Sandoval
09f40330ba drgn.helpers.linux.bpf: document bpf_{map,prog}_for_each() version requirement
These currently only work on Linux v5.13 and newer, and it's not worth
the effort to support older versions. Let's at least document it.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-20 00:14:44 -07:00
Omar Sandoval
ca6c2b8734 vmtest: kbuild: add BPF kernel config options
We currently don't have any tests for the BPF helpers or the
bpf_inspect.py tool. As a result, the latter is broken on newer kernel
versions. Before we can add tests, we need the vmtest kernel to support
BPF.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-19 23:47:32 -07:00
Omar Sandoval
82f631b28a drgn.helpers.linux.cgroup: add cgroup_get_from_path()
A path is the most convenient way to find a cgroup if we don't already
have a pointer to it from another structure.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-19 23:47:32 -07:00
Omar Sandoval
1e79bbb195 tests: find cgroup2 mount instead of mounting it
I originally thought this would be too difficult, but it's fairly
straightforward to parse /proc/mounts and allows us to avoid some setup
and cleanup.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-19 23:47:32 -07:00
Omar Sandoval
dd58f3b1ad drgn.helpers.linux.kernfs: add kernfs_walk()
This looks up a kernfs node from a path. It will be used to look up
cgroups by path. This is based on kernfs_walk_ns() from the Linux
kernel, but it doesn't handle namespaced kernfs nodes yet.
kernfs_walk_ns() in the kernel is actually built on another function,
kernfs_find_ns(), but I don't think the latter is very useful as a
helper.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-19 23:47:24 -07:00
Jay Kamat
063850325f libdrgn: dwarf: look up complete types in namespaces
drgn_debug_info_find_complete() looks up the name of the incomplete type
in the global namespace. This is incorrect for C++: we need to look it
up in the namespace that the DIE is in.

To find the containing namespace, we need to do a DIE ancestor walk. We
don't want to do this for C, so add a flag indicating whether a language
has namespaces to struct drgn_language. If it's true, then we do the
ancestor walk and then look up the name in the appropriate namespace.

Signed-off-by: Jay Kamat <jaygkamat@gmail.com>
2022-07-15 16:02:56 -07:00
Omar Sandoval
4ebe8f26c5 tests: reference DIEs with labels instead of indices
Currently, DIE references are specified as an index into the list of the
unit DIE's children. This has a few issues:

* It's hard to figure out what references what at a glance.
* Changes to tests sometimes need to renumber these indices.
* DIEs at lower levels in the tree cannot be referenced.

Replace it with explicit "labels" which are referred to by name.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-15 16:02:56 -07:00
Omar Sandoval
b6f025fbfc tests: make wrap_test_type_dies() take varargs instead of list of dies
This saves an level of indentation that just adds noise.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-15 16:02:56 -07:00
Omar Sandoval
db3babd42e libdrgn: aarch64: implement page table iterator
Now that we made the other memory management helpers generic, the last
thing to implement for AArch64 is page table walking. This looks a lot
like the x86-64 equivalent but has to support the various page and
virtual address sizes that can be configured for AArch64.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:23:08 -07:00
Omar Sandoval
dd976f1db2 drgn.helpers.linux.mm: start for_each_page() at min_low_pfn
This is always 0 on x86-64, but on AArch64, the start of physical memory
can be at a much higher address.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
b28bd9f0a3 libdrgn: linux_kernel: get vmemmap generically
AArch64 has changed the location of vmemmap multiple times, and not all
of these can be easily distinguished. Rather than restorting to kernel
version checks, this replaces the vmemmap architecture callback with a
generic approach that gets the vmemmap address directly from the
mem_section table.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
a213573b23 libdrgn: linux_kernel: make virt_to_phys() and phys_to_virt() generic
On x86-64, the difference between virtual addresses in the direct map
and the corresponding physical addresses is called PAGE_OFFSET, so we
exposed that via an architecture callback and the Linux kernel object
finder. However, this doesn't translate to other architectures. Namely,
on AArch64, the difference is PAGE_OFFSET - PHYS_OFFSET, and both
PAGE_OFFSET and PHYS_OFFSET have varied over time and between
configurations.

