If you've attempted to run crash against live system with recent Rawhide kernel that doesn't ship the crash driver, but uses /dev/mem to access memory, you've probably failed, getting an error message similar to this:
crash: read error: kernel virtual address: c0abb600 type: "xtime"
That's because for some unknown reason /dev/mem is limited to first 256 pages. Until this is fixed upstream, here's a simple SystemTap script that tricks the range-checking routine into thinking that our access is not beyond the 256-page boundary:
probe kernel.function("devmem_is_allowed")
{
$pagenr = 0;
}
It modifies a local variable, so it has to be run in Guru mode:
[root@bimbo stap]# stap -g devmem.stp
Voila, crash works.
Source code to the entries and scripts that format this site are available on github. Text of journal entries is licensed under CC-BY-SA license.
Mail questions, comments and pizza to lkundrak@v3.sk