1==========
2VMCOREINFO
3==========
4
5What is it?
6===========
7
8VMCOREINFO is a special ELF note section. It contains various
9information from the kernel like structure size, page size, symbol
10values, field offsets, etc. These data are packed into an ELF note
11section and used by user-space tools like crash and makedumpfile to
12analyze a kernel's memory layout.
13
14Common variables
15================
16
17init_uts_ns.name.release
18------------------------
19
20The version of the Linux kernel. Used to find the corresponding source
21code from which the kernel has been built. For example, crash uses it to
22find the corresponding vmlinux in order to process vmcore.
23
24PAGE_SIZE
25---------
26
27The size of a page. It is the smallest unit of data used by the memory
28management facilities. It is usually 4096 bytes of size and a page is
29aligned on 4096 bytes. Used for computing page addresses.
30
31init_uts_ns
32-----------
33
34The UTS namespace which is used to isolate two specific elements of the
35system that relate to the uname(2) system call. It is named after the
36data structure used to store information returned by the uname(2) system
37call.
38
39User-space tools can get the kernel name, host name, kernel release
40number, kernel version, architecture name and OS type from it.
41
42(uts_namespace, name)
43---------------------
44
45Offset of the name's member. Crash Utility and Makedumpfile get
46the start address of the init_uts_ns.name from this.
47
48node_online_map
49---------------
50
51An array node_states[N_ONLINE] which represents the set of online nodes
52in a system, one bit position per node number. Used to keep track of
53which nodes are in the system and online.
54
55swapper_pg_dir
56--------------
57
58The global page directory pointer of the kernel. Used to translate
59virtual to physical addresses.
60
61_stext
62------
63
64Defines the beginning of the text section. In general, _stext indicates
65the kernel start address. Used to convert a virtual address from the
66direct kernel map to a physical address.
67
68VMALLOC_START
69-------------
70
71Stores the base address of vmalloc area. makedumpfile gets this value
72since is necessary for vmalloc translation.
73
74mem_map
75-------
76
77Physical addresses are translated to struct pages by treating them as
78an index into the mem_map array. Right-shifting a physical address
79PAGE_SHIFT bits converts it into a page frame number which is an index
80into that mem_map array.
81
82Used to map an address to the corresponding struct page.
83
84contig_page_data
85----------------
86
87Makedumpfile gets the pglist_data structure from this symbol, which is
88used to describe the memory layout.
89
90User-space tools use this to exclude free pages when dumping memory.
91
92mem_section|(mem_section, NR_SECTION_ROOTS)|(mem_section, section_mem_map)
93--------------------------------------------------------------------------
94
95The address of the mem_section array, its length, structure size, and
96the section_mem_map offset.
97
98It exists in the sparse memory mapping model, and it is also somewhat
99similar to the mem_map variable, both of them are used to translate an
100address.
101
102MAX_PHYSMEM_BITS
103----------------
104
105Defines the maximum supported physical address space memory.
106
107page
108----
109
110The size of a page structure. struct page is an important data structure
111and it is widely used to compute contiguous memory.
112
113pglist_data
114-----------
115
116The size of a pglist_data structure. This value is used to check if the
117pglist_data structure is valid. It is also used for checking the memory
118type.
119
120zone
121----
122
123The size of a zone structure. This value is used to check if the zone
124structure has been found. It is also used for excluding free pages.
125
126free_area
127---------
128
129The size of a free_area structure. It indicates whether the free_area
130structure is valid or not. Useful when excluding free pages.
131
132list_head
133---------
134
135The size of a list_head structure. Used when iterating lists in a
136post-mortem analysis session.
137
138nodemask_t
139----------
140
141The size of a nodemask_t type. Used to compute the number of online
142nodes.
143
144(page, flags|_refcount|mapping|lru|_mapcount|private|compound_order|compound_head)
145----------------------------------------------------------------------------------
146
147User-space tools compute their values based on the offset of these
148variables. The variables are used when excluding unnecessary pages.
149
150(pglist_data, node_zones|nr_zones|node_mem_map|node_start_pfn|node_spanned_pages|node_id)
151-----------------------------------------------------------------------------------------
152
153On NUMA machines, each NUMA node has a pg_data_t to describe its memory
154layout. On UMA machines there is a single pglist_data which describes the
155whole memory.
