首页 > 其他分享 >[20240920]跟踪library cache lock library cache pin使用gdb.txt

[20240920]跟踪library cache lock library cache pin使用gdb.txt

时间:2024-09-22 20:45:10浏览次数:8  
标签:pin -- lock cache library mode address

[20240920]跟踪library cache lock library cache pin使用gdb.txt

--//前一阵子,写的使用gdb跟踪library cache lock library cache pin的脚本有一个小问题,无法获得lock address以及pin address
--//地址,有一点点小缺陷,尝试修改完善看看。

--//按照https://nenadnoveljic.com/blog/tracing-library-cache-locks/介绍:
In order to close this gap I, first, examined the following two Oracle C functions on the release 19.6.0.0.200114:
kgllkal and kglGetSO.

kgllkal allocates a library cache lock. It receives the following arguments:

rdx: handle address
rcx: lock mode

Further, it calls kglGetSO to allocate the library cache state object. kglGetSO returns the lock address.
--//按照介绍调用kglGetSO返回lock address.我猜测 library cache pind的pin地址也是类似的情况。

$ ./lookup.awk kglGetSO
kglGetSO : kernel generic library cache management get state object

--//如何使用gdb实现,自己尝试看看。

--//仔细看链接https://nenadnoveljic.com/blog/tracing-library-cache-locks/
pid$target:oracle:kglGetSO:return
/ self->kglGetSO /
{
  printf("\n");
  printf("KGLLKHDL KGLLKMOD KGLLKADR\n");
  printf("-------- -------- --------\n");
  printf("%X %8d %X\n" , self->kgllkhdl, self->kgllkmod, arg1 );
  printf("\n");
  printf("==========================\n");
  printf("\n");
  self->kglGetSO = 0;
}
--//dtrace可以设置在kglGetSO return获取arg1就是KGLLKADR,gdb如何实现呢?想起测试学习使用的方法,建立一个过程lcp加入sleep 3600,
--//先执行它,然后打开另外一个会话编译它,就会出现library cache pin,再打开另外的会话编译它,就会出现library cache lock,使用它
--//测试看看。

1.环境:
SCOTT@book01p> @ver2
==============================
PORT_STRING                   : x86_64/Linux 2.4.xx
VERSION                       : 21.0.0.0.0
BANNER                        : Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
BANNER_FULL                   : Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
BANNER_LEGACY                 : Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
CON_ID                        : 0
PL/SQL procedure successfully completed.

SYS@book> @ sed "library cache pin"
SYS@book> @ pr
==============================
SED_EVENT#                    : 375
SED_NAME                      : library cache pin
SED_WAIT_CLASS                : Concurrency
SED_P1                        : handle address
SED_P2                        : pin address
SED_P3                        : 100*mode+namespace
SED_EQ_NAME                   :
SED_REQ_REASON                :
SED_REQ_DESCRIPTION           :
PL/SQL procedure successfully completed.
--//library cache lock类似

--//grant execute on sys.dbms_lock to scott;
create procedure lcp
is
begin
sys.dbms_lock.sleep(3600);
end;
/

2.测试1:
--//session 1:
SCOTT@book01p(412,5770)> exec lcp

--//session 2:
SCOTT@book01p(148,4168)> set timing on
SCOTT@book01p(148,4168)> alter procedure lcp compile;
--//挂起!!

SYS@book> @ ashtop event,p1hex,p2hex,p2,p3hex  1=1 &10s
    Total                                                                                                                                                                       Distinct Distinct    Distinct
  Seconds     AAS %This   EVENT                                      P1HEX             P2HEX                     P2 P3HEX             FIRST_SEEN          LAST_SEEN           Execs Seen  Tstamps Execs Seen1
--------- ------- ------- ------------------------------------------ ----------------- ----------------- ---------- ----------------- ------------------- ------------------- ---------- -------- -----------
       10     1.0   83% | library cache pin                           00000000635F4DA0  000000006C0DCDD8 1812843992  00012A0300010003 2024-09-20 16:59:23 2024-09-20 16:59:32          1       10           1
        2      .2   17% |                                                                                         0                   2024-09-20 16:59:23 2024-09-20 16:59:31          1        2           2
--//出现library cache pin等待事件,P1hex=00000000635F4DA0就是对象句柄。
$ source ext_kglobj.sh 00000000635F4DA0
(gdb) 0x635f4f68:       "LCPSCOTTBOOK01P"
(gdb) quit
--//使用我前面写的抽取对象脚本ext_kglobj.sh,可以发现就是对象lcp。中断上面的执行。

