1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2012 by Delphix. All rights reserved. 25 * Copyright 2020 Joyent, Inc. 26 */ 27 28 #include <mdb/mdb_modapi.h> 29 #include <mdb/mdb_ctf.h> 30 31 #include <sys/types.h> 32 #include <sys/regset.h> 33 #include <sys/stack.h> 34 #include <sys/thread.h> 35 #include <sys/modctl.h> 36 37 #include "findstack.h" 38 #include "thread.h" 39 #include "sobj.h" 40 41 #define TOO_BIG_FOR_A_STACK (1024 * 1024) 42 43 #define KTOU(p) ((p) - kbase + ubase) 44 #define UTOK(p) ((p) - ubase + kbase) 45 46 #define CRAWL_FOUNDALL (-1) 47 48 #if defined(__i386) || defined(__amd64) 49 struct rwindow { 50 uintptr_t rw_fp; 51 uintptr_t rw_rtn; 52 }; 53 #endif 54 55 #ifndef STACK_BIAS 56 #define STACK_BIAS 0 57 #endif 58 59 /* 60 * Given a stack pointer, try to crawl down it to the bottom. 61 * "frame" is a VA in MDB's address space. 62 * 63 * Returns the number of frames successfully crawled down, or 64 * CRAWL_FOUNDALL if it got to the bottom of the stack. 65 */ 66 static int 67 crawl(uintptr_t frame, uintptr_t kbase, uintptr_t ktop, uintptr_t ubase, 68 int kill_fp, findstack_info_t *fsip) 69 { 70 int levels = 0; 71 72 fsip->fsi_depth = 0; 73 fsip->fsi_overflow = 0; 74 75 fs_dprintf(("<0> frame = %p, kbase = %p, ktop = %p, ubase = %p\n", 76 frame, kbase, ktop, ubase)); 77 for (;;) { 78 uintptr_t fp; 79 long *fpp = (long *)&((struct rwindow *)frame)->rw_fp; 80 81 fs_dprintf(("<1> fpp = %p, frame = %p\n", fpp, frame)); 82 83 if ((frame & (STACK_ALIGN - 1)) != 0) 84 break; 85 86 fp = ((struct rwindow *)frame)->rw_fp + STACK_BIAS; 87 if (fsip->fsi_depth < fsip->fsi_max_depth) 88 fsip->fsi_stack[fsip->fsi_depth++] = 89 ((struct rwindow *)frame)->rw_rtn; 90 else 91 fsip->fsi_overflow = 1; 92 93 fs_dprintf(("<2> fp = %p\n", fp)); 94 95 if (fp == ktop) 96 return (CRAWL_FOUNDALL); 97 fs_dprintf(("<3> not at base\n")); 98 99 #if defined(__i386) || defined(__amd64) 100 if (ktop - fp == sizeof (struct rwindow)) { 101 fs_dprintf(("<4> found base\n")); 102 return (CRAWL_FOUNDALL); 103 } 104 #endif 105 106 fs_dprintf(("<5> fp = %p, kbase = %p, ktop - size = %p\n", 107 fp, kbase, ktop - sizeof (struct rwindow))); 108 109 if (fp < kbase || fp >= (ktop - sizeof (struct rwindow))) 110 break; 111 112 frame = KTOU(fp); 113 fs_dprintf(("<6> frame = %p\n", frame)); 114 115 /* 116 * NULL out the old %fp so we don't go down this stack 117 * more than once. 118 */ 119 if (kill_fp) { 120 fs_dprintf(("<7> fpp = %p\n", fpp)); 121 *fpp = 0; 122 } 123 124 fs_dprintf(("<8> levels = %d\n", levels)); 125 levels++; 126 } 127 128 return (levels); 129 } 130 131 typedef struct mdb_findstack_kthread { 132 struct _sobj_ops *t_sobj_ops; 133 uint_t t_state; 134 uint_t t_flag; 135 ushort_t t_schedflag; 136 caddr_t t_stk; 137 caddr_t t_stkbase; 138 label_t t_pcb; 139 } mdb_findstack_kthread_t; 140 141 /*ARGSUSED*/ 142 int 143 stacks_findstack(uintptr_t addr, findstack_info_t *fsip, uint_t print_warnings) 144 { 145 mdb_findstack_kthread_t thr; 146 size_t stksz; 147 uintptr_t ubase, utop; 148 uintptr_t kbase, ktop; 149 uintptr_t win, sp; 150 151 fsip->fsi_failed = 0; 152 fsip->fsi_pc = 0; 153 fsip->fsi_sp = 0; 154 fsip->fsi_depth = 0; 155 fsip->fsi_overflow = 0; 156 157 if (mdb_ctf_vread(&thr, "kthread_t", "mdb_findstack_kthread_t", 158 addr, print_warnings ? 