We can remove the architecture callback and avoid version-specific logic
by letting the page table tell us the offset. We just need an address in
the direct map, which is easy to find since this includes kmalloc and
memblock allocations.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
0f9b123254 drgn.helpers.linux.mm: add physical address conversion helpers
Add helpers for converting physical addresses to and from virtual
addresses, PFNs, and struct pages.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
4ea0476caf tests: linux_kernel: use test module for address translation tests
We currently test the functions to convert between virtual addresses,
PFNs, and struct pages with an mmap'd region and /proc/self/pagemap. Use
the test kernel module to test them more directly.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
5fe38c7371 libdrgn: linux_kernel: fix read_vm() coalescing comparison
linux_helper_read_vm() has logic to merge adjacent physical address
ranges returned by the page table iterator. However, the check for
whether the ranges are adjacent is incorrect. Fix it.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
571949a743 libdrgn: x86_64: don't bother zeroing cached page table on initialization
pgtable_iterator_x86_64::table is only used if
pgtable_iterator_x86_64::index indicates that it has any cached entries,
so there's no point initializing table since we initialize index to
indicate that nothing is cached.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
36fecd1ded libdrgn: refactor page table iterators
AArch64 will need different sizes of page table iterators depending on
the page size and virtual address size. Rather than the static
pgtable_iterator_arch_size, allow architectures to define callbacks for
allocating and freeing a page table iterator. Also remove the generic
page table iterator wrapper and just pass that information to the
iterator function.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
95053639d4 tests: linux_kernel: test kernel address translation
We're currently only testing whether we can translate user addresses.
Test a kernel address with the kernel page table, too.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:11 -07:00
Omar Sandoval
b3a6d6a35f libdrgn: linux_kernel: cache PAGE_SHIFT derived from PAGE_SIZE
Rather than computing it every time we need it, compute it once when we
parse PAGE_SIZE from VMCOREINFO (and validate that PAGE_SIZE is a power
of two). This will be more important for AArch64 page table walking.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-14 12:05:09 -07:00
Omar Sandoval
f56b2f117a tests: linux_kernel: fix section mismatch warning in test module
The test kmod build has the following warning that I somehow didn't
notice before:

  WARNING: modpost: /home/osandov/repos/drgn-main/tests/linux_kernel/kmod/drgn_test.o(.init.text+0x3ac): Section mismatch in reference from the function init_module() to the function .exit.text:drgn_test_exit()
  The function __init init_module() references
  a function __exit drgn_test_exit().
  This is often seen when error handling in the init function
  uses functionality in the exit path.
  The fix is often to remove the __exit annotation of
  drgn_test_exit() so it may be used outside an exit section.

Remove the __exit annotation as suggested.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-06 18:06:18 -07:00
Omar Sandoval
46367a437a vmtest: kbuild: allow packaging as directory
For local testing with vmtest, we just want an extracted kernel package,
so save the trouble of compressing the package only to extract it and
allow vmtest.kbuild to output the directory directly.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-07-06 18:06:18 -07:00
Kevin Svetlitski
5aaf3db6fc libdrgn: support reference and absent objects with float types which aren't 32 or 64 bits
Very similar to a541e9b170, but adds
partial support for floats (as opposed to integers) which aren't 32 or
64 bits.

Signed-off-by: Kevin Svetlitski <svetlitski@fb.com>
2022-07-06 15:47:18 -07:00
Kevin Svetlitski
661d6a186c Add support for UTF character base types
Previously `drgn` did not recognize the	`DW_ATE_UTF` encoding for base
types, and consequently could not handle `char8_t`, `char16_t`, or
`char32_t`. This has been remedied, and a corresponding test case added
to prevent regressions.

Signed-off-by: Kevin Svetlitski <svetlitski@fb.com>
2022-07-06 09:44:16 -07:00
Omar Sandoval
2bd861f719 libdrgn: program: detect QEMU guest memory dumps without VMCOREINFO
Issue #182 reported that a core dump created by QEMU's dump-guest-memory
command confuses drgn: by default, it only has NT_PRSTATUS notes and
QEMU state notes for each CPU, so drgn thinks it's a userspace core
dump, and it doesn't have the necessary VMCOREINFO to use it as a Linux
kernel core dump.

