1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2012 by Delphix. All rights reserved.
25 * Copyright 2020 Joyent, Inc.
26 */
27
28 #include <mdb/mdb_modapi.h>
29 #include <mdb/mdb_ctf.h>
30
31 #include <sys/types.h>
32 #include <sys/regset.h>
33 #include <sys/stack.h>
34 #include <sys/thread.h>
35 #include <sys/modctl.h>
36
37 #include "findstack.h"
38 #include "thread.h"
39 #include "sobj.h"
40
41 #define TOO_BIG_FOR_A_STACK (1024 * 1024)
42
43 #define KTOU(p) ((p) - kbase + ubase)
44 #define UTOK(p) ((p) - ubase + kbase)
45
46 #define CRAWL_FOUNDALL (-1)
47
48 #if defined(__i386) || defined(__amd64)
49 struct rwindow {
50 uintptr_t rw_fp;
51 uintptr_t rw_rtn;
52 };
53 #endif
54
55 #ifndef STACK_BIAS
56 #define STACK_BIAS 0
57 #endif
58
59 /*
60 * Given a stack pointer, try to crawl down it to the bottom.
61 * "frame" is a VA in MDB's address space.
62 *
63 * Returns the number of frames successfully crawled down, or
64 * CRAWL_FOUNDALL if it got to the bottom of the stack.
65 */
66 static int
crawl(uintptr_t frame,uintptr_t kbase,uintptr_t ktop,uintptr_t ubase,int kill_fp,findstack_info_t * fsip)67 crawl(uintptr_t frame, uintptr_t kbase, uintptr_t ktop, uintptr_t ubase,
68 int kill_fp, findstack_info_t *fsip)
69 {
70 int levels = 0;
71
72 fsip->fsi_depth = 0;
73 fsip->fsi_overflow = 0;
74
75 fs_dprintf(("<0> frame = %p, kbase = %p, ktop = %p, ubase = %p\n",
76 frame, kbase, ktop, ubase));
77 for (;;) {
78 uintptr_t fp;
79 long *fpp = (long *)&((struct rwindow *)frame)->rw_fp;
80
81 fs_dprintf(("<1> fpp = %p, frame = %p\n", fpp, frame));
82
83 if ((frame & (STACK_ALIGN - 1)) != 0)
84 break;
85
86 fp = ((struct rwindow *)frame)->rw_fp + STACK_BIAS;
87 if (fsip->fsi_depth < fsip->fsi_max_depth)
88 fsip->fsi_stack[fsip->fsi_depth++] =
89 ((struct rwindow *)frame)->rw_rtn;
90 else
91 fsip->fsi_overflow = 1;
92
93 fs_dprintf(("<2> fp = %p\n", fp));
94
95 if (fp == ktop)
96 return (CRAWL_FOUNDALL);
97 fs_dprintf(("<3> not at base\n"));
98
99 #if defined(__i386) || defined(__amd64)
100 if (ktop - fp == sizeof (struct rwindow)) {
101 fs_dprintf(("<4> found base\n"));
102 return (CRAWL_FOUNDALL);
103 }
104 #endif
105
106 fs_dprintf(("<5> fp = %p, kbase = %p, ktop - size = %p\n",
107 fp, kbase, ktop - sizeof (struct rwindow)));
108
109 if (fp < kbase || fp >= (ktop - sizeof (struct rwindow)))
110 break;
111
112 frame = KTOU(fp);
113 fs_dprintf(("<6> frame = %p\n", frame));
114
115 /*
116 * NULL out the old %fp so we don't go down this stack
117 * more than once.