3.编写脚本如下:
$ cat lkpn.gdb2
set pagination off
set logging file /tmp/lkpn.log
set logging overwrite on
set logging on
set $lk  = 0
set $pn  = 0
set $lock  = 0

#break kglpnal if $rcx==3
break kglpnal if ($rcx=3 && $rdx=0x00000000635F4DA0)
commands
 silent
 printf "kglpnal count %02d -- handle address: %016x, mode: %d ", ++$pn ,$rdx ,$rcx
 echo kglnaobj address:
 x/s $rdx+0x1c8
 c
 end

break kglGetSO
commands
 silent
 finish
end

--//注:设置断点在句柄$rdx=0x00000000635F4DA0,kglGetSO执行最后是finish,这样停止在该函数kglGetSO的返回。

4.继续测试:
--//session 2:
SCOTT@book01p(148,4168)> @ spid
       SID    SERIAL# PROCESS                  SERVER    SPID                               PID  P_SERIAL# C50
---------- ---------- ------------------------ --------- ------------------------------ ------- ---------- --------------------------------------------------
       148       4168 5283                     DEDICATED 5285                                69         14 alter system kill session '148,4168' immediate;
--//获得session 2的spid=5285。
--//window 1:
$ rlgdb -f -p 5285 -x lkpn.gdb2
...
/usr/src/debug/glibc-2.17-c758a686/sysdeps/unix/syscall-template.S:81:3374:beg:0x7f35cf359480
Breakpoint 1 at 0x1536c020
Breakpoint 2 at 0x1536f9c0

--//重复前面的测试:
--//window 1,不停按c继续,直到出现:
(gdb) c
Continuing.
0x0000000015367fbe in kgllkal ()
(gdb) c
Continuing.
0x0000000015367fbe in kgllkal ()
(gdb) c
Continuing.
0x000000001536c16a in kglpnal ()
(gdb) c
....
(gdb) c
Continuing.
kglpnal count 01 -- handle address: 00000000635f4da0, mode: 3 kglnaobj address:0x635f4f68:      "LCPSCOTTBOOK01P"
0x000000001536c16a in kglpnal ()

--//session 3:
SYS@book> @ ashtop event,p1hex,p2hex,p2,p3hex  1=1 &10s

    Total                                                                                                                                                                       Distinct Distinct    Distinct
  Seconds     AAS %This   EVENT                                      P1HEX             P2HEX                     P2 P3HEX             FIRST_SEEN          LAST_SEEN           Execs Seen  Tstamps Execs Seen1
--------- ------- ------- ------------------------------------------ ----------------- ----------------- ---------- ----------------- ------------------- ------------------- ---------- -------- -----------
       10     1.0   77% |                                                                                         1                   2024-09-20 18:00:02 2024-09-20 18:00:11          1       10           1
        3      .3   23% |                                                                                         0                   2024-09-20 18:00:03 2024-09-20 18:00:08          1        2           2

--//没有获得相应等待事件。

--//window 1:
(gdb) c
Continuing.
kglpnal count 01 -- handle address: 00000000635f4da0, mode: 3 kglnaobj address:0x635f4f68:      "LCPSCOTTBOOK01P"
0x000000001536c16a in kglpnal ()
--//现在停在函数kglGetSO的返回处。记住停止在地址:0x000000001536c16a

