Hi,
Continuing the discussion. I want to share a code dump of "gueststack", a
kernel module that collects stack traces from 64 bit Linux guest.
https://github.com/elazarl/gueststack#readme
I'll appreciate anyone who can read the code/README (it's a tiny module
~300 LOC), try it, and suggest impr
For future reference.
I examined what perf does when sampling the stack, (e.g. "-g").
0. Indeed, it does not support callchain when sampling guest KVM OS.
Probably because it's not trivial to find out safely where the stack starts
http://lxr.free-electrons.com/source/arch/x86/kernel/cpu/perf_eve
Don't new security features like memory location randomization etc. kind of
get in the way of what you want to do on any modern OS?
(The way I understand it you are trying to copy the stack from outside the
running/frozen OS).
Regards,
Eliyahu - אליהו
2014-12-21 21:22 GMT+02:00 Elazar Leibovich
It could very well be the case,
I just want to clarify, the reason I need the stack, is for
analyzing/debugging/profiling later by OS specific tools. So it is OK
to err on some pathological cases.
If you have a concrete idea that would fit many Linux versions - I'll
be happy to hear about it.
On
I think that any serious approach would include code for identifying the
OS and OS version in question, and using this information to find the
kernel stack.
Any generalized heuristic would risk missing pathological OS
configurations and new versions.
On the other hand, reliance upon OS identifica
Thanks,
On Sun, Dec 21, 2014 at 9:27 AM, Muli Ben-Yehuda wrote:
> On Fri, Dec 19, 2014 at 02:19:07PM +, Elazar Leibovich wrote:
>
>> I know where the stack ends, but how can I know where it begins?
>
> What assumptions can you make? Can you run kernel code in the VM
> (e.g., by cloning and re
On Fri, Dec 19, 2014 at 02:19:07PM +, Elazar Leibovich wrote:
> I know where the stack ends, but how can I know where it begins?
What assumptions can you make? Can you run kernel code in the VM
(e.g., by cloning and restarting it)? Can you assume it's running
Linux and/or Windows? Can you ass