156
157These values are used to check the memory type and to compute the
158virtual address for memory map.
159
160(zone, free_area|vm_stat|spanned_pages)
161---------------------------------------
162
163Each node is divided into a number of blocks called zones which
164represent ranges within memory. A zone is described by a structure zone.
165
166User-space tools compute required values based on the offset of these
167variables.
168
169(free_area, free_list)
170----------------------
171
172Offset of the free_list's member. This value is used to compute the number
173of free pages.
174
175Each zone has a free_area structure array called free_area[NR_PAGE_ORDERS].
176The free_list represents a linked list of free page blocks.
177
178(list_head, next|prev)
179----------------------
180
181Offsets of the list_head's members. list_head is used to define a
182circular linked list. User-space tools need these in order to traverse
183lists.
184
185(vmap_area, va_start|list)
186--------------------------
187
188Offsets of the vmap_area's members. They carry vmalloc-specific
189information. Makedumpfile gets the start address of the vmalloc region
190from this.
191
192(zone.free_area, NR_PAGE_ORDERS)
193--------------------------------
194
195Free areas descriptor. User-space tools use this value to iterate the
196free_area ranges. NR_PAGE_ORDERS is used by the zone buddy allocator.
197
198prb
199---
200
201A pointer to the printk ringbuffer (struct printk_ringbuffer). This
202may be pointing to the static boot ringbuffer or the dynamically
203allocated ringbuffer, depending on when the core dump occurred.
204Used by user-space tools to read the active kernel log buffer.
205
206printk_rb_static
207----------------
208
209A pointer to the static boot printk ringbuffer. If @prb has a
210different value, this is useful for viewing the initial boot messages,
211which may have been overwritten in the dynamically allocated
212ringbuffer.
213
214clear_seq
215---------
216
217The sequence number of the printk() record after the last clear
218command. It indicates the first record after the last
219SYSLOG_ACTION_CLEAR, like issued by 'dmesg -c'. Used by user-space
220tools to dump a subset of the dmesg log.
221
222printk_ringbuffer
223-----------------
224
225The size of a printk_ringbuffer structure. This structure contains all
226information required for accessing the various components of the
227kernel log buffer.
228
229(printk_ringbuffer, desc_ring|text_data_ring|dict_data_ring|fail)
230-----------------------------------------------------------------
231
232Offsets for the various components of the printk ringbuffer. Used by
233user-space tools to view the kernel log buffer without requiring the
234declaration of the structure.
235
236prb_desc_ring
237-------------
238
239The size of the prb_desc_ring structure. This structure contains
240information about the set of record descriptors.
241
242(prb_desc_ring, count_bits|descs|head_id|tail_id)
243-------------------------------------------------
244
245Offsets for the fields describing the set of record descriptors. Used
246by user-space tools to be able to traverse the descriptors without
247requiring the declaration of the structure.
248
249prb_desc
250--------
251
252The size of the prb_desc structure. This structure contains
253information about a single record descriptor.
254
255(prb_desc, info|state_var|text_blk_lpos|dict_blk_lpos)
256------------------------------------------------------
257
258Offsets for the fields describing a record descriptors. Used by
259user-space tools to be able to read descriptors without requiring
260the declaration of the structure.
261
262prb_data_blk_lpos
263-----------------
264
265The size of the prb_data_blk_lpos structure. This structure contains
266information about where the text or dictionary data (data block) is
267located within the respective data ring.
268
269(prb_data_blk_lpos, begin|next)
270-------------------------------
271
272Offsets for the fields describing the location of a data block. Used
273by user-space tools to be able to locate data blocks without
274requiring the declaration of the structure.
275
276printk_info
277-----------
278
279The size of the printk_info structure. This structure contains all
280the meta-data for a record.
281
282(printk_info, seq|ts_nsec|text_len|dict_len|caller_id)
283------------------------------------------------------
284
285Offsets for the fields providing the meta-data for a record. Used by
286user-space tools to be able to read the information without requiring
287the declaration of the structure.
288
289prb_data_ring
290-------------
291
292The size of the prb_data_ring structure. This structure contains
293information about a set of data blocks.
294
295(prb_data_ring, size_bits|data|head_lpos|tail_lpos)
296---------------------------------------------------
297
298Offsets for the fields describing a set of data blocks. Used by
299user-space tools to be able to access the data blocks without
300requiring the declaration of the structure.