It turns out that QEMU and Linux can cooperate to add a VMCOREINFO note
to the guest memory dump, which suffices for drgn. Let's detect a QEMU
guest memory dump without a VMCOREINFO note and include instructions on
how to capture a QEMU dump that makes drgn happy.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-28 00:41:05 -07:00
Omar Sandoval
e0b24903d7 tests: linux_kernel: use function symbol for debug info tests
Our vmtest kernels have CONFIG_KALLSYMS_ALL, but distro kernels may not,
in which case variable symbols are not added to /proc/kallsyms. Then,
the Linux kernel debug info tests can't find our test symbol and fail.
Define a global function symbol and use it for the test debug info
tests instead.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 23:52:17 -07:00
Omar Sandoval
f2ef75d5e6 tests: linux_kernel: don't run mm tests on architectures without mm support
Several of the mm tests currently fail on architectures that we haven't
implemented virtual address translation and such for (i.e., anything
other than x86-64). Only run those tests on x86-64 for now.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 23:52:15 -07:00
Omar Sandoval
c2c2bd90cc tests: linux_kernel: handle architectures without pause() syscall
Some architectures, including AArch64, don't have the pause() syscall.
glibc implements pause(3) with ppoll() on those architectures. Our stack
trace tests check for "pause" in the stack trace, so it fails on
AArch64. Update the tests to check for both "pause" and "poll".

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 22:11:50 -07:00
Omar Sandoval
63c0684b68 libdrgn: aarch64: mask away pointer authentication code in return addresses
Now that we track RA_SIGN_STATE and get the pointer authentication code
mask, we can remove the pointer authentication code from the return
address while unwinding. Add a new architecture callback,
->demangle_return_address(), for this purpose.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00
Omar Sandoval
61befc1606 libdrgn: parse AArch64 PAC mask from core dumps
In order to support removing the pointer authentication code (PAC) from
return addresses on AArch64, we need to know what bits are being used
for the PAC. We can get this from the NT_ARM_PAC_MASK note in userspace
core dumps and from the NUMBER(KERNELPACMASK) field in VMCOREINFO for
Linux kernel core dumps.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00
Omar Sandoval
3cba315293 libdrgn: linux_kernel: use memswitch for drgn_program_parse_vmcoreinfo()
We currently have 5 names that we match against, and there are more on
the way, so we might as well use a memswitch.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00
Omar Sandoval
9da9f6a871 libdrgn: fold struct vmcoreinfo into struct drgn_program
In an upcoming commit, we will parse the AArch64 pointer authentication
code mask either from the VMCOREINFO note or the NT_ARM_PAC_MASK note.
Since it doesn't always come from VMCOREINFO, it doesn't make sense to
put it in struct vmcoreinfo; struct drgn_program makes more sense. So,
make parse_vmcoreinfo() take struct drgn_program instead of struct
vmcoreinfo, rename it to drgn_program_parse_vmcoreinfo(), and replace
struct vmcoreinfo with an anonymous struct in struct drgn_program.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00
Omar Sandoval
4d1b608507 libdrgn: aarch64: add RA_SIGN_STATE pseudo-register and DW_CFA_AARCH64_negate_ra_state
The RA_SIGN_STATE pseudo-register indicates whether the return address
is signed with a pointer authentication code. Add it to the register
definitions. It can be set through a normal CFI register rule or the
vendor-specific DW_CFA_AARCH64_negate_ra_state rule.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00
Omar Sandoval
9c9a2136f1 libdrgn: cfi: add rule to set register to constant
This will be used to implement DW_CFA_AARCH64_negate_ra_state. Also fix
a typographical error in a nearby comment.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00
Omar Sandoval
6bc55036e2 libdrgn: aarch64: add stack unwinding support
Add the basic register definitions and stack unwinding support
functions. Pointer authentication support will be added in subsequent
commits.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
2022-06-26 09:18:07 -07:00