Drgn

This release adds several helpers, support for DWARF package files, the `fsrefs.py` tool, and a few other improvements and bug fixes.

New features:

- The `print_dmesg()` helper was added to `drgn.helpers.linux.printk`. It is a shortcut for printing the contents of the kernel log buffer.
- The `idr_for_each_entry()` helper was added to `drgn.helpers.linux.idr`.
- Helpers for the Linux kernel's plist (priority-sorted list) data structure were added in `drgn.helpers.linux.plist`. Plists are used by futexes, real-time scheduling classes, and swap.
- The `stack_depot_fetch()` helper was added in `drgn.helpers.linux.stackdepot`. It gets a stack trace from the stack depot, which is used by KASAN and other debugging tools in the kernel to store unique stack traces. Contributed by Peter Collingbourne.
- `drgn.Program.stack_trace_from_pcs()` was added. It creates a `drgn.StackTrace` from a list of program counters. Contributed by Peter Collingbourne.
- Support for Linux 6.8 was added.
- The `for_each_mount()` and `path_lookup()` helpers from `drgn.helpers.linux.fs` were updated for Linux 6.8. The `for_each_mount()` update was contributed by Johannes Thumshirn.
- DWARF package (.dwp) files are now supported when built with elfutils >= 0.191.
- `drgn.reinterpret()` can now be used for primitive scalar values (but you usually want `drgn.cast()`).
- drgn now transparently supports reading from pointers using AArch64's Top Byte Ignore (TBI) feature. Contributed by Peter Collingbourne.

Bug fixes:

- The `print_annotated_stack()` helper from `drgn.helpers.common.stack` was made more robust against corrupted stack traces.
- A memory leak when handling types with C++ template parameters was fixed.
- Types from type units from split DWARF files can now be searched by name.

Other improvements:

- `drgn.FaultError` is now imported in the CLI by default.
- `drgn.FaultError`s caused by invalid physical addresses will now indicate that the address was physical.
- Build errors when compiling against Python 3.13 alpha 4 were fixed.

Tools:

- `tools/fsrefs.py` was added. It searches for everything in the kernel referencing a file or filesystem.

`contrib` directory:

- `contrib/btrfs_orphan_subvolumes.py` was added. It looks for Btrfs subvolumes that have been deleted but not yet cleaned up.
- `contrib/dm_crypt_key.py` was added. It reads the master key of a dm-crypt device from kernel memory (currently only if the encryption mode is `aes-xts-plain64`).

This release adds some usability improvements, lots of new helpers, fixes for stack traces from exotic core dumps, and more.

New features:

- The `prog` argument can now be omitted from most function calls in the CLI. Library users can configure the same behavior with `drgn.set_default_prog()` and `drgn.get_default_prog()`.
- `drgn.stack_trace()` was added as a shortcut for `drgn.Program.stack_trace()`.
- drgn can now be run against the live kernel as a non-root user. It uses sudo to open `/proc/kcore`. Contributed by Stephen Brennan.
- Helpers for the Linux kernel's maple tree data structure were added in `drgn.helpers.linux.maple`.
- `vma_find()` and `for_each_vma()` helpers were added to `drgn.helpers.linux.mm`. They look up or iterate over virtual memory areas in an address space, respectively.
- Helpers for Linux kernel wait queues were added in `drgn.helpers.linux.wait`. Contributed by Imran Khan.
- The `drgn.helpers.linux.cpumask.cpumask_to_cpulist()` helper was added. It converts a `struct cpumask *` to a CPU list string. Contributed by Imran Khan.
- `cpu_online_mask()`, `cpu_possible_mask()`, and `cpu_present_mask()` helpers were added to `drgn.helpers.linux.cpumask`.
- Support for Linux 6.6 and 6.7 was added.
- The `drgn.helpers.linux.mm.compound_order()` helper was updated for Linux 6.6.
- The `drgn.Program.threads()` iterator was updated for Linux 6.7.
- The `drgn.helpers.linux.slab` helpers were updated to handle kernels with `CONFIG_SLUB_TINY` enabled.
- The compound page helpers in `drgn.helpers.linux.mm` were updated to handle the RHEL 7 kernel. Contributed by Oleksandr Natalenko.
- Virtual address translation support was added for ppc64. Contributed by Sourabh Jain.
- drgn now supports the flattened kdump format when built with libkdumpfile support. Contributed by Petr Tesarik.
- `drgn.Program.set_core_dump()` and `drgn.program_from_core_dump()` now accept a file descriptor. Contributed by Stephen Brennan.