301
302atomic_long_t
303-------------
304
305The size of the atomic_long_t structure. Used by user-space tools to
306be able to copy the full structure, regardless of its
307architecture-specific implementation.
308
309(atomic_long_t, counter)
310------------------------
311
312Offset for the long value of an atomic_long_t variable. Used by
313user-space tools to access the long value without requiring the
314architecture-specific declaration.
315
316(free_area.free_list, MIGRATE_TYPES)
317------------------------------------
318
319The number of migrate types for pages. The free_list is described by the
320array. Used by tools to compute the number of free pages.
321
322NR_FREE_PAGES
323-------------
324
325On linux-2.6.21 or later, the number of free pages is in
326vm_stat[NR_FREE_PAGES]. Used to get the number of free pages.
327
328PG_lru|PG_private|PG_swapcache|PG_swapbacked|PG_slab|PG_hwpoision|PG_head_mask|PG_hugetlb
329-----------------------------------------------------------------------------------------
330
331Page attributes. These flags are used to filter various unnecessary for
332dumping pages.
333
334PAGE_BUDDY_MAPCOUNT_VALUE(~PG_buddy)|PAGE_OFFLINE_MAPCOUNT_VALUE(~PG_offline)
335-----------------------------------------------------------------------------
336
337More page attributes. These flags are used to filter various unnecessary for
338dumping pages.
339
340
341x86_64
342======
343
344phys_base
345---------
346
347Used to convert the virtual address of an exported kernel symbol to its
348corresponding physical address.
349
350init_top_pgt
351------------
352
353Used to walk through the whole page table and convert virtual addresses
354to physical addresses. The init_top_pgt is somewhat similar to
355swapper_pg_dir, but it is only used in x86_64.
356
357pgtable_l5_enabled
358------------------
359
360User-space tools need to know whether the crash kernel was in 5-level
361paging mode.
362
363node_data
364---------
365
366This is a struct pglist_data array and stores all NUMA nodes
367information. Makedumpfile gets the pglist_data structure from it.
368
369(node_data, MAX_NUMNODES)
370-------------------------
371
372The maximum number of nodes in system.
373
374KERNELOFFSET
375------------
376
377The kernel randomization offset. Used to compute the page offset. If
378KASLR is disabled, this value is zero.
379
380KERNEL_IMAGE_SIZE
381-----------------
382
383Currently unused by Makedumpfile. Used to compute the module virtual
384address by Crash.
385
386sme_mask
387--------
388
389AMD-specific with SME support: it indicates the secure memory encryption
390mask. Makedumpfile tools need to know whether the crash kernel was
391encrypted. If SME is enabled in the first kernel, the crash kernel's
392page table entries (pgd/pud/pmd/pte) contain the memory encryption
393mask. This is used to remove the SME mask and obtain the true physical
394address.
395
396Currently, sme_mask stores the value of the C-bit position. If needed,
397additional SME-relevant info can be placed in that variable.
398
399For example::
400
401  [ misc	        ][ enc bit  ][ other misc SME info       ]
402  0000_0000_0000_0000_1000_0000_0000_0000_0000_0000_..._0000
403  63   59   55   51   47   43   39   35   31   27   ... 3
404
405x86_32
406======
407
408X86_PAE
409-------
410
411Denotes whether physical address extensions are enabled. It has the cost
412of a higher page table lookup overhead, and also consumes more page
413table space per process. Used to check whether PAE was enabled in the
414crash kernel when converting virtual addresses to physical addresses.
415
416ARM64
417=====
418
419VA_BITS
420-------
421
422The maximum number of bits for virtual addresses. Used to compute the
423virtual memory ranges.
424
425kimage_voffset
426--------------
427
428The offset between the kernel virtual and physical mappings. Used to
429translate virtual to physical addresses.
430
431PHYS_OFFSET
432-----------
433
434Indicates the physical address of the start of memory. Similar to
435kimage_voffset, which is used to translate virtual to physical
436addresses.
437
438KERNELOFFSET
439------------
440
441The kernel randomization offset. Used to compute the page offset. If
442KASLR is disabled, this value is zero.
443
444KERNELPACMASK
445-------------
446
447The mask to extract the Pointer Authentication Code from a kernel virtual
448address.