0 : MDB_CTF_VREAD_QUIET) == -1) { 159 fsip->fsi_failed = FSI_FAIL_BADTHREAD; 160 return (DCMD_ERR); 161 } 162 163 fsip->fsi_sobj_ops = (uintptr_t)thr.t_sobj_ops; 164 fsip->fsi_tstate = thr.t_state; 165 fsip->fsi_panic = !!(thr.t_flag & T_PANIC); 166 167 if ((thr.t_schedflag & TS_LOAD) == 0) { 168 if (print_warnings) 169 mdb_warn("thread %p isn't in memory\n", addr); 170 fsip->fsi_failed = FSI_FAIL_NOTINMEMORY; 171 return (DCMD_ERR); 172 } 173 174 if (thr.t_stk < thr.t_stkbase) { 175 if (print_warnings) 176 mdb_warn( 177 "stack base or stack top corrupt for thread %p\n", 178 addr); 179 fsip->fsi_failed = FSI_FAIL_THREADCORRUPT; 180 return (DCMD_ERR); 181 } 182 183 kbase = (uintptr_t)thr.t_stkbase; 184 ktop = (uintptr_t)thr.t_stk; 185 stksz = ktop - kbase; 186 187 #ifdef __amd64 188 /* 189 * The stack on amd64 is intentionally misaligned, so ignore the top 190 * half-frame. See thread_stk_init(). When handling traps, the frame 191 * is automatically aligned by the hardware, so we only alter ktop if 192 * needed. 193 */ 194 if ((ktop & (STACK_ALIGN - 1)) != 0) 195 ktop -= STACK_ENTRY_ALIGN; 196 #endif 197 198 /* 199 * If the stack size is larger than a meg, assume that it's bogus. 200 */ 201 if (stksz > TOO_BIG_FOR_A_STACK) { 202 if (print_warnings) 203 mdb_warn("stack size for thread %p is too big to be " 204 "reasonable\n", addr); 205 fsip->fsi_failed = FSI_FAIL_THREADCORRUPT; 206 return (DCMD_ERR); 207 } 208 209 /* 210 * This could be (and was) a UM_GC allocation. Unfortunately, 211 * stksz tends to be very large. As currently implemented, dcmds 212 * invoked as part of pipelines don't have their UM_GC-allocated 213 * memory freed until the pipeline completes. With stksz in the 214 * neighborhood of 20k, the popular ::walk thread |::findstack 215 * pipeline can easily run memory-constrained debuggers (kmdb) out 216 * of memory. This can be changed back to a gc-able allocation when 217 * the debugger is changed to free UM_GC memory more promptly. 218 */ 219 ubase = (uintptr_t)mdb_alloc(stksz, UM_SLEEP); 220 utop = ubase + stksz; 221 if (mdb_vread((caddr_t)ubase, stksz, kbase) != stksz) { 222 mdb_free((void *)ubase, stksz); 223 if (print_warnings) 224 mdb_warn("couldn't read entire stack for thread %p\n", 225 addr); 226 fsip->fsi_failed = FSI_FAIL_THREADCORRUPT; 227 return (DCMD_ERR); 228 } 229 230 /* 231 * Try the saved %sp first, if it looks reasonable. 