From owner-freebsd-hackers@freebsd.org Thu Dec 24 20:01:49 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8D61A5094C for ; Thu, 24 Dec 2015 20:01:49 +0000 (UTC) (envelope-from arlie@worldash.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B9CB31EE0 for ; Thu, 24 Dec 2015 20:01:49 +0000 (UTC) (envelope-from arlie@worldash.org) Received: by mailman.ysv.freebsd.org (Postfix) id BA133A50947; Thu, 24 Dec 2015 20:01:49 +0000 (UTC) Delivered-To: hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7CBCA50946; Thu, 24 Dec 2015 20:01:49 +0000 (UTC) (envelope-from arlie@worldash.org) Received: from ansuz.worldash.org (ansuz.worldash.org [198.144.201.100]) by mx1.freebsd.org (Postfix) with ESMTP id 8F6C11EDE; Thu, 24 Dec 2015 20:01:49 +0000 (UTC) (envelope-from arlie@worldash.org) Received: by ansuz.worldash.org (Postfix, from userid 1000) id 66A49E1923; Thu, 24 Dec 2015 12:04:09 -0800 (PST) Date: Thu, 24 Dec 2015 12:04:09 -0800 From: Arlie Stephens To: John Baldwin Cc: freebsd-hackers@freebsd.org, hackers@freebsd.org Subject: Re: Examining Page Tables in Kernel Crash Dumps (amd64) Message-ID: <20151224200409.GA10873@worldash.org> References: <20151222235920.GA21736@worldash.org> <2188443.PY7dC12t9i@ralph.baldwin.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2188443.PY7dC12t9i@ralph.baldwin.cx> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2015 20:01:49 -0000 On Dec 24 2015, John Baldwin wrote: > > On Tuesday, December 22, 2015 03:59:20 PM Arlie Stephens wrote: [snip] > > So far, the only way I know to get a look at kernel page table > > contents in FreeBSD is on live systems with ddb. > > > > I would like to know whether there are any tools I haven't noticed for > > dealing with page tables in crash dumps - or, for that matter, whether > > kgdb is supposed to be able to display the kernel's recursive page > > tables. > > > > Failing that, I may just have to write one ;-) (Or figure out how to > > chase my problem on live systems.) > > kgdb depends on libkvm to handle translations of virtual addresses to > offsets in the vmcore file (which is then used by kvm_read to read the > relevant data). On amd64 you can cheat a bit by using direct map > addresses (I use this in my gdb macros to walk the page tables by > hand so I can look at raw PDEs, PTEs, etc.). > > (For the macros I use you can look at www.freebsd.org/~jhb/gdb/gdb6.amd64) > > Normally you download the files there and do 'source gdb6' which will pull > in gdb6.amd64. The 'pmap_*' macros try to replicate the behavior of the > equivalent functions in pmap.c. Many thanks! This looks like exactly what I was looking for. I'd missed the trick of using the direct map to get at the page tables themselves - I was trying to start with PDmap. (Following the kernel code really closely is what you do when you aren't sure you understand how it works :-( ) FWIW, I'd missed a few other tricks of the trade as well. You are doing things in your gdb scripts I didn't know were possible. Thanks for that too. -- Arlie (Arlie Stephens arlie@worldash.org)