Provided by: makedumpfile_1.6.5-1ubuntu1~18.04.7_amd64 
NAME
makedumpfile.conf - The filter configuration file for makedumpfile(8).
DESCRIPTION
The makedumpfile.conf is a configuration file for makedumpfile tool. makedumpfile.conf
file contains the erase commands to filter out desired kernel data from the vmcore while
creating DUMPFILE using makedumpfile tool. makedumpfile reads the filter config and
builds the list of memory addresses and its sizes after processing filter commands. The
memory locations that require to be filtered out are then poisoned with character X (58 in
Hex).
FILE FORMAT
The file consists of module sections that contains filter commands. A section begins with
the name of the section in square brackets and continues until the next section begins.
"["<ModuleName>"]"
<FilterCommands>
where
"[" is the character [
"]" is the character ]
<ModuleName>
is either 'vmlinux' or name of a Linux kernel module.
<FilterCommands>
is a list of one or more filter commands as described in the section FILTER
COMMANDS of this manual page.
The section name indicates a kernel module name (including vmlinux) where the symbols
specified in subsequent erase commands belong to. The unnamed section defaults to
[vmlinux] section. However, a user can also explicitly define [vmlinux] section. The
sections help makedumpfile tool to select appropriate kernel or module debuginfo file
before processing the subsequent erase commands. Before selecting appropriate debuginfo
file, the module name is validated against the loaded modules from the vmcore. If no match
is found, then the section is ignored and makedumpfile skips to the next module section.
If match is found, then makedumpfile will try to load the corresponding module debuginfo
file. If module debuginfo is not available then, makedumpfile will skip the section with a
warning message.
FILTER COMMANDS
filter command
A filter command is either an erase command or a loop construct. Each erase command and
loop construct must start with a new line. Each filter command describes data in the dump
to be erased. Syntax:
<EraseCommands>|<LoopConstruct>
where
<EraseCommands>
Described in the subsection erase command of this manual page.
<LoopConstruct>
Described in the subsection Loop construct of this manual page.
erase command
Erase specified size of a kernel data referred by specified kernel/module symbol or its
member component. The erase command syntax is:
erase <Symbol>[.member[...]] [size <SizeValue>[K|M]]
erase <Symbol>[.member[...]] [size <SizeSymbol>]
erase <Symbol>[.member[...]] [nullify]
where
<Symbol>
A kernel or module symbol (variable) name that is part of global symbols
/proc/kallsyms.
<SizeValue>
A positive integer value as a size of the data in bytes to be erased. The suffixes
'K' and 'M' can be used to specify kilobytes and Megabytes respectively where, K
means 1024 bytes and M means 1024 ^ 2 = 1048576 bytes. The suffixes are not case
sensitive.
<SizeSymbol>
A simple expression of the form <Symbol>[.member[...]] that denotes a symbol which
contains a positive integer value as a size of the data in bytes to be erased.
<Symbol>[.member[...]]
A simple expression that results into either a global kernel symbol name or its
member components. The expression always uses '.' operator to specify the member
component of kernel symbol or its member irrespective of whether it is of pointer
type or not.
member[...]
Member or component of member in <Symbol>.
The erase command takes two arguments 1. kernel symbol name or its member components and
2. size of the data referred by argument (1) OR nullify keyword. The second argument size
OR nullify is optional. The unit for size value is in bytes. If size option is not
specified then the size of the first argument is determined according to its data type
using dwarf info from debuginfo file. In case of 'char *' data type, the length of string
pointed by 'char *' pointer is determined with an upper limit of 1024. The size can be
specified in two forms 1. a integer value as explained above (<SizeValue>) and 2. a
simple expression in the form of <Symbol>[.member[...]]] that results into base type
(integer) variable.
If the specified <Symbol> is of type 'void *', then user needs to provide either size or
nullify option, otherwise the erase command will not have any effect.
The nullify option only works if specified <Symbol> is a pointer. Instead of erasing data
pointed by the specified pointer nullify erases the pointer value and set it to '0'
(NULL). Please note that by nullifying the pointer values may affect the debug ability of
created DUMPFILE. Use the nullify option only when the size of data to be erased is not
known. e.g. data pointed by 'void *'.
Let us look at the makedumpfile.conf file from the example below which was configured to
erase desired kernel data from the kernel module with name mymodule. At line 1 and 3, the
user has not specified size option while erasing 'array_var' and 'mystruct1.name' symbols.
Instead the user depends on makedumpfile to automatically determine the sizes to be erased
i.e 100 bytes for 'array_var' and 11 bytes for 'mystruct1.name'. At line 2, while erasing
the 'mystruct1.buffer' member the user has specified the size value 25 against the actual
size of 50. In this case the user specified size takes the precedence and makedumpfile
erases only 25 bytes from ´mystruct1.buffer'. At line 4, the size of the data pointed by
void * pointer 'mystruct1.addr' is unknown. Hence the nullify option has been specified to
reset the pointer value to NULL. At line 5, the ´mystruct2.addr_size' is specified as size
argument to determine the size of the data pointed by void * pointer 'mystruct2.addr'.