(gdb) info regi
rax            0x6c09abb8       1812573112
rbx            0x0      0
rcx            0x71fa9128       1912246568
rdx            0x6c09abb8       1812573112
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rsi            0x71fbca40       1912326720
rdi            0x3      3
rbp            0x7ffd091a1540   0x7ffd091a1540
rsp            0x7ffd091a1120   0x7ffd091a1120
r8             0x7f35d2e33570   139869148099952
r9             0x6fb37c20       1874033696
r10            0x76c84268       1992835688
r11            0x3      3
r12            0x6c297cc8       1814658248
r13            0x7f35d2dee060   139869147816032
r14            0x635f4da0       1667190176
r15            0x3      3
rip            0x1536c16a       0x1536c16a <kglpnal+330>
eflags         0x246    [ PF ZF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

(gdb) c
Continuing.
Program received signal SIGUSR2, User defined signal 2.
0x00007f35cee68fca in semtimedop () at ../sysdeps/unix/syscall-template.S:81
/usr/src/debug/glibc-2.17-c758a686/sysdeps/unix/syscall-template.S:81:3374:beg:0x7f35cee68fca

--//session 3:
SYS@book> @ ashtop event,p1hex,p2hex,p2,p3hex  1=1 &10s

    Total                                                                                                                                                                       Distinct Distinct    Distinct
  Seconds     AAS %This   EVENT                                      P1HEX             P2HEX                     P2 P3HEX             FIRST_SEEN          LAST_SEEN           Execs Seen  Tstamps Execs Seen1
--------- ------- ------- ------------------------------------------ ----------------- ----------------- ---------- ----------------- ------------------- ------------------- ---------- -------- -----------
        9      .9   64% |                                                                                         1                   2024-09-20 18:02:13 2024-09-20 18:02:22          2        9           2
        2      .2   14% | library cache pin                           00000000635F4DA0  000000006C09ABB8 1812573112  00012A0300010003 2024-09-20 18:02:21 2024-09-20 18:02:22          1        2           1
        2      .2   14% |                                                                                         0                   2024-09-20 18:02:14 2024-09-20 18:02:17          1        2           2
--//P2hex=000000006C09ABB8,正好是前面rdx=0x6c09abb8对上,实际上这个就是pin address地址。
--//p3hex=00012A0300010003,100*mode+namespace,这里稍微有点不同,前面8位,00012A03 = 76291对应lcp的object_id.
--//mode=0003,namespace=0001。

SCOTT@book01p> @ o2 lcp
owner object_name object_type SEG_PART_NAME status      OID D_OID CREATED             LAST_DDL_TIME
----- ----------- ----------- ------------- --------- ----- ----- ------------------- -------------------
SCOTT LCP         PROCEDURE                 VALID     76291       2024-08-18 11:51:35 2024-09-21 12:07:05

SYS@book> @nmsp  procedure -1
@ nmsp table -1
@ nmsp '' 74  or @ nmsp '' 0x4a|x4a
KGLSTDSC        KGLSTIDN KGLSTIDN_HEX
--------------- -------- ------------
TABLE/PROCEDURE        1 1

--//有了前面的信息,改写脚本如下:
$ cat  lkpn.gdb2
set pagination off
set logging file /tmp/lkpn.log
set logging overwrite on
set logging on
set $lk  = 0
set $pn  = 0
set $lock  = 0

#break kgllkal if $rcx==3
#break kgllkal if ( $rcx==3 && $rdx==0x00000000670C9E58 )
#break kgllkal if $rdx==0x00000000670C9E58
break kgllkal
condition 1
 commands
 silent
 printf "kgllkal count %02d -- handle address: %016x, mode: %d ", ++$lk ,$rdx ,$rcx
 echo kglnaobj address:
 x/s $rdx+0x1c8
 c
 end

#break kglpnal if $rcx==3
#break kglpnal if $rdx==0x00000000635F4DA0
break kglpnal
commands
 silent
 printf "kglpnal count %02d -- handle address: %016x, mode: %d ", ++$pn ,$rdx ,$rcx
 echo kglnaobj address:
 x/s $rdx+0x1c8
 c
 end