Backwards-incompatible changes:

- The `allow_negative` parameter of `drgn.helpers.linux.fs.path_lookup()`, and the `src`, `dst`, and `fstype` parameters of `drgn.helpers.linux.fs.for_each_mount()` and `drgn.helpers.linux.fs.print_mounts()` are all now keyword-only. This was necessary to allow omitting the `prog` argument without ambiguity.
- Type hints are no longer supported for Python 3.6 and Python 3.7. Those Python versions are still supported at runtime.

Bug fixes:

- Stack traces were fixed for core dumps from QEMU's `dump-guest-memory` command, ppc64 vmcores on Linux 6.5+ (and recent stable kernels), and s390x vmcores.
- Type annotations and documentation for `drgn.Program.add_type_finder()` and `drgn.Program.add_object_finder()` were corrected. Contributed by Stephen Brennan.
- Relocations for 32-bit Arm and x86 were fixed to use drgn's own implementation as intended instead of libdwfl's. This is mainly a performance improvement.

Other improvements:

- The `cmdline()` and `environ()` helpers in `drgn.helpers.linux.mm` now return `None` for kernel threads instead of raising an exception. Contributed by Peter Collingbourne.
- AArch64 virtual address translation was optimized to only read the minimum amount of page table data. Contributed by Peter Collingbourne.
- The warning when debugging symbols are not found now includes a link to the drgn documentation for how to get debugging symbols. Contributed by Alex Gartrell.
- The documentation for C operator equivalents was improved.

`contrib` directory:

- `contrib/find_struct_file.py` was added. It looks for references to a `struct file *`.
- `contrib/stack_trace_call_fault.py` was added. It manually unwinds a stack trace from a call to an invalid address on x86-64.
- `contrib/irq.py` was added. It prints out IRQs, their affinities, and statistics. Contributed by Imran Khan.
- `contrib/vmmap.py` was updated to work on Linux 6.1+.

This release adds a few helpers, performance improvements, more C++ lookup support, split DWARF object file support, bug fixes, and more.

New features:

- The `drgn.helpers.linux.sched.cpu_curr()` helper was added. It returns the task running on a CPU.
- The `drgn.helpers.linux.list.list_count_nodes()` helper was added. It returns the length of a list.
- The `drgn.helpers.linux.net.netdev_priv()` helper was added. It returns the private data of a network device.
- The `drgn.helpers.linux.net.skb_shinfo()` helper was added. It returns the shared info for a socket buffer.
- The Linux kernel's `VMCOREINFO` can now be accessed with `prog["VMCOREINFO"]`. Contributed by Stephen Brennan.
- The `class`/`struct`/`union`/`enum` keyword is no longer required for C++ type lookups. E.g., `prog.type("Foo")` will find `class Foo` or `struct Foo`, etc.
- Nested classes/structures/unions in C++ can now be looked up with `drgn.Program.type()` (e.g., `prog.type("Foo::Bar")`).
- C++ methods can now be looked up with `drgn.Program.function()` or `drgn.Program[]` (e.g., `prog.function("Foo::method")` or `prog["Foo::method"]`).
- Split DWARF object (.dwo) files are now supported when built with elfutils >= 0.171. (Split DWARF package files (.dwp) are not yet supported.)

Bug fixes:

- An ".orc\_unwind\_ip is not sufficiently aligned" error when getting a stack trace was fixed. This only happens on x86-64 when the stack contains a function written in assembly from a kernel module. This was a regression in drgn 0.0.23.
- Storing and printing integers larger than 64 bits was implemented. Most notably, this fixes printing `struct task_struct` on ARM64.
- Local variable lookups that used to fail with "unknown DWARF expression opcode 0xf3" or "unknown DWARF expression opcode 0xa3" are now returned as absent instead. It may be possible to recover a value for some of these in the future.
- `drgn.Program.crashed_thread()` was fixed for s390x. Previously it would return the wrong thread.
- A segfault if the definition of `main()` couldn't be found in a userspace program was fixed.
- When an incomplete type is found (e.g., pointed to by a structure member), resolving it to the complete type no longer checks whether the name may be ambiguous based on the paths of the files that defined it. This sometimes caused such lookups to spuriously fail in the presence of out of tree Linux kernel modules and other similar situations that caused the same file to have multiple paths. Unfortunately, this means that if there really are multiple types with the same name, the wrong one may be used, but it can be manually casted.
- Looking up the definition of a nested incomplete type in C++ was fixed.
- `drgn.Object.to_bytes_()` of a bit field was fixed to not return stray bits.
- Creating a structure value with a 32-bit float member (e.g., `Object(prog, "struct foo", value={"f": 1.0})`) on a big-endian host was fixed.
- The `drgn.helpers.linux.printk` helpers were fixed to work reliably on kernels between v3.18 and v4.15 with BPF enabled (due to a global variable name conflict).
- Error messages about debugging information now have a path instead of `(null)`.

Other improvements:

- Support for Linux 6.5 was tested; no changes were required.
- Stack tracing was made almost twice as fast thanks to an internal optimization in function lookups. Contributed by Thierry Treyer.
- Indexing debugging information when it is loaded (either at startup or manually) was reimplemented.
- It now uses less memory (~30% less) and starts up much faster (~3x as fast) for large C++ applications.
- It no longer uses hyperthreads by default, which uses fewer system resources and results in up to 2x faster startup for the Linux kernel.
- It may use slightly (~10%) more memory for the Linux kernel.
- The Python GIL is now released while loading debugging information.
- `NULL` function pointer calls can now be unwound in stack traces on x86-64. Contributed by JP Kobryn.
- The `drgn.helpers.linux.printk` helpers now work on RHEL 7 (Linux kernel 3.10). Contributed by Oleksandr Natalenko.
- Vmcores in the makedumpfile flattened format are now detected and diagnosed with instructions for how to convert to a format supported by drgn. Contributed by Stephen Brennan.
- drgn now logs using the standard Python `logging` module to a logger named `"drgn"`.

`contrib` directory:

- `contrib/ps.py` was extended with many more options. Contributed by Jay Patel, Sourabh Jain, Aditya Gupta, and Piyush Sachdeva.
- `contrib/ptdrgn.py` was added. It runs drgn in [ptpython](https://github.com/prompt-toolkit/ptpython). Contributed by Stephen Brennan.

Documentation:

- Supported architectures and kernel versions are now documented.
- Thread-safety requirements are now documented.
- Guidelines for contributing Linux kernel helpers were added.

Internals:

- drgn now uses the ``__attribute__((__cleanup__))`` extension in GCC/Clang for resource cleanup.
- The internal generic vector implementation was reworked.
- drgn now uses the system's `elf.h` header instead of its own copy.
- Experimental scripts for building root filesystems and testing different architectures were added to `vmtest`.
- More checks were added to `pre-commit`.

This release adds helpers all over the place, Linux 6.3 and 6.4 support, Python 3.12 support, full s390x support, bug fixes, and lots of new scripts in `contrib`.

New features:

- `follow_page()`, `follow_pfn()`, and `follow_phys()` helpers were added to `drgn.helpers.linux.mm`. These translate an arbitrary virtual address in an address space.
- `vmalloc_to_page()` and `vmalloc_to_pfn()` helpers were added to `drgn.helpers.linux.mm`. These translate a vmalloc/vmap address.
- The `drgn.helpers.linux.mm.totalram_pages()` helper was added. It returns the number of pages of RAM. Contributed by Martin Liška.
- The `drgn.helpers.linux.sched.loadavg()` helper was added. It returns the load average as a tuple. Contributed by Martin Liška.
- The `drgn.helpers.common.format.number_in_binary_units()` helper was added. It formats a number as a human-readable size (e.g., 2G, 1.5M).
- `drgn.cli.run_interactive()` was added. It can be used to embed drgn's interactive mode in other applications. Contributed by Stephen Brennan.
- The `jiffies` variable in the Linux kernel is now handled specially so that it can be accessed on all kernel versions and architectures.
- Virtual address translation was implemented for s390x. Contributed by Sven Schnelle.
- The `page_to_pfn()`, `page_to_phys()`, `pfn_to_page()`, and `phys_to_page()` helpers in `drgn.helpers.linux.mm` now work on architectures using `CONFIG_FLATMEM` (e.g., Arm and i386).
- Types can now be looked up in C++ namespaces. Contributed by Kevin Svetlitski.
- drgn will now use GNU-style compressed sections (`.zdebug_*`) when available.