118 */
119 if (kill_fp) {
120 fs_dprintf(("<7> fpp = %p\n", fpp));
121 *fpp = 0;
122 }
123
124 fs_dprintf(("<8> levels = %d\n", levels));
125 levels++;
126 }
127
128 return (levels);
129 }
130
131 typedef struct mdb_findstack_kthread {
132 struct _sobj_ops *t_sobj_ops;
133 uint_t t_state;
134 uint_t t_flag;
135 ushort_t t_schedflag;
136 caddr_t t_stk;
137 caddr_t t_stkbase;
138 label_t t_pcb;
139 } mdb_findstack_kthread_t;
140
141 /*ARGSUSED*/
142 int
stacks_findstack(uintptr_t addr,findstack_info_t * fsip,uint_t print_warnings)143 stacks_findstack(uintptr_t addr, findstack_info_t *fsip, uint_t print_warnings)
144 {
145 mdb_findstack_kthread_t thr;
146 size_t stksz;
147 uintptr_t ubase, utop;
148 uintptr_t kbase, ktop;
149 uintptr_t win, sp;
150
151 fsip->fsi_failed = 0;
152 fsip->fsi_pc = 0;
153 fsip->fsi_sp = 0;
154 fsip->fsi_depth = 0;
155 fsip->fsi_overflow = 0;
156
157 if (mdb_ctf_vread(&thr, "kthread_t", "mdb_findstack_kthread_t",
158 addr, print_warnings ? 0 : MDB_CTF_VREAD_QUIET) == -1) {
159 fsip->fsi_failed = FSI_FAIL_BADTHREAD;
160 return (DCMD_ERR);
161 }
162
163 fsip->fsi_sobj_ops = (uintptr_t)thr.t_sobj_ops;
164 fsip->fsi_tstate = thr.t_state;
165 fsip->fsi_panic = !!(thr.t_flag & T_PANIC);
166
167 if ((thr.t_schedflag & TS_LOAD) == 0) {
168 if (print_warnings)
169 mdb_warn("thread %p isn't in memory\n", addr);
170 fsip->fsi_failed = FSI_FAIL_NOTINMEMORY;
171 return (DCMD_ERR);
172 }
173
174 if (thr.t_stk < thr.t_stkbase) {
175 if (print_warnings)
176 mdb_warn(
177 "stack base or stack top corrupt for thread %p\n",
178 addr);
179 fsip->fsi_failed = FSI_FAIL_THREADCORRUPT;
180 return (DCMD_ERR);
181 }
182
183 kbase = (uintptr_t)thr.t_stkbase;
184 ktop = (uintptr_t)thr.t_stk;
185 stksz = ktop - kbase;
186
187 #ifdef __amd64
188 /*
189 * The stack on amd64 is intentionally misaligned, so ignore the top
190 * half-frame. See thread_stk_init(). When handling traps, the frame
191 * is automatically aligned by the hardware, so we only alter ktop if
192 * needed.
193 */
194 if ((ktop & (STACK_ALIGN - 1)) != 0)
195 ktop -= STACK_ENTRY_ALIGN;
196 #endif
197
198 /*
199 * If the stack size is larger than a meg, assume that it's bogus.
200 */
201 if (stksz > TOO_BIG_FOR_A_STACK) {
202 if (print_warnings)
203 mdb_warn("stack size for thread %p is too big to be "
204 "reasonable\n", addr);
205 fsip->fsi_failed = FSI_FAIL_THREADCORRUPT;
206 return (DCMD_ERR);
207 }
208
209 /*
210 * This could be (and was) a UM_GC allocation. Unfortunately,
211 * stksz tends to be very large. As currently implemented, dcmds
212 * invoked as part of pipelines don't have their UM_GC-allocated
213 * memory freed until the pipeline completes. With stksz in the
214 * neighborhood of 20k, the popular ::walk thread |::findstack
215 * pipeline can easily run memory-constrained debuggers (kmdb) out
216 * of memory. This can be changed back to a gc-able allocation when
217 * the debugger is changed to free UM_GC memory more promptly.
218 */
219 ubase = (uintptr_t)mdb_alloc(stksz, UM_SLEEP);
220 utop = ubase + stksz;
221 if (mdb_vread((caddr_t)ubase, stksz, kbase) != stksz) {
222 mdb_free((void *)ubase, stksz);
223 if (print_warnings)
224 mdb_warn("couldn't read entire stack for thread %p\n",
225 addr);
226 fsip->fsi_failed = FSI_FAIL_THREADCORRUPT;
227 return (DCMD_ERR);
228 }
229
230 /*
231 * Try the saved %sp first, if it looks reasonable.