#break kglGetSO
#commands
# silent
# finish
#end

break *0x0000000015367fbe
commands
 silent
 printf "kglGetS0 return lock address : %016x\n", $rdx
 c
end

break *0x1536c16a
commands
 silent
 printf "kglGetS0 return pin address : %016x\n", $rdx
 c
end
--//注:调用kgllkal在调用kglGetS0的返回停止在0x15367fbe地址时,对应寄存器rdx的就是lock地址(猜测)。

4.继续测试,验证lock address是否正确。
--//session 3,再打开新的会话:
SCOTT@book01p(272,12390)> @spid
       SID    SERIAL# PROCESS                  SERVER    SPID                               PID  P_SERIAL# C50
---------- ---------- ------------------------ --------- ------------------------------ ------- ---------- --------------------------------------------------
       272      12390 6427                     DEDICATED 6429                                70         20 alter system kill session '272,12390' immediate;

--//window 1:
$ rlgdb -f -p 6429 -x lkpn.gdb2
...
/usr/src/debug/glibc-2.17-c758a686/sysdeps/unix/syscall-template.S:81:3374:beg:0x7f931703e480
Breakpoint 1 at 0x15367e90
Breakpoint 2 at 0x1536c020
Breakpoint 3 at 0x15367fbe
Breakpoint 4 at 0x1536c16a
(gdb) c

--//重复前面的测试,只不过这次是3个会话。

--//session 1:
SCOTT@book01p(412,5770)> exec lcp

--//session 2:
SCOTT@book01p(148,4168)> set timing on
SCOTT@book01p(148,4168)> alter procedure lcp compile;
--//挂起!!

--//session 4:
SCOTT@book01p(272,12390)> set timing on
SCOTT@book01p(272,12390)> alter procedure lcp compile;
--//挂起!!