Bug fixes:

- A crash when constructing objects on Python 3.12 was fixed. Contributed by Stephen Brennan.
- A bug that caused the ORC stack unwinder to stop prematurely or return the wrong result for IRQ stacks was fixed.
- `drgn.Program.crashed_thread()` was fixed for non-x86 architectures. Previously it always returned the thread on CPU 0.
- `drgn.helpers.linux.fs.for_each_file()` now handles tasks with `NULL` `files` (e.g., zombie tasks). Contributed by Stephen Brennan.
- The `drgn.helpers.linux.cgroup.sock_cgroup_ptr()` helper was fixed to work on Linux 5.15 and newer. Contributed by Martin Liška.
- The `drgn.helpers.linux.slab` helpers were fixed to handle older stable kernels without the patch "slub: improve bit diffusion for freelist ptr obfuscation". Contributed by Stephen Brennan.
- The `slab_object_info()` and `find_containing_slab_cache()` helpers in `drgn.helpers.linux.slab` were fixed to ignore high memory.
- A workaround for weird DWARF generated by GCC for zero-length arrays in C++ was added. Contributed by Jay Kamat.
- A memory leak in an error case when pretty-printing compound (structure/class/union) objects was fixed. Contributed by Kevin Svetlitski.

`contrib` directory:

- `contrib/btrfs_tree.py` and `contrib/btrfs_tree_mod_log.py` were added. They contain work-in-progress helpers for Btrfs data structures. Contributed by Boris Burkov.
- `contrib/dump_btrfs_bgs.py` was added. It prints information about block groups in a Btrfs filesystem. Contributed by Johannes Thumshirn.
- `contrib/kcore_list.py` was added. It prints the list of memory regions registered in `/proc/kcore`.
- `contrib/kernel_sys.py` was added. It prints system information similar to the crash `sys` command. Contributed by Martin Liška.
- `contrib/mount.py` was added. It prints a mount table similar to the crash `mount` command. Contributed by Martin Liška.
- `contrib/platform_drivers.py` was added. It prints all registered platform drivers.
- `contrib/vmmap.py` was added. It prints information about memory mappings in a process, similar to `/proc/$pid/maps`. Note that it only works up to Linux 6.0. Contributed by Martin Liška.
- `contrib/vmstat.py` was added. It prints information about kernel memory usage. Contributed by Martin Liška.
- `contrib/ps.py` was extended to print thread state, whether a thread is a kernel thread, and memory statistics. Contributed by Martin Liška.
- `contrib/fs_inodes.py` was fixed to to handle inodes without a path. Contributed by Martin Liška.
- `contrib/lsmod.py` was fixed to have identical output to `lsmod(8)`. Contributed by Martin Liška.
- `contrib/tcp_sock.py` was fixed to work on Linux 4.9 and newer. Contributed by Martin Liška.

Other improvements:

- Support for Linux 6.3 and 6.4 was added.
- The `compound_order()` and `compound_nr()` helpers in `drgn.helpers.linux.mm` were updated for Linux 6.3.
- ORC unwinder support was updated for Linux 6.3 and 6.4.
- Kernel module detection was updated for Linux 6.4. Contributed by Ido Schimmel.
- The `for_each_disk()` and `for_each_partition()` helpers in `drgn.helpers.linux.block` were updated for Linux 6.4.
- The `drgn.helpers.linux.idr` helpers were extended to work with kernels older than 4.11. Contributed by Imran Khan.
- Documentation was added for special objects that drgn exposes for the Linux kernel. Contributed by Stephen Brennan.
- The example in the documentation for `add_memory_segment()` was fixed. Contributed by Timothée Cocault.
- Immutable attributes were marked with `Final` in type stubs. Contributed by Kevin Svetlitski.

Internals:

- `setup.py` no longer uses distutils (as long as setuptools is new enough).
- Documentation was added for drgn's internal page table iterator interface.
- The virtual machine testing framework now supports AArch64, ppc64, s390x, and Arm. These are not tested automatically yet.
- The virtual machine testing framework now uses compilers from <https://mirrors.kernel.org/pub/tools/crosstool/>.
- The virtual machine testing framework now limits the number of CPUs to 8 to avoid OOMs. Contributed by Martin Liška.
- The pull request CI now only tests the oldest and latest stable Python versions, with the ability to opt into testing all supported versions. Contributed by Stephen Brennan.

This release adds new stack trace features, lots of helpers (especially for memory management), partial s390x support, C++ improvements, important bug fixes, and more. It is also the first release licensed under the LGPLv2.1+.

Miscellaneous:

- drgn is now licensed as LGPLv2.1+ instead of GPLv3+. The goal of the more permissive license is to encourage building tools on top of drgn (like [Object Introspection](https://facebookexperimental.github.io/object-introspection/)).
- The `contrib` directory was added as a place to share scripts with minimal requirements. This also replaces the `examples` directory.
- Support for Linux 4.4 (which has been EOL since February 2022) is no longer being actively tested. Most of drgn will continue to work on Linux 4.4 for the time being, but it is likely to stop working soon. The oldest kernel version officially supported by drgn is now 4.9.

New features:

- The `StackFrame.locals()` method was added. It lists all of the arguments and local variables in the scope of a stack frame. Contributed by Stephen Brennan.
- The `StackFrame.sp` attribute was added. This is a generic way to get the stack pointer of a stack frame on any architecture.
- Helpers for XArrays were added in `drgn.helpers.linux.xarray`: `xa_load()`, `xa_for_each()`, `xa_is_value()`, `xa_to_value()`, and `xa_is_zero()`.
- The `drgn.helpers.linux.slab.get_slab_aliases()` helper was added. It identifies which slab caches are merged. Contributed by Stephen Brennan.
- The `drgn.helpers.linux.slab.slab_object_info()` helper was added. It returns what slab cache a pointer is from, its offset from the beginning of the slab object, and whether it is allocated or free.
- The `drgn.helpers.common.memory.identify_address()` helper now includes additional information for slab addresses: the offset from the beginning of the slab object and whether it is allocated or free.
- The `drgn.helpers.common.stack.print_annotated_stack()` helper was added. It prints the contents of stack memory in a stack trace, annotating each word that can be identified as an address. Contributed by Nhat Pham.
- Support for Linux kernel modules and stack unwinding on s390x was added. Contributed by Sven Schnelle.
- Partial support for looking up types with C++ template arguments was added. For now, the arguments must be spelled exactly as the compiler spells them in the debug info. Contributed by Kevin Svetlitski.
- Parsing debug info for C++ template parameter packs was added. Contributed by Alastair Robertson.

Bug fixes:

- A bug that caused stack unwinding to fail when an executable contained `.eh_frame` but its DWARF information was in a separate file was fixed.
- A bug that caused x86-64 stack unwinding without call frame information to stop on a function with a frame pointer if its caller doesn't use frame pointers was fixed. This affected, for example, BPF programs in a Linux kernel using ORC.
- Linux kernel stack unwinding on ppc64 was fixed for kernel versions newer than 5.10 or older than 4.20.
- The CLI's interactive mode was fixed to allow importing modules from the current directory.
- Missing type annotations required for `len(StackTrace)` and `iter(StackTrace)` were added. Contributed by Nhat Pham.
- A potential segfault (not encountered in practice) when parsing invalid DWARF information for an enum type was fixed.
- Leaks in error cases of `Program.type()` and `Program.object()` were fixed.
- The `drgn.helpers.common.memory.identify_address()` helper was fixed to gracefully handle architectures that we haven't implemented virtual address translation for.
- Parsing of DWARF pointer types without a size was fixed to default to the DWARF unit's address size instead of the program's default size.
- Lookups of type names beginning with `size_t` or `ptrdiff_t` were fixed to look up the full name and not those prefixes.

