KS2012: Improving tracing and debugging [LWN.net]

By Michael Kerrisk
September 12, 2012

2012 Kernel Summit

Day one of the 2012 Kernel Summit saw a discussion on improving kernel tracing and debugging, led by Jason Wessel and Steven Rostedt. Jason's particular interest was how to get better tracing information from users who send in reports for kernel crashes.

Most of the session focused on Jason's proposal for kernel changes that would allow source line numbers to be displayed as part of the backtrace that is provided in the event of a kernel crash, so as to allow easier diagnosis of the source of the crash. The proposed technique is implemented by including ELF tables with the necessary symbol information in the compiled kernel. With Jason's patches, use of this feature is straightforward: the kernel is configured with CONFIG_KALLSYMS_LINE_LOCATIONS enabled and built with debugging information included. Once that is done, then events such as kernel panics will generate a call trace that includes source file names and line numbers:

    Call to panic() with the patch set
    ----------------------------------
    Call Trace:
     [<ffffffff815f3003>] panic+0xbd/0x14 panic.c:111
     [<ffffffff815f31f4>] ? printk+0x68/0xd printk.c:765
     [<ffffffffa0000175>] panic_write+0x25/0x30 [test_panic] test_panic.c:189
     [<ffffffff8118aa96>] proc_file_write+0x76/0x21 generic.c:226
     [<ffffffff8118aa20>] ? __proc_create+0x130/0x21 generic.c:211
     [<ffffffff81185678>] proc_reg_write+0x88/0x21 inode.c:218
     [<ffffffff81125718>] vfs_write+0xc8/0x20 read_write.c:435
     [<ffffffff811258d1>] sys_write+0x51/0x19 read_write.c:457
     [<ffffffff815f84d9>] ia32_do_call+0x13/0xc ia32entry.S:427

The improved call-tracing information that is provided by these patches would undoubtedly make life somewhat easier for diagnosing the causes of some kernel crashes. However, there is a cost: the memory footprint of the resulting kernel is much larger. During the session, a figure of 20 MB was mentioned, although in a mail that he later sent to the kernel summit discussion list, Jason clarified that the figure was more like 10 MB.

The large increase in kernel memory footprint that results from Jason's technique immediately generated some skepticism on its usefulness. As someone pointed out, such a large increase in kernel size would be unwelcome by users running kernels in cloud-based virtual machines such as Amazon EC2, where the available memory might be limited to (for example) 0.5 GB. Others suggested that it's probably possible to achieve the same result via a suitably built kernel that is loaded by kexec() in the event of a kernel crash. (However, there was some questioning of that idea also, since that technique might also carry a significant memory overhead.)

Linus then weighed in to argue against the proposal altogether. In his view, kernel panics are a small enough part of user bug reports that the cost of this approach is unwarranted; an overhead of something like 1 MB for the increase in memory footprint would be more reasonable, he thought. Linus further opined that one can, with some effort, obtain similar traceback information by loading the kernel into GDB.

Although Jason's proposed patches provide some helpful debugging functionality, the approach met enough negative response that it seems unlikely to be merged in anything like its current form. However, Jason may not be ready to completely give up on the idea yet. In his mail sent soon after the session, he hypothesized about some modifications to his approach that might bring the memory footprint of his feature down to something on the order of 5MB, as well as other approaches that could be employed so that the end user had greater control over when and if this feature was deployed for a running kernel. Thus, it may be that we'll see this idea reappear in a different form at a later date.

(Log in to post comments)

KS2012: Improving tracing and debugging

Posted Sep 13, 2012 21:42 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

since the functionality, speed, race conditions, etc of a CONFIG_KALLSYMS_LINE_LOCATIONS enabled kernel and a normal one are the same, it seems to me that the distros should have both kernels available, boot from the normal one (avoiding any overhead in the normal case, especially for virtual machines), but if someone is running into repeated problems, they can boot from the enabled version and then get the detailed info.

I wouldn't expect anyone to take the time to report a panic unless it's something that is happening repeatedly (and probably something they can trigger fairly reliably), so this approach should cover these situations nicely.

KS2012: Improving tracing and debugging

Posted Sep 14, 2012 15:16 UTC (Fri) by nix (subscriber, #2304) [Link]

Clearly what is needed is a scheme to extract that line-number information and compress it into a (much) smaller representation. This should be perfectly possible, because within one object file line numbers increment fairly smoothly and addresses do too, so the mapping between the two within each .o should be representable with a much smaller number of bits than are required for full-blown addresses.

(Ideally one would gzip the result as well, but this requires ungzipping to be working while oopsing or panicking, which may be too much to hope for.)

KS2012: Improving tracing and debugging

Posted Sep 17, 2012 23:01 UTC (Mon) by aegl (subscriber, #37581) [Link]

Memory constrained systems like phones and tablets may well not want to waste 10MB on getting better diagnostics - especially in the production case where the exact kernel version should be well known to the manufacturer/service provider - so a crash backtrace can be processed offline to reconstruct file/line information.

For development on larger systems (laptops/desktops) ... I'd like to remind people that it is 2012 and RAM costs less than $0.005 per megabyte. So "wasting" 10MB in this way costs less than a nickel. So if you take Linus's suggestion of firing up gdb to help decode things, and you only value your time at baseline USA minimum wage - you'd need to complete your analysis in 25 seconds to come out ahead. And that's assuming that you only look at one stacktrace in the lifetime of the system.

KS2012: Improving tracing and debugging

Posted Oct 5, 2012 12:05 UTC (Fri) by oak (guest, #2786) [Link]

Neither larger distros and Mozilla do this for user-space crashes. The line information is added to the crash data of the stripped code afterwards, by using a non-stripped version of the binary.

This is done either locally or in crash upload service. Here's a description of the Ubuntu service:
https://wiki.ubuntu.com/Apport

I.e. when you strip the kernel, you keep the non-stripped version also around and add CRC for the full one to the stripped kernel you install & boot with, so that the crash "retrace" tool can verify that they match. Debian's dh_strip has script that does this the stripping & CRC adding with objdump.

Distro tools use Gdb for adding the line information, but kernel may need its own tool which developer can user on his own kernel builds.