--//window 1:
(gdb) c
Continuing.
kgllkal count 01 -- handle address: 0000000063cb7b20, mode: 1 kglnaobj address:0x63cb7ce8:      "alter procedure lcp compile"
kglGetS0 lock address : 0000000063634090
kgllkal count 02 -- handle address: 000000006134f840, mode: 1 kglnaobj address:0x6134fa08:      ""
kglGetS0 lock address : 00000000610c6b90
kglpnal count 01 -- handle address: 000000006134f840, mode: 3 kglnaobj address:0x6134fa08:      ""
kglGetS0 pin address : 00000000610c6d70
kgllkal count 03 -- handle address: 00000000702d5908, mode: 2 kglnaobj address:0x702d5ad0:      "bookSYSCDB$ROOT"
kglGetS0 lock address : 00000000610c6c80
kgllkal count 04 -- handle address: 000000006b97c9f8, mode: 2 kglnaobj address:0x6b97cbc0:      "1073777561SYSCDB$ROOT"
kglGetS0 lock address : 0000000063633eb0
kgllkal count 05 -- handle address: 0000000069c6b610, mode: 1 kglnaobj address:0x69c6b7d8:      "e985fc239b919877f25909e8f398a456Child:2BOOK01P"
kglGetS0 lock address : 0000000063633dc0
kglpnal count 02 -- handle address: 0000000069c6b610, mode: 3 kglnaobj address:0x69c6b7d8:      "e985fc239b919877f25909e8f398a456Child:2BOOK01P"
kglGetS0 pin address : 00000000610c6aa0
kgllkal count 06 -- handle address: 0000000060d45130, mode: 1 kglnaobj address:0x60d452f8:      "SCOTTBOOK01P"
kglGetS0 lock address : 0000000063633dc0
kgllkal count 07 -- handle address: 00000000702d5908, mode: 2 kglnaobj address:0x702d5ad0:      "bookSYSCDB$ROOT"
kglGetS0 lock address : 00000000610c6d70
kgllkal count 08 -- handle address: 000000006b97c9f8, mode: 2 kglnaobj address:0x6b97cbc0:      "1073777561SYSCDB$ROOT"
kglGetS0 lock address : 00000000610c6c80
kglpnal count 03 -- handle address: 00000000697c1220, mode: 2 kglnaobj address:0x697c13e8:      "DATABASESYSBOOK01P"
kglGetS0 pin address : 00000000610c6d70
kglpnal count 04 -- handle address: 00000000697c1220, mode: 2 kglnaobj address:0x697c13e8:      "DATABASESYSBOOK01P"
kglGetS0 pin address : 00000000610c6d70
kgllkal count 09 -- handle address: 0000000067570378, mode: 1 kglnaobj address:0x67570540:      "LOGMNRGGC_TRIGGERSYSBOOK01P"
kglGetS0 lock address : 00000000610c6c80
kglpnal count 05 -- handle address: 0000000067570378, mode: 2 kglnaobj address:0x67570540:      "LOGMNRGGC_TRIGGERSYSBOOK01P"
kglGetS0 pin address : 0000000063633eb0
kgllkal count 10 -- handle address: 00000000674b5f50, mode: 1 kglnaobj address:0x674b6118:      "NO_VM_DDLWMSYSBOOK01P"
kglGetS0 lock address : 00000000610c6c80
kglpnal count 06 -- handle address: 00000000674b5f50, mode: 2 kglnaobj address:0x674b6118:      "NO_VM_DDLWMSYSBOOK01P"
kglGetS0 pin address : 0000000063633eb0
kgllkal count 11 -- handle address: 0000000066fe8790, mode: 1 kglnaobj address:0x66fe8958:      "LBAC$BEFORE_ALTERLBACSYSBOOK01P"
kglGetS0 lock address : 00000000610c6c80
kglpnal count 07 -- handle address: 0000000066fe8790, mode: 2 kglnaobj address:0x66fe8958:      "LBAC$BEFORE_ALTERLBACSYSBOOK01P"
kglGetS0 pin address : 0000000063633eb0
kgllkal count 12 -- handle address: 00000000635f4da0, mode: 1 kglnaobj address:0x635f4f68:      "LCPSCOTTBOOK01P"
kglGetS0 lock address : 00000000610c6d70
kgllkal count 13 -- handle address: 00000000635f4da0, mode: 3 kglnaobj address:0x635f4f68:      "LCPSCOTTBOOK01P"
kglGetS0 lock address : 00000000610c6d70
--//对象LCPSCOTTBOOK01P ,session 4先调用kgllkal mode=1,因为session 2出现library cache pin的mode=3,无法获取,出现
--//library cache lock等待事件,mode=3.
Program received signal SIGUSR2, User defined signal 2.
0x00007f9316b4dfca in semtimedop () at ../sysdeps/unix/syscall-template.S:81
/usr/src/debug/glibc-2.17-c758a686/sysdeps/unix/syscall-template.S:81:3374:beg:0x7f9316b4dfca
--//进入休眠,每3秒探测1次。

SYS@book> @ ashtop event,p1hex,p2hex,p2,p3hex  1=1 &10s
    Total                                                                                                                                                                       Distinct Distinct    Distinct
  Seconds     AAS %This   EVENT                                      P1HEX             P2HEX                     P2 P3HEX             FIRST_SEEN          LAST_SEEN           Execs Seen  Tstamps Execs Seen1
--------- ------- ------- ------------------------------------------ ----------------- ----------------- ---------- ----------------- ------------------- ------------------- ---------- -------- -----------
       10     1.0   48% | library cache lock                          00000000635F4DA0  00000000610C6D70 1628204400  00012A0300010003 2024-09-20 18:22:19 2024-09-20 18:22:28          1       10           1
       10     1.0   48% | library cache pin                           00000000635F4DA0  000000006198F7B0 1637414832  00012A0300010003 2024-09-20 18:22:19 2024-09-20 18:22:28          1       10           1
        1      .1    5% |                                                                                         0                   2024-09-20 18:22:20 2024-09-20 18:22:20          1        1           1
--//可以发现等待事件library cache lock的P2的信息完全可以对上。

5.简单小结:

--//通过调用kglGetSO的返回获得library cache lock/library cache pin的lock pin address。
--//gdb不知道如何写在kglGetSO的返回处获得相应地址,只能使用硬代码获得相应寄存器信息,那位知道gdb如何写。

