From: Denys Vlasenko <vda.linux@googlemail.com>
To: Tim Bird <tim.bird@am.sony.com>
Cc: Andi Kleen <andi@firstfloor.org>, Oleg Nesterov <oleg@redhat.com>,
linux kernel <linux-kernel@vger.kernel.org>
Subject: Re: Questions about ptrace on a dying process
Date: Thu, 1 Mar 2012 08:12:54 +0100 [thread overview]
Message-ID: <201203010812.54769.vda.linux@googlemail.com> (raw)
In-Reply-To: <4F4E8E6A.2020601@am.sony.com>
On Wednesday 29 February 2012 21:45, Tim Bird wrote:
> On 02/29/2012 11:12 AM, Andi Kleen wrote:
> > Tim Bird <tim.bird@am.sony.com> writes:
> >
> >> ptrace maintainers (and interested parties)...
> >>
> >> I'm working on a crash handler for Linux, which uses ptrace to retrieve information
> >> about a process during it's coredump. Specifically, from within a core handler
> >> program (started within do_coredump() as a user_mode_helper), I would like to make
> >> ptrace calls against the dying process.
> >
> > The standard approach is to define a core pipe handler and parse the
> > elf memory dump.
>
> Yeah - I may be doing something new here. Android uses ptrace
> in debuggerd, which is their crash reporting tool, but they wake
> it up with signals before the dying program goes into coredump.
I think ptrace API does not provide guarantees that it is possible
to attach to the process when it coredumps.
It might work in current kernels, but might break in new ones.
> I'm taking a different approach and trying to do initiated
> by the coredump feature in Linux. This makes it so that
> a process does not need to be persistently running to capture
> these events.
>
> This is on embedded systems, where the dump is not saved. The dump
> is available via stdin to the core pipe handler, but it would be
> kind of a pain to wrapper that for random access, which is needed
> for stuff like stack unwinding.
Stack unwinding only requires the stack data and knowledge
of the mapped binary and library files. You can parse coredump's ELF header,
and skip all sizable data segments which you won't need anyway.
I estimate that usually you will need to save only ~150k of data
in order to produce a stacktrace, and even then,
only because Linux pre-allocates ridiculously large
stack for every new process - 132k. It can easily be reduced
to something saner with one-line patch.
--
vda
next prev parent reply other threads:[~2012-03-01 7:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-29 18:06 Questions about ptrace on a dying process Tim Bird
2012-02-29 18:50 ` Oleg Nesterov
2012-02-29 20:53 ` Tim Bird
2012-02-29 19:12 ` Andi Kleen
2012-02-29 20:45 ` Tim Bird
2012-03-01 7:12 ` Denys Vlasenko [this message]
2012-03-01 18:18 ` Tim Bird
2012-03-02 1:29 ` Denys Vlasenko
2012-03-01 18:30 ` Tim Bird
2012-03-01 19:02 ` Denys Vlasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201203010812.54769.vda.linux@googlemail.com \
--to=vda.linux@googlemail.com \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=tim.bird@am.sony.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox