Read ELF build ids directly from the target process instead of mmap()ing libraries #71
Comments
|
Although, if we expect that those will all be close to the start of the file — and in practice they seem to be within the first ~1k — we could just copy in some convenient small amount like 4k (in one syscall, if we have #72), and fall back to larger sizes if we get We'd still want to use that |
|
We'd need to fetch some strings from the STRTAB to find the appropriate note, but we could do that lazily and it would require only a handful of extra system calls. The whole STRTAB for libxul.so is ~5MiB in my local build so we could also load it in its entirety if lazy-parsing doesn't work. |
|
Note: I've experimented with lazy parsing via goblin and it's working just fine. |
|
there's m4b/goblin#391 to fix some of it? |
|
And in fact whole feature is in https://phabricator.services.mozilla.com/D199710 |
gabrielesvelto
changed the title
|
I'm working on this now (can't assign myself though), based off of https://phabricator.services.mozilla.com/D199710. Though depending on how expensive/slow ptrace PEEKDATA is, it'd still be a lot less memory reading (fewer ptrace calls) to lazy parse ourselves rather than using |
Closes rust-minidump#71. A few things to consider: * Since we read from the process memory, the process must be in ptrace-stop (see `test_file_id`). This changes when the build ids can be read. Previously they could be read without the process being stopped if the mapped files still existed (and were hopefully the same that the process was using). * The previous implementation made some mutations to deleted mapping names (removing the ` (deleted)` suffix). We need to decide whether we still want/need this behavior. In the meantime I commented out a failing test assertion.
Closes rust-minidump#71. A few things to consider: * Since we read from the process memory, the process must be in ptrace-stop (see `test_file_id`). This changes when the build ids can be read. Previously they could be read without the process being stopped if the mapped files still existed (and were hopefully the same that the process was using). * The previous implementation made some mutations to deleted mapping names (removing the ` (deleted)` suffix). We need to decide whether we still want/need this behavior. In the meantime I commented out a failing test assertion.
Closes rust-minidump#71. A few things to consider: * Since we read from the process memory, the process must be in ptrace-stop (see `test_file_id`). This changes when the build ids can be read. Previously they could be read without the process being stopped if the mapped files still existed (and were hopefully the same that the process was using). * The previous implementation made some mutations to deleted mapping names (removing the ` (deleted)` suffix). We need to decide whether we still want/need this behavior. In the meantime I commented out a failing test assertion.
* Read ELF build ids directly from the target process. Closes #71. A few things to consider: * Since we read from the process memory, the process must be in ptrace-stop (see `test_file_id`). This changes when the build ids can be read. Previously they could be read without the process being stopped if the mapped files still existed (and were hopefully the same that the process was using). * The previous implementation made some mutations to deleted mapping names (removing the ` (deleted)` suffix). We need to decide whether we still want/need this behavior. In the meantime I commented out a failing test assertion. * Address review comments. * Always remove ` (deleted)` from module names at parse time. * Fix failing CI tests. This test needed to be disabled due to permissions issues. * Improve error handling of strtab and impl ModuleMemory for &[u8]. * Add tests to build id reader.
Closes #71. A few things to consider: * Since we read from the process memory, the process must be in ptrace-stop (see `test_file_id`). This changes when the build ids can be read. Previously they could be read without the process being stopped if the mapped files still existed (and were hopefully the same that the process was using). * The previous implementation made some mutations to deleted mapping names (removing the ` (deleted)` suffix). We need to decide whether we still want/need this behavior. In the meantime I commented out a failing test assertion.
When populating the module list on Linux we extract the GNU build ID from each executable. To do so we first
mmap()the entire file in the process writing the minidump and then extract the data from there. This has a couple of important drawbacks:mmap()may fail on 32-bit hosts, we've also seen this happen in 32-bit builds of Firefox.We could avoid all these issues by reading the ELF headers directly from the process we're dumping.
goblinsupports parsing an ELF file lazily, though one has to do it manually (see this example).The text was updated successfully, but these errors were encountered: