mirror of
https://github.com/cirosantilli/linux-kernel-module-cheat.git
synced 2026-01-27 12:04:27 +01:00
adoc
This commit is contained in:
Ciro Santilli
118
kgdb.adoc
Normal file
118
kgdb.adoc
Normal file
@@ -0,0 +1,118 @@
|
||||
[[kgdb]]
|
||||
= KGDB
|
||||
|
||||
KGDB is kernel dark magic that allows you to GDB the kernel on real
|
||||
hardware without any extra hardware support.
|
||||
|
||||
It is useless with QEMU since we already have full system visibility
|
||||
with `-gdb`, but this is a good way to learn it.
|
||||
|
||||
Cheaper than JTAG (free) and easier to setup (all you need is serial),
|
||||
but with less visibility as it depends on the kernel working, so e.g.:
|
||||
dies on panic, does not see boot sequence.
|
||||
|
||||
Usage:
|
||||
|
||||
....
|
||||
./run -k
|
||||
./rungdb -k
|
||||
....
|
||||
|
||||
In GDB:
|
||||
|
||||
....
|
||||
c
|
||||
....
|
||||
|
||||
In QEMU:
|
||||
|
||||
....
|
||||
/count.sh &
|
||||
/kgdb.sh
|
||||
....
|
||||
|
||||
In GDB:
|
||||
|
||||
....
|
||||
b sys_write
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
....
|
||||
|
||||
And now you can count from GDB!
|
||||
|
||||
If you do: `b sys_write` immediately after `./rungdb -k`, it fails with
|
||||
`KGDB: BP remove failed: <address>`. I think this is because it would
|
||||
break too early on the boot sequence, and KGDB is not yet ready.
|
||||
|
||||
See also:
|
||||
|
||||
* https://github.com/torvalds/linux/blob/v4.9/Documentation/DocBook/kgdb.tmpl
|
||||
* https://stackoverflow.com/questions/22004616/qemu-kernel-debugging-with-kgdb/44197715#44197715
|
||||
|
||||
[[kgdb-kernel-modules]]
|
||||
== KGDB kernel modules
|
||||
|
||||
In QEMU:
|
||||
|
||||
....
|
||||
/kgdb-mod.sh
|
||||
....
|
||||
|
||||
In GDB:
|
||||
|
||||
....
|
||||
lx-symbols ../kernel_module-1.0/
|
||||
b fop_write
|
||||
c
|
||||
c
|
||||
c
|
||||
....
|
||||
|
||||
and you now control the count.
|
||||
|
||||
TODO: if I `-ex lx-symbols` to the `gdb` command, just like done for
|
||||
QEMU `-gdb`, the kernel oops. How to automate this step?
|
||||
|
||||
[[kdb]]
|
||||
== KDB
|
||||
|
||||
If you modify `runqemu` to use:
|
||||
|
||||
....
|
||||
-append kgdboc=kbd
|
||||
....
|
||||
|
||||
instead of `kgdboc=ttyS0,115200`, you enter a different debugging mode
|
||||
called KDB.
|
||||
|
||||
Usage: in QEMU:
|
||||
|
||||
....
|
||||
[0]kdb> go
|
||||
....
|
||||
|
||||
Boot finishes, then:
|
||||
|
||||
....
|
||||
/kgdb.sh
|
||||
....
|
||||
|
||||
And you are back in KDB. Now you can:
|
||||
|
||||
....
|
||||
[0]kdb> help
|
||||
[0]kdb> bp sys_write
|
||||
[0]kdb> go
|
||||
....
|
||||
|
||||
And you will break whenever `sys_write` is hit.
|
||||
|
||||
The other KDB commands allow you to instruction steps, view memory,
|
||||
registers and some higher level kernel runtime data.
|
||||
|
||||
But TODO I don't think you can see where you are in the kernel source
|
||||
code and line step as from GDB, since the kernel source is not available
|
||||
on guest (ah, if only debugging information supported full source).
|
||||
Reference in New Issue
Block a user