标签:pin,--,lock,cache,library,mode,address
From: https://www.cnblogs.com/lfree/p/18425834

相关文章

  • pyautogui+PixPin 用来长截图简直太easy了!
    最近要做几百个样式统一的网页的长截图,试了python+selenium,总是搞不定扫码登录,时间比较赶,就想看看直接使用截图软件手动做,截了几十个实在受不了了~~~~o(>_<)o~~。于是又全网搜python直接操作windows的解决方案,终于发现了pyautgui这个能满足需求的神器。先上官网pyautoguigithu......
  • 了解 React Cache 功能
    随着react生态系统的不断扩大,优化数据获取的更强大的工具之一就是缓存功能。此内置功能允许您执行许多操作,例如有效管理和存储服务器数据、减少冗余网络请求以及提高整体应用程序性能。在本文中,我们将了解react中的缓存功能、它的好处以及如何使用它。什么是react缓存功......
  • Spring Cache的使用
    一、简介1.SpringCache是Spring提供的一个缓存框架,在Spring3.1版本开始支持将缓存添加到现有的spring应用程序中,在4.1开始,缓存已支持JSR-107注释和更多自定义的选项。1.SpringCache利用了**AOP**,实现了基于注解的缓存功能,并且进行了合理的抽象,业务代码不用关心底层是使用......
  • php8:开启opcache和JIT(php 8.3.9)
    一,配置文件中的项:opcache.enable=1opcache.enable_cli=0opcache.memory_consumption=128opcache.max_accelerated_files=10000opcache.revalidate_freq=240opcache.save_comments=0opcache.error_log=/data/logs/phplogs/opache_error.logopcache.enable=1    #......
  • 在 deepin 上除了 Steam,还能怎么玩游戏?
    查看原文前段时间,很多朋友在deepin23上实现了《黑神话:悟空》的通关,那么除了通过Steam玩Windows游戏之外,还有其他可以使用的游戏平台吗?回答,当然是可以哒!游戏平台介绍今天介绍的是HeroicGamesLauncher,这是我目前用的最多的一个工具,支持Epic、GOG和Amazon平台......
  • spring @cacheable 注解使用spel表达式
    这里主要讲一下复杂的spel表达式,简单的不写了解析集合集合需要先自定义一个方法,比如getAuthorsName,然后在注解里通过root.target.getAuthorsName把方法引用进去publicclassBookService{publicStringgetAuthorsName(List<Author>authors){returnauthors.s......
  • CMPINF 0401 Intermediate Programming
    CMPINF0401IntermediateProgrammingAssignment1Topics:Reviewofexpressions,conditions,loopsandI/OOnline:Wednesday,September4,2024Due:Allsource(.java)filesandacompletedAssignmentInformationSheetzippedintoasinglefileandsubmit......
  • happiness(栈)
    happiness(栈)//happiness#include<stdio.h>#include<stdlib.h>#defineMAX_N100000//函数声明intmax_happiness(intn,intw[]);intmain(){ intn; //输入物品数量 scanf("%d",&n); //输入每个物品的满意度 intw[MAX_N]; for(inti=......
  • 易优eyoucms网站报错 \core\library\think\App.php Fatal error: Call to undefin
    当你遇到 Fatalerror:Calltoundefinedfunctionthink\switch_citysite() 这样的错误时,说明在代码中调用了一个未定义的函数 think\switch_citysite()。这种情况通常是因为函数没有被正确地引入或者该函数根本不存在于当前的代码库中。解决方案确认函数的存在检查 s......
  • 易优eyoucms网站详情页报错报错 \core\library\think\Loader.php 类不存在:app\co
    类不存在:app\common\model\Pic,这个错误表明PHP无法找到类 app\common\model\Pic。这通常是因为类文件未被正确加载或命名空间配置不正确导致的。以下是一些可能的解决步骤:1.确认类文件路径确保类文件 Pic 的路径正确并且文件存在。检查文件路径确认 app\common\model......