Reconstructing corrupt stacks/patching frame pointers

Reconstructing corrupt stacks/patching frame pointers

[Eric Cooper]

Hello,
  I have a kernel core dump with a corrupt stack and I can identify the stack location that is corrupted and what it should be and I want to write the correct frame pointer to the stack so that bt and frame x work. I have tried that using the "set" command and it says:
  kvm_write not implemented for dead kernels.

  I see this code is in kvm-fbsd.c (I am using BSD) and I have hacked around a little bit to allow the write but ultimately it fails on writes to /dev/kmem. Is there a reasonable way to do what I want to achieve?

Thanks in advance,
Eric

Re: Reconstructing corrupt stacks/patching frame pointers

[Michael Snyder]

Eric Cooper wrote:
> Hello,
>   I have a kernel core dump with a corrupt stack and I can identify the stack location that is corrupted and what it should be and I want to write the correct frame pointer to the stack so that bt and frame x work. I have tried that using the "set" command and it says:
>   kvm_write not implemented for dead kernels.
> 
>   I see this code is in kvm-fbsd.c (I am using BSD) and I have hacked around a little bit to allow the write but ultimately it fails on writes to /dev/kmem. Is there a reasonable way to do what I want to achieve?

I presume this is a core dump from a Free BSD system.

Unfortunately, for the most part, the folks here in the gdb
maintainer group don't play a very active role in maintaining
the bits for gdb on BSD.  Somebody may correct me if I'm wrong...

You may need to approach the Free BSD community for this.

Re: Reconstructing corrupt stacks/patching frame pointers

[Daniel Jacobowitz]

On Wed, Dec 10, 2008 at 03:16:32PM -0800, Michael Snyder wrote:
> I presume this is a core dump from a Free BSD system.
>
> Unfortunately, for the most part, the folks here in the gdb
> maintainer group don't play a very active role in maintaining
> the bits for gdb on BSD.  Somebody may correct me if I'm wrong...
>
> You may need to approach the Free BSD community for this.

Well, Mark Kettenis does.  But the problem is general to all core
files; I've seen requests to change the $sp in Linux corefiles too.

-- 
Daniel Jacobowitz
CodeSourcery

Re: Reconstructing corrupt stacks/patching frame pointers

[Michael Snyder]

Daniel Jacobowitz wrote:
> On Wed, Dec 10, 2008 at 03:16:32PM -0800, Michael Snyder wrote:
>> I presume this is a core dump from a Free BSD system.
>>
>> Unfortunately, for the most part, the folks here in the gdb
>> maintainer group don't play a very active role in maintaining
>> the bits for gdb on BSD.  Somebody may correct me if I'm wrong...
>>
>> You may need to approach the Free BSD community for this.
> 
> Well, Mark Kettenis does.  But the problem is general to all core
> files; I've seen requests to change the $sp in Linux corefiles too.

It might be possible with a normal elf core file.
I know there is a mode that allows gdb to treat a
corefile as read-write.  Lemme see... here it is:
"help set write".

Don't know whether it works for registers...

Don't know whether it works with fbsd kgdb...

Re: Reconstructing corrupt stacks/patching frame pointers

[Daniel Jacobowitz]

On Thu, Dec 11, 2008 at 10:01:01AM -0800, Michael Snyder wrote:
> Don't know whether it works for registers...

It doesn't yet.

-- 
Daniel Jacobowitz
CodeSourcery

Re: Reconstructing corrupt stacks/patching frame pointers

[Michael Snyder]

Daniel Jacobowitz wrote:
> On Thu, Dec 11, 2008 at 10:01:01AM -0800, Michael Snyder wrote:
>> Don't know whether it works for registers...
> 
> It doesn't yet.

Does that mean you're working on it?
If not, I might look into it myself...

Re: Reconstructing corrupt stacks/patching frame pointers

[Daniel Jacobowitz]

On Thu, Dec 11, 2008 at 04:12:43PM -0800, Michael Snyder wrote:
> Daniel Jacobowitz wrote:
>> On Thu, Dec 11, 2008 at 10:01:01AM -0800, Michael Snyder wrote:
>>> Don't know whether it works for registers...
>>
>> It doesn't yet.
>
> Does that mean you're working on it?

No, just that someone ought to.  I don't think tieing it to 'set write'
is the best idea; I'd like to be able to poke around, without having
to make a copy of the core dump.

-- 
Daniel Jacobowitz
CodeSourcery