Other improvements:

- Linux kernel support was tested up to Linux 6.2-rc2.
- Python support was tested up to Python 3.11.
- The CLI warning for missing debug info was made more prominent.
- The CLI now prints nicer error messages for common errors like running without root permissions.
- Documentation for the `drgn.helpers.linux.mm.for_each_page()` helper was improved to mention how `FaultError` should be handled.
- drgn can now be built against a libc without `qsort_r()` (e.g., musl < 1.2.3). Contributed by Boris Burkov.

Internals:

- Various tests for kconfig helpers, radix tree helpers, and stack traces were added or improved.
- Tracking of executable and debug info files was separated from libdwfl more.
- Documentation for new architecture support was expanded.

This release adds lots of new helpers and fixes some important bugs.

New features:

- Helpers for lockless linked lists in the Linux kernel were added: `drgn.helpers.linux.llist`. Contributed by Imran Khan.
- A helper to find the slab cache that a virtual address came from was added: `drgn.helpers.linux.slab.find_containing_slab_cache()`. Contributed by Nhat Pham.
- A `drgn.helpers.common` package was created to contain helpers that can be used with any program (which may have program-specific additional behavior).
- A helper to identify an arbitrary address (e.g., as a symbol or slab object) was added: `drgn.helpers.common.memory.identify_address()`. Contributed by Nhat Pham.
- `PageFoo()` helpers to check various `struct page` flags were added to `drgn.helpers.linux.mm`.
- Helpers for working with compound pages were added to `drgn.helpers.linux.mm`: `compound_head()`, `compound_nr()`, `compound_order()`, and `page_size()`.
- A helper to get the CPU that a task last ran on was added: `drgn.helpers.linux.sched.task_cpu()`.
- Automatic pretty-printing in IPython/Jupyter of `drgn.Object`, `drgn.Type`, `drgn.StackTrace`, and `drgn.StackFrame` was added. Contributed by Shung-Hsi Yu.
- `drgn.StackTrace.prog` was added as a way to get the program that a stack trace came from.

Bug fixes:

- Getting stack traces from a kernel core dump of threads that were running at the time of the crash was fixed for Linux < 4.9 and >= 5.16.
- `drgn.helpers.linux.per_cpu()` and `per_cpu_ptr()` were fixed to work for per-CPU variables defined in kernel modules.
- Reading from pages that were excluded by `makedumpfile` was changed to return zeroes instead of raising a `FaultError`. This is unfortunately necessary because we cannot distinguish between pages that were excluded because their contents were zero and pages that were excluded for other reasons. Contributed by Glen McCready.
- A segfault when looking for a variable in a stack frame caused by strange debug symbols emitted by Clang in certain situations was fixed.
- A reference leak every time a `FaultError` is raised inside of drgn was fixed.
- A use after free when setting an object from a part of itself in libdrgn was fixed. The Python interface is not affected.
- The recommendation for how to get VMCOREINFO in QEMU guest memory dumps was fixed to suggest the correct Linux kernel configuration options.
- A spelling error in a DWARF parsing error message was fixed. Contributed by Michel Alexandre Salim.

API changes:

- `escape_ascii_character()`, `escape_ascii_string()`, `decode_flags()`, and `decode_enum_type_flags()` were moved from `drgn.helpers` to `drgn.helpers.common.format`.
- `enum_type_to_class()` was moved from `drgn.helpers` to `drgn.helpers.common.type`.

Documentation:

- openSUSE installation instructions were added.
- libkdumpfile installation instructions were updated to reflect that it is now packaged on some Linux distributions.
- Python type signatures are now formatted more concisely in the documentation.
- Overloaded helpers are now documented more concisely.
- Various small editorial and formatting issues were fixed.

Other improvements:

- Linux kernel support was tested up to Linux 6.0.
- `drgn.helpers.linux.bpf.cgroup_bpf_prog_for_each()` was updated to work on Linux 6.0.

Internals:

- Some racy stack tracing unit tests were fixed.
- Linux kernel memory management helper unit tests were enabled on AArch64.
- The VM testing setup no longer depends on BusyBox.
- `-Wimplicit-fallthrough` was enabled for builds.
- A syscall number table and normalized machine name were added to `util.py`
for use in test cases and the VM testing setup.
- Some renaming was done to prepare for the upcoming module API.
- The libdrgn-internal `string_builder` API was improved.