449
450TCR_EL1.T1SZ
451------------
452
453Indicates the size offset of the memory region addressed by TTBR1_EL1.
454The region size is 2^(64-T1SZ) bytes.
455
456TTBR1_EL1 is the table base address register specified by ARMv8-A
457architecture which is used to lookup the page-tables for the Virtual
458addresses in the higher VA range (refer to ARMv8 ARM document for
459more details).
460
461MODULES_VADDR|MODULES_END|VMALLOC_START|VMALLOC_END|VMEMMAP_START|VMEMMAP_END
462-----------------------------------------------------------------------------
463
464Used to get the correct ranges:
465	MODULES_VADDR ~ MODULES_END-1 : Kernel module space.
466	VMALLOC_START ~ VMALLOC_END-1 : vmalloc() / ioremap() space.
467	VMEMMAP_START ~ VMEMMAP_END-1 : vmemmap region, used for struct page array.
468
469arm
470===
471
472ARM_LPAE
473--------
474
475It indicates whether the crash kernel supports large physical address
476extensions. Used to translate virtual to physical addresses.
477
478s390
479====
480
481lowcore_ptr
482-----------
483
484An array with a pointer to the lowcore of every CPU. Used to print the
485psw and all registers information.
486
487high_memory
488-----------
489
490Used to get the vmalloc_start address from the high_memory symbol.
491
492(lowcore_ptr, NR_CPUS)
493----------------------
494
495The maximum number of CPUs.
496
497powerpc
498=======
499
500
501node_data|(node_data, MAX_NUMNODES)
502-----------------------------------
503
504See above.
505
506contig_page_data
507----------------
508
509See above.
510
511vmemmap_list
512------------
513
514The vmemmap_list maintains the entire vmemmap physical mapping. Used
515to get vmemmap list count and populated vmemmap regions info. If the
516vmemmap address translation information is stored in the crash kernel,
517it is used to translate vmemmap kernel virtual addresses.
518
519mmu_vmemmap_psize
520-----------------
521
522The size of a page. Used to translate virtual to physical addresses.
523
524mmu_psize_defs
525--------------
526
527Page size definitions, i.e. 4k, 64k, or 16M.
528
529Used to make vtop translations.
530
531vmemmap_backing|(vmemmap_backing, list)|(vmemmap_backing, phys)|(vmemmap_backing, virt_addr)
532--------------------------------------------------------------------------------------------
533
534The vmemmap virtual address space management does not have a traditional
535page table to track which virtual struct pages are backed by a physical
536mapping. The virtual to physical mappings are tracked in a simple linked
537list format.
538
539User-space tools need to know the offset of list, phys and virt_addr
540when computing the count of vmemmap regions.
541
542mmu_psize_def|(mmu_psize_def, shift)
543------------------------------------
544
545The size of a struct mmu_psize_def and the offset of mmu_psize_def's
546member.
547
548Used in vtop translations.
549
550sh
551==
552
553node_data|(node_data, MAX_NUMNODES)
554-----------------------------------
555
556See above.
557
558X2TLB
559-----
560
561Indicates whether the crashed kernel enabled SH extended mode.
562
563RISCV64
564=======
565
566VA_BITS
567-------
568
569The maximum number of bits for virtual addresses. Used to compute the
570virtual memory ranges.
571
572PAGE_OFFSET
573-----------
574
575Indicates the virtual kernel start address of the direct-mapped RAM region.
576
577phys_ram_base
578-------------
579
580Indicates the start physical RAM address.
581
582MODULES_VADDR|MODULES_END|VMALLOC_START|VMALLOC_END|VMEMMAP_START|VMEMMAP_END|KERNEL_LINK_ADDR
583----------------------------------------------------------------------------------------------
584
585Used to get the correct ranges:
586
587  * MODULES_VADDR ~ MODULES_END : Kernel module space.
588  * VMALLOC_START ~ VMALLOC_END : vmalloc() / ioremap() space.
589  * VMEMMAP_START ~ VMEMMAP_END : vmemmap space, used for struct page array.
590  * KERNEL_LINK_ADDR : start address of Kernel link and BPF
591
592va_kernel_pa_offset
593-------------------
594
595Indicates the offset between the kernel virtual and physical mappings.
596Used to translate virtual to physical addresses.
597