232 */
233 sp = KTOU((uintptr_t)thr.t_sp + STACK_BIAS);
234 if (sp >= ubase && sp <= utop) {
235 if (crawl(sp, kbase, ktop, ubase, 0, fsip) == CRAWL_FOUNDALL) {
236 fsip->fsi_sp = (uintptr_t)thr.t_sp;
237 #if !defined(__i386)
238 fsip->fsi_pc = (uintptr_t)thr.t_pc;
239 #endif
240 goto found;
241 }
242 }
243
244 /*
245 * Now walk through the whole stack, starting at the base,
246 * trying every possible "window".
247 */
248 for (win = ubase;
249 win + sizeof (struct rwindow) <= utop;
250 win += sizeof (struct rwindow *)) {
251 if (crawl(win, kbase, ktop, ubase, 1, fsip) == CRAWL_FOUNDALL) {
252 fsip->fsi_sp = UTOK(win) - STACK_BIAS;
253 goto found;
254 }
255 }
256
257 /*
258 * We didn't conclusively find the stack. So we'll take another lap,
259 * and print out anything that looks possible.
260 */
261 if (print_warnings)
262 mdb_printf("Possible stack pointers for thread %p:\n", addr);
263 (void) mdb_vread((caddr_t)ubase, stksz, kbase);
264
265 for (win = ubase;
266 win + sizeof (struct rwindow) <= utop;
267 win += sizeof (struct rwindow *)) {
268 uintptr_t fp = ((struct rwindow *)win)->rw_fp;
269 int levels;
270
271 if ((levels = crawl(win, kbase, ktop, ubase, 1, fsip)) > 1) {
272 if (print_warnings)
273 mdb_printf(" %p (%d)\n", fp, levels);
274 } else if (levels == CRAWL_FOUNDALL) {
275 /*
276 * If this is a live system, the stack could change
277 * between the two mdb_vread(ubase, utop, kbase)'s,
278 * and we could have a fully valid stack here.
279 */
280 fsip->fsi_sp = UTOK(win) - STACK_BIAS;
281 goto found;
282 }
283 }
284
285 fsip->fsi_depth = 0;
286 fsip->fsi_overflow = 0;
287 fsip->fsi_failed = FSI_FAIL_STACKNOTFOUND;
288
289 mdb_free((void *)ubase, stksz);
290 return (DCMD_ERR);
291 found:
292 mdb_free((void *)ubase, stksz);
293 return (DCMD_OK);
294 }
295
296 void
stacks_findstack_cleanup()297 stacks_findstack_cleanup()
298 {}
299
300 /*ARGSUSED*/
301 int
stacks_module_cb(uintptr_t addr,const modctl_t * mp,stacks_module_t * smp)302 stacks_module_cb(uintptr_t addr, const modctl_t *mp, stacks_module_t *smp)
303 {
304 char mod_modname[MODMAXNAMELEN + 1];
305
306 if (!mp->mod_modname)
307 return (WALK_NEXT);
308
309 if (mdb_readstr(mod_modname, sizeof (mod_modname),
310 (uintptr_t)mp->mod_modname) == -1) {
311 mdb_warn("failed to read mod_modname in \"modctl\" walk");
312 return (WALK_ERR);
313 }
314
315 if (strcmp(smp->sm_name, mod_modname))
316 return (WALK_NEXT);
317
318 smp->sm_text = (uintptr_t)mp->mod_text;
319 smp->sm_size = mp->mod_text_size;
320
321 return (WALK_DONE);
322 }
323
324 int
stacks_module(stacks_module_t * smp)325 stacks_module(stacks_module_t *smp)
326 {
327 if (mdb_walk("modctl", (mdb_walk_cb_t)stacks_module_cb, smp) != 0) {
328 mdb_warn("cannot walk \"modctl\"");
329 return (-1);
330 }
331
332 return (0);
333 }
334
335 /*ARGSUSED*/
336 static void
print_sobj_help(int type,const char * name,const char * ops_name,void * ign)337 print_sobj_help(int type, const char *name, const char *ops_name, void *ign)
338 {
339 mdb_printf(" %s", name);
340 }
341
342 /*ARGSUSED*/
343 static void
print_tstate_help(uint_t state,const char * name,void * ignored)344 print_tstate_help(uint_t state, const char *name, void *ignored)
