How to find stack memory segments in newer Linux kernels
I have a small library that writes a "thin kernel" that only contains information about the stack (and the necessary other bits for a valid kernel), but does not contain any heap. This isn't always useful, but the kernel is much smaller than the full kernel, and sometimes people don't want to provide the contents of their heap.
This library worked when reading /proc/<PID>/maps
and searching for segments [stack]
and [stack:<tid>]
(there are many threads in this process). For example, I would see the output like this:
...
7fe848000000-7fe848021000 rw-p 00000000 00:00 0
7fe848021000-7fe84c000000 ---p 00000000 00:00 0
7fe84c1ff000-7fe84c200000 ---p 00000000 00:00 0
7fe84c200000-7fe84ca00000 rw-p 00000000 00:00 0 [stack:25672]
7fe84ca00000-7fe84cc00000 rw-p 00000000 00:00 0
7fe84cdff000-7fe84ce00000 ---p 00000000 00:00 0
7fe84ce00000-7fe84d600000 rw-p 00000000 00:00 0 [stack:25534]
7fe84d600000-7fe84d800000 rw-p 00000000 00:00 0
7fe84d9ff000-7fe84da00000 ---p 00000000 00:00 0
7fe84da00000-7fe84e200000 rw-p 00000000 00:00 0 [stack:25532]
7fe84e200000-7fe84e600000 rw-p 00000000 00:00 0
7fe84e7fd000-7fe84e7fe000 ---p 00000000 00:00 0
7fe84e7fe000-7fe84effe000 rw-p 00000000 00:00 0 [stack:25531]
7fe84effe000-7fe84efff000 ---p 00000000 00:00 0
7fe84efff000-7fe84f7ff000 rw-p 00000000 00:00 0 [stack:25530]
7fe84f7ff000-7fe84f800000 ---p 00000000 00:00 0
7fe84f800000-7fe850000000 rw-p 00000000 00:00 0 [stack:25529]
7fe850000000-7fe850021000 rw-p 00000000 00:00 0
7fe850021000-7fe854000000 ---p 00000000 00:00 0
7fe854000000-7fe854400000 rw-p 00000000 00:00 0
7fe8545ff000-7fe854600000 ---p 00000000 00:00 0
...
7fff5ce1d000-7fff5ce3e000 rw-p 00000000 00:00 0 [stack]
...
etc .. This works great on older Linux kernels such as 3.5 (Ubuntu 12.04) and 3.13 (Ubuntu 14.04).
However, with newer kernels (e.g. 4.4 from Ubuntu 16.04), the file /proc/<PID>/maps
no longer contains any entries for the stack segments in the stream. I only see the main stack [stack]
; all memory segments that look like they could be stack segments have an empty path.
This means that my "thin cores" are too thin and only the main flow is provided.
I've tried /proc/<PID>/smaps
looking into newer kernels, and I can't seem to find a way to figure out which segments are thread-specific and which are not in the newer, more limited format.
Also I checked the procfs (5) man page and it still displays the format [stack:<tid>]
as something I should see, but I can't see it ...
Does anyone have any ideas on which this information came and can I infer from any other information available?
source to share
I haven't found a real solution to this problem. For posterity, I will describe what I did in the short term: I got the size of my stream using pthread_attr_getstacksize()
, then when I scanned the unnamed memory segments to decide what to write to the thin kernel, I saved the segments that were that exact size and ignored the rest.
It's a pretty dodgy heuristic, but it was all I could think of and it seems to work so far beyond my limited testing.
I still hope someone provides a more robust / reliable alternative.
source to share