Example:
Assuming the following piece of code is from kernel module 'mymodule':
struct s1 {
char *name;
void *addr1;
void *addr2;
char buffer[50];
};
struct s2 {
void *addr;
long addr_size;
};
/* Global symbols */
char array_var[100];
struct s1 mystruct1;
struct s2 *mystruct2;
int foo()
{
...
s1.name = "Hello World";
...
}
makedumpfile.conf:
[mymodule]
erase array_var
erase mystruct1.buffer size 25
erase mystruct1.name
erase mystruct1.addr1 nullify
# Assuming addr2 points to 1024 bytes
erase mystruct1.addr2 size 1K
erase mystruct2.addr size mystruct2.addr_size
EOF
Loop construct
A Loop construct allows the user to traverse the linked list or array elements and erase
the data contents referred by each element.
for <id> in {<ArrayVar> |
<StructVar> via <NextMember> |
<ListHeadVar> within <StructName>:<ListHeadMember>}
erase <id>[.MemberExpression] [size <SizeExpression>|nullify]
[erase <id>...]
[...]
endfor
where
<id> Arbitrary name used to temporarily point to elements of the list. This is also
called iteration variable.
<ArrayVar>
A simple expression in the form of <Symbol>[.member[...]] that results into an
array variable.
<StructVar>
A simple expression in the form of <Symbol>[.member[...]] that results into a
variable that points to a structure.
<NextMember>
Member within <StructVar> that points to an object of same type that of
<StructVar>.
<ListHeadVar>
A simple expression in the form of <Symbol>[.member[...]] that results into a
variable of type struct list_head.
<StructName>
Name of the structure type that can be traversed using HEAD variable <ListHeadVar>
and contains a member named <ListHeadMember>.
<ListHeadMember>
Name of a member in <StructName>, of type struct list_head.
<MemberExpression>
A simple expression in the form of [.member[...]] to specify a member or component
of an element in <ArrayVar>, <StructVar> or <StructName>.
<SizeExpression>
Size value in the form of <SizeValue>, <id>[.MemberExpression] or
<Symbol>[.member[...]].
The for loop construct allows to iterate on list of elements in an array or linked lists.
Each element in the list is assigned to iteration variable <id>. The type of the iteration
variable is determined by that of the list elements. The entry specified after 'in'
terminal is called LIST entry. The LIST entry can be an array variable, structure
variable/pointer or a struct list_head type variable. The set of erase commands specified
between for and endfor, will be executed for each element in the LIST entry.
If the LIST entry specified is an array variable, then the loop will be executed for each
array element. The size of the array will be determined by using dwarf information.
If the LIST entry specified is a structure variable/pointer, then a traversal member
(<NextMember>) must be specified using 'via' terminal. The for loop will continue until
the value of traversal member is NULL or matches with address of the first node
<StructVar> if it is a circular linked list.
If the LIST entry is specified using a struct list_head type variable, then within
terminal must be used to specify the structure name <StructName> that is surrounding to it
along with the struct list_head type member after ':' which is part of the linked list. In
the erase statement <id> then denotes the structure that the list_head is contained in
(ELEMENT_OF).
The below example illustrates how to use loop construct for traversing Array, linked list
via next member and list_head.
Example:
Assuming following piece of code is from kernel module 'mymodule':
struct s1 {
struct *next;
struct list_head list;
char private[100];
void *key;
long key_size;
};
/* Global symbols */
struct s1 mystruct1;
static LIST_HEAD(s1_list_head);
struct s1 myarray[100];
void foo()
{
struct s1 *s1_ptr;
...
...
s1_ptr = malloc(...);
...
...
list_add(&s1_ptr->list, &s1_list_head);
...
}
makedumpfile.conf:
[mymodule]
# erase private fields from list starting with mystruct1 connected via
# 'next' member:
for mys1 in mystruct1 via next
erase mys1.private
erase mys1.key size mys1.key_size
endfor
# erase private fields from list starting with list_head variable
# s1_list_head.
for mys1 in s1_list_head.next within s1:list
erase mys1.private
erase mys1.key size mys1.key_size
endfor
# erase private fields from all elements of the array myarray:
for mys1 in myarray
erase mys1.private
erase mys1.key size mys1.key_size
endfor
EOF
In the above example, the first for construct traverses the linked list through a
specified structure variable mystruct1 of type struct s1. The linked list can be
traversed using 'next' member of mystruct1. Hence a via terminal has been used to specify
the traversal member name 'next'.
The second for construct traverses the linked list through a specified struct list_head
variable s1_list_head.next. The global symbol s1_list_head is a start address of the
linked list and its next member points to the address of struct list_head type member
'list' from struct s1. Hence a within terminal is used to specify the structure name 's1'
that can be traversed using s1_list_head.next variable along with the name of struct
list_head type member 'list' which is part of the linked list that starts from
s1_list_head global symbol.
The third for construct traverses the array elements specified through a array variable
myarray.
SEE ALSO
makedumpfile(8)