232 */ 233 sp = KTOU((uintptr_t)thr.t_sp + STACK_BIAS); 234 if (sp >= ubase && sp <= utop) { 235 if (crawl(sp, kbase, ktop, ubase, 0, fsip) == CRAWL_FOUNDALL) { 236 fsip->fsi_sp = (uintptr_t)thr.t_sp; 237 #if !defined(__i386) 238 fsip->fsi_pc = (uintptr_t)thr.t_pc; 239 #endif 240 goto found; 241 } 242 } 243 244 /* 245 * Now walk through the whole stack, starting at the base, 246 * trying every possible "window". 247 */ 248 for (win = ubase; 249 win + sizeof (struct rwindow) <= utop; 250 win += sizeof (struct rwindow *)) { 251 if (crawl(win, kbase, ktop, ubase, 1, fsip) == CRAWL_FOUNDALL) { 252 fsip->fsi_sp = UTOK(win) - STACK_BIAS; 253 goto found; 254 } 255 } 256 257 /* 258 * We didn't conclusively find the stack. So we'll take another lap, 259 * and print out anything that looks possible. 260 */ 261 if (print_warnings) 262 mdb_printf("Possible stack pointers for thread %p:\n", addr); 263 (void) mdb_vread((caddr_t)ubase, stksz, kbase); 264 265 for (win = ubase; 266 win + sizeof (struct rwindow) <= utop; 267 win += sizeof (struct rwindow *)) { 268 uintptr_t fp = ((struct rwindow *)win)->rw_fp; 269 int levels; 270 271 if ((levels = crawl(win, kbase, ktop, ubase, 1, fsip)) > 1) { 272 if (print_warnings) 273 mdb_printf(" %p (%d)\n", fp, levels); 274 } else if (levels == CRAWL_FOUNDALL) { 275 /* 276 * If this is a live system, the stack could change 277 * between the two mdb_vread(ubase, utop, kbase)'s, 278 * and we could have a fully valid stack here. 279 */ 280 fsip->fsi_sp = UTOK(win) - STACK_BIAS; 281 goto found; 282 } 283 } 284 285 fsip->fsi_depth = 0; 286 fsip->fsi_overflow = 0; 287 fsip->fsi_failed = FSI_FAIL_STACKNOTFOUND; 288 289 mdb_free((void *)ubase, stksz); 290 return (DCMD_ERR); 291 found: 292 mdb_free((void *)ubase, stksz); 293 return (DCMD_OK); 294 } 295 296 void 297 stacks_findstack_cleanup() 298 {} 299 300 /*ARGSUSED*/ 301 int 302 stacks_module_cb(uintptr_t addr, const modctl_t *mp, stacks_module_t *smp) 303 { 304 char mod_modname[MODMAXNAMELEN + 1]; 305 306 if (!mp->mod_modname) 307 return (WALK_NEXT); 308 309 if (mdb_readstr(mod_modname, sizeof (mod_modname), 310 (uintptr_t)mp->mod_modname) == -1) { 311 mdb_warn("failed to read mod_modname in \"modctl\" walk"); 312 return (WALK_ERR); 313 } 314 315 if (strcmp(smp->sm_name, mod_modname)) 316 return (WALK_NEXT); 317 318 smp->sm_text = (uintptr_t)mp->mod_text; 319 smp->sm_size = mp->mod_text_size; 320 321 return (WALK_DONE); 322 } 323 324 int 325 stacks_module(stacks_module_t *smp) 326 { 327 if (mdb_walk("modctl", (mdb_walk_cb_t)stacks_module_cb, smp) != 0) { 328 mdb_warn("cannot walk \"modctl\""); 329 return (-1); 330 } 331 332 return (0); 333 } 334 335 /*ARGSUSED*/ 336 static void 337 print_sobj_help(int type, const char *name, const char *ops_name, void *ign) 338 { 339 mdb_printf(" %s", name); 340 } 341 342 /*ARGSUSED*/ 343 static void 344 print_tstate_help(uint_t state, const char *name, void *ignored) 345 { 346 mdb_printf(" %s", name); 347 } 348 349 void 350 stacks_help(void) 351 { 352 mdb_printf( 353 "::stacks processes all of the thread stacks on the system, grouping\n" 354 "together threads which have the same:\n" 355 "\n" 356 " * Thread state,\n" 357 " * Sync object type, and\n" 358 " * PCs in their stack trace.