Monday 23 August 2010

CTF On Linux: ctfconvert

I am adding the ctfconvert binary in the next release of dtrace.
This is an important utility because it helps to complete the loop
on having CTF (Compact Type Framework) data on Linux.


This data is needed so that SDT can access kernel structures, e.g.
for the io:::start probe and others.


I spent the last week trying to work out where/what this missing
piece was. Why can't dtrace use structures defined in /usr/lib/dtrace/*.d.
Now I know why: because everything it possibly wants to know is sitting
in the kernel binary. Except on Linux, where we have no CTF data in
the kernel.


So we need to provide an alternate mechanism to get to the Linux kernel
structures. Enter ctfconvert.


I took the code from Apple/MacOS, which is pretty much the same as
the Solaris code plus/minus some Apple code changes.


So, heres the first Linux object file with a .SUNW_ctf section.


As a note: on the next dtrace release, you will need libdwarf-dev and
binutils-dev packages if you want this binary to be built.
(DTrace will build without those, but display a warning).


Next step is to figure out how to get a shadowed kernel file.
(Should be straightforward, but its now on my todo list).


/home/fox/src/dtrace@delly: build/ctfconvert -L lab1 -o /tmp/ctf build/ctfconvert.obj/ctfconvert.o
/home/fox/src/dtrace@delly: objdump -h /tmp/ctf

/tmp/ctf:     file format elf64-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         00000659  0000000000000000  0000000000000000  00000040  2**2
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
  1 .data         00000000  0000000000000000  0000000000000000  000011b0  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  2 .bss          0000001c  0000000000000000  0000000000000000  000011b0  2**3
                  ALLOC
  3 .rodata       00000402  0000000000000000  0000000000000000  000011b0  2**4
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
  4 .comment      00000024  0000000000000000  0000000000000000  000019f0  2**0
                  CONTENTS, READONLY
  5 .note.GNU-stack 00000000  0000000000000000  0000000000000000  00001a14  2**0
                  CONTENTS, READONLY
  6 .eh_frame     000000a8  0000000000000000  0000000000000000  00001a18  2**3
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
  7 .SUNW_ctf     00000764  0000000000000000  0000000000000000  00002458  2**2
                  CONTENTS, READONLY



Post created by CRiSP v10.0.2a-b5886


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)