345 {
346 mdb_printf(" %s", name);
347 }
348
349 void
stacks_help(void)350 stacks_help(void)
351 {
352 mdb_printf(
353 "::stacks processes all of the thread stacks on the system, grouping\n"
354 "together threads which have the same:\n"
355 "\n"
356 " * Thread state,\n"
357 " * Sync object type, and\n"
358 " * PCs in their stack trace.\n"
359 "\n"
360 "The default output (no address or options) is just a dump of the thread\n"
361 "groups in the system. For a view of active threads, use \"::stacks -i\",\n"
362 "which filters out FREE threads (interrupt threads which are currently\n"
363 "inactive) and threads sleeping on a CV. (Note that those threads may still\n"
364 "be noteworthy; this is just for a first glance.) More general filtering\n"
365 "options are described below, in the \"FILTERS\" section.\n"
366 "\n"
367 "::stacks can be used in a pipeline. The input to ::stacks is one or more\n"
368 "thread pointers. For example, to get a summary of threads in a process,\n"
369 "you can do:\n"
370 "\n"
371 " %<b>procp%</b>::walk thread | ::stacks\n"
372 "\n"
373 "When output into a pipe, ::stacks prints all of the threads input,\n"
374 "filtered by the given filtering options. This means that multiple\n"
375 "::stacks invocations can be piped together to achieve more complicated\n"
376 "filters. For example, to get threads which have both 'fop_read' and\n"
377 "'cv_wait_sig_swap' in their stack trace, you could do:\n"
378 "\n"
379 " ::stacks -c fop_read | ::stacks -c cv_wait_sig_swap_core\n"
380 "\n"
381 "To get the full list of threads in each group, use the '-a' flag:\n"
382 "\n"
383 " ::stacks -a\n"
384 "\n");
385 mdb_dec_indent(2);
386 mdb_printf("%<b>OPTIONS%</b>\n");
387 mdb_inc_indent(2);
388 mdb_printf("%s",
389 " -a Print all of the grouped threads, instead of just a count.\n"
390 " -f Force a re-run of the thread stack gathering.\n"
391 " -v Be verbose about thread stack gathering.\n"
392 "\n");
393 mdb_dec_indent(2);
394 mdb_printf("%<b>FILTERS%</b>\n");
395 mdb_inc_indent(2);
396 mdb_printf("%s",
397 " -i Show active threads; equivalent to '-S CV -T FREE'.\n"
398 " -c func[+offset]\n"
399 " Only print threads whose stacks contain func/func+offset.\n"
400 " -C func[+offset]\n"
401 " Only print threads whose stacks do not contain func/func+offset.\n"
402 " -m module\n"
403 " Only print threads whose stacks contain functions from module.\n"
404 " -M module\n"
405 " Only print threads whose stacks do not contain functions from\n"
406 " module.\n"
407 " -s {type | ALL}\n"
408 " Only print threads which are on a 'type' synchronization object\n"
409 " (SOBJ).\n"
410 " -S {type | ALL}\n"
411 " Only print threads which are not on a 'type' SOBJ.\n"
412 " -t tstate\n"
413 " Only print threads which are in thread state 'tstate'.\n"
414 " -T tstate\n"
415 " Only print threads which are not in thread state 'tstate'.\n"
416 "\n");
417 mdb_printf(" SOBJ types:");
418 sobj_type_walk(print_sobj_help, NULL);
419 mdb_printf("\n");
420 mdb_printf("Thread states:");
421 thread_walk_states(print_tstate_help, NULL);
422 mdb_printf(" panic\n");
423 }
424