mirror of
https://github.com/cirosantilli/linux-kernel-module-cheat.git
synced 2026-01-25 19:21:35 +01:00
119 lines
2.0 KiB
Plaintext
119 lines
2.0 KiB
Plaintext
[[kgdb]]
|
|
= KGDB
|
|
|
|
KGDB is kernel dark magic that allows you to GDB the kernel on real
|
|
hardware without any extra hardware support.
|
|
|
|
It is useless with QEMU since we already have full system visibility
|
|
with `-gdb`, but this is a good way to learn it.
|
|
|
|
Cheaper than JTAG (free) and easier to setup (all you need is serial),
|
|
but with less visibility as it depends on the kernel working, so e.g.:
|
|
dies on panic, does not see boot sequence.
|
|
|
|
Usage:
|
|
|
|
....
|
|
./run -k
|
|
./rungdb -k
|
|
....
|
|
|
|
In GDB:
|
|
|
|
....
|
|
c
|
|
....
|
|
|
|
In QEMU:
|
|
|
|
....
|
|
/count.sh &
|
|
/kgdb.sh
|
|
....
|
|
|
|
In GDB:
|
|
|
|
....
|
|
b sys_write
|
|
c
|
|
c
|
|
c
|
|
c
|
|
....
|
|
|
|
And now you can count from GDB!
|
|
|
|
If you do: `b sys_write` immediately after `./rungdb -k`, it fails with
|
|
`KGDB: BP remove failed: <address>`. I think this is because it would
|
|
break too early on the boot sequence, and KGDB is not yet ready.
|
|
|
|
See also:
|
|
|
|
* https://github.com/torvalds/linux/blob/v4.9/Documentation/DocBook/kgdb.tmpl
|
|
* https://stackoverflow.com/questions/22004616/qemu-kernel-debugging-with-kgdb/44197715#44197715
|
|
|
|
[[kgdb-kernel-modules]]
|
|
== KGDB kernel modules
|
|
|
|
In QEMU:
|
|
|
|
....
|
|
/kgdb-mod.sh
|
|
....
|
|
|
|
In GDB:
|
|
|
|
....
|
|
lx-symbols ../kernel_module-1.0/
|
|
b fop_write
|
|
c
|
|
c
|
|
c
|
|
....
|
|
|
|
and you now control the count.
|
|
|
|
TODO: if I `-ex lx-symbols` to the `gdb` command, just like done for
|
|
QEMU `-gdb`, the kernel oops. How to automate this step?
|
|
|
|
[[kdb]]
|
|
== KDB
|
|
|
|
If you modify `runqemu` to use:
|
|
|
|
....
|
|
-append kgdboc=kbd
|
|
....
|
|
|
|
instead of `kgdboc=ttyS0,115200`, you enter a different debugging mode
|
|
called KDB.
|
|
|
|
Usage: in QEMU:
|
|
|
|
....
|
|
[0]kdb> go
|
|
....
|
|
|
|
Boot finishes, then:
|
|
|
|
....
|
|
/kgdb.sh
|
|
....
|
|
|
|
And you are back in KDB. Now you can:
|
|
|
|
....
|
|
[0]kdb> help
|
|
[0]kdb> bp sys_write
|
|
[0]kdb> go
|
|
....
|
|
|
|
And you will break whenever `sys_write` is hit.
|
|
|
|
The other KDB commands allow you to instruction steps, view memory,
|
|
registers and some higher level kernel runtime data.
|
|
|
|
But TODO I don't think you can see where you are in the kernel source
|
|
code and line step as from GDB, since the kernel source is not available
|
|
on guest (ah, if only debugging information supported full source).
|