\n" 359 "\n" 360 "The default output (no address or options) is just a dump of the thread\n" 361 "groups in the system. For a view of active threads, use \"::stacks -i\",\n" 362 "which filters out FREE threads (interrupt threads which are currently\n" 363 "inactive) and threads sleeping on a CV. (Note that those threads may still\n" 364 "be noteworthy; this is just for a first glance.) More general filtering\n" 365 "options are described below, in the \"FILTERS\" section.\n" 366 "\n" 367 "::stacks can be used in a pipeline. The input to ::stacks is one or more\n" 368 "thread pointers. For example, to get a summary of threads in a process,\n" 369 "you can do:\n" 370 "\n" 371 " %<b>procp%</b>::walk thread | ::stacks\n" 372 "\n" 373 "When output into a pipe, ::stacks prints all of the threads input,\n" 374 "filtered by the given filtering options. This means that multiple\n" 375 "::stacks invocations can be piped together to achieve more complicated\n" 376 "filters. For example, to get threads which have both 'fop_read' and\n" 377 "'cv_wait_sig_swap' in their stack trace, you could do:\n" 378 "\n" 379 " ::stacks -c fop_read | ::stacks -c cv_wait_sig_swap_core\n" 380 "\n" 381 "To get the full list of threads in each group, use the '-a' flag:\n" 382 "\n" 383 " ::stacks -a\n" 384 "\n"); 385 mdb_dec_indent(2); 386 mdb_printf("%<b>OPTIONS%</b>\n"); 387 mdb_inc_indent(2); 388 mdb_printf("%s", 389 " -a Print all of the grouped threads, instead of just a count.\n" 390 " -f Force a re-run of the thread stack gathering.\n" 391 " -v Be verbose about thread stack gathering.\n" 392 "\n"); 393 mdb_dec_indent(2); 394 mdb_printf("%<b>FILTERS%</b>\n"); 395 mdb_inc_indent(2); 396 mdb_printf("%s", 397 " -i Show active threads; equivalent to '-S CV -T FREE'.\n" 398 " -c func[+offset]\n" 399 " Only print threads whose stacks contain func/func+offset.\n" 400 " -C func[+offset]\n" 401 " Only print threads whose stacks do not contain func/func+offset.\n" 402 " -m module\n" 403 " Only print threads whose stacks contain functions from module.\n" 404 " -M module\n" 405 " Only print threads whose stacks do not contain functions from\n" 406 " module.\n" 407 " -s {type | ALL}\n" 408 " Only print threads which are on a 'type' synchronization object\n" 409 " (SOBJ).\n" 410 " -S {type | ALL}\n" 411 " Only print threads which are not on a 'type' SOBJ.\n" 412 " -t tstate\n" 413 " Only print threads which are in thread state 'tstate'.\n" 414 " -T tstate\n" 415 " Only print threads which are not in thread state 'tstate'.\n" 416 "\n"); 417 mdb_printf(" SOBJ types:"); 418 sobj_type_walk(print_sobj_help, NULL); 419 mdb_printf("\n"); 420 mdb_printf("Thread states:"); 421 thread_walk_states(print_tstate_help, NULL); 422 mdb_printf(" panic\n"); 423 } 424