2,257
edits
Changes
Jump to navigation
Jump to search
Line 5:
Line 5: − + − + − + − + − + + + + +
no edit summary
Currently memory dumping depends on 3 big technologies:
Currently memory dumping depends on 3 big technologies:
* /proc/pid/map_files/ directory with links is used to determine
* /proc/pid/smaps file and /proc/pid/map_files/ directory with links are used to determine
** which file is mapped
** memory areas in use by task
** shared memory "identifier" to detect the sharing
** file is mapped (if any)
* proc pagemap file says which pages are to be dumped and which are not (to be fixed as well)
** shared memory "identifier" to resolve the MAP_SHARED areas
* Ptrace SEIZE is used to grab pages from task's VM into pipe (with vmsplice)
* /proc/pid/pagemap file that reveals important flags
** ''present'' indicates that the physical page is there. Non-present pages are not dumped.
** ''anonymoys'' for the MAP_FILE | MAP_PRIVATE mapping indicate that the page in question is already COW-ed from the file's. Not-anonymous pages are not dumped as they are still in sync with the file
** ''soft-dirty'' bit is used by [[memory changes tracker]]
* Ptrace SEIZE that is used to grab pages from task's VM into pipe (with vmsplice)
=== Restoring ===
=== Restoring ===