When you debug kernel issues, you can track kernel execution and see its memory and data structure is very useful. The built-in kernel debugger KDB inlinux provides this feature. In this article, you will learn how to use the features provided by KDB. And how to install and set KDB on Linux machines. You will also be familiar with the commands you can use and set and display option in KDB. Linux kernel debugger (KDB) allows you to debug the Linux kernel. This is just a tool that is essentially the kernel. The code is patch, it allows the master to access the kernel memory and data structure. One of the main advantages of KDB is that it does not need to debug another machine: You can debug the running kernel.
Setting up a machine for KDB requires some work, because you need to make the kernel patch and recompile. KDB users should be familiar with the compilation of the Linux kernel (more familiar with the internal core of the kernel), but if you need For help, please refer to the reference information at the end of this article.
In this article, we will start from the download of KDB patch, play patch, (re-) compile the kernel and launch KDB. Then we will understand the KDB command and study some more common commands. Finally, we will study the settings Some details on display options.
Getting Started KDB projects are maintained by Silicon Graphics (see Resources for Link), you need to download patchs related to the kernel version from its FTP site. (When writing this article) The latest KDB version is 4.2. You will Two patches need to be downloaded and applied. One is a "public" patch that contains changes to the universal kernel code, the other is a specific-to-architectural patch. The patch can be obtained as a BZ2 file. For example, run 2.4.20 kernel On the X86 machine, you will need KDB-V4.2-2.4.20-Common-1.bz2 and KDB-V4.2-2.4.20-i386-1.bz2.
All examples provided here are for i386 architectures and 2.4.20 kernels. You will need to make an appropriate changes based on your machine and kernel version. You also need to have root permissions to perform these operations.
Copy the file to the / usr / src / linux directory and extract the patch file from the file compressed with BZIP2:
# BZIP2 -D KDB-V4.2-2.4.20-Common-1.bz2
# BZIP2 -D KDB-V4.2-2.4.20-i386-1.bz2 You will receive KDB-V4.2-2.4.20-Common-1 and KDB-V4.2-2.4-i386-1 files.
Now use these patches:
#PATCH -P1 #PATCH -P1 Next, you need to build a core to support KDB. The first step is to set up the config_kdb option. Use your favorite configuration mechanism (Xconfig and MenuConfig, etc.) to complete this step. Go to the "Kernel Hacking" section at the end and select "Built- In kernel debugger support option. You can also choose other two options according to your own preferences. Select the Compile The Kernel With Frame Pointers option (if any) sets the config_frame_pointer flag. This will produce a better stack back, because the frame pointer register is used as The frame pointer is not a universal register. You can also select the "KDB OFF BY DEFAULT" option. This will set the config_kdb_off flag and will turn off the KDB in the default. We will introduce this in the later section. Save the configuration and exit. Re-compile the kernel. It is recommended to perform "make clean before building the kernel. Install the kernel with usage and guide it. Initialize and set environment variables You can define the KDB commands that will be performed during KDB initialization. You need to define these commands in the plain text file KDB_CMDS, which is located in the Linux source tree (of course, after the patch), the kdb directory. This file can also be used to define environment variables for setting up and print options. Note from the beginning provides an editing file help. The disadvantage of using this file is that you need to rebuild and reinstall the kernel after you change the file. Activation KDB If you do not select config_kdb_off during compilation, KDB is active in the default. Otherwise, you need to express it explicitly - passing the KDB = ON flag to the kernel by booting / proc Execute this work: #echo "1"> / proc / sys / kernel / kdb Come to perform the above steps, will deactivate the KDB. That is, if the KDB is open if the KDB is open, the KDB = OFF flag is passed to the kernel or executed The following will cancel the activation of KDB: #echo "0"> / proc / sys / kernel / kDB can also pass another flag to the kernel during boot. KDB = Early flag will result in passing control to KDB during the initial phase of the boot process. If you need In the initial phase of the boot process, this will help. There are a lot of ways to call KDB. If the KDB is open, then it will automatically call it as soon as there is an emergency in the kernel. Press the PAUSE button on the keyboard to manually call the KDB. Another way to call KDB is through a serial console Of course, to do this, you need to set a serial console (see Resources to get this help) and need a program that reads from the serial console. Button sequence Ctrl-a will be from serial The console calls KDB. KDB Command KDB is a very powerful tool that allows several operations, such as memory and register modifications, application breakpoints, and stack tracking. According to this, you can divide the KDB command into several categories. Here is about each class Details of the most common commands. Memory display and modify this category of this category is MD, MDR, MM, and MMW. The MD command is a parameter with an address / symbol and row count, and the memory starts from the address of the Line-Count line. If you do not specify the Line-Count, then the default value specified by the environment variable. If no address is specified, Then MD continues from the last printed address. The address is printed at the beginning, and the character conversion is over. The mdr command has an address / symbol and byte count, which displays the initial memory content of the Byte-count byte number starting from the specified address. It is in nature, but it does not display the start address and does not display the character conversion at the end. The .mdr command is less used. The mm command modifies memory content. It uses address / symbols and new content as parameters, with the contents of the new-contents. The MMW command changes the w bytes starting from the address. Please note that MM changes a machine word. Example The 15-line memory started from 0xC000000: [0] kdb> MD 0xC000000 15 Change the content of the memory location to 0x10: [0] KDB> mm 0xc000000 0x10 Register Display and modify the command in this category has RD, RM and EF. RD command (without any parameters) Displays the contents of the processor register. It can have three parameters in the selection. If a C parameter is passed, the RD displays the processor's control register; if there is a D parameter, then it will display debugging Register; if there is a U parameter, the register group of the current task to enter the kernel is displayed. The RM command modifies the contents of the register. It uses the register name and new-contents as a parameter, with the New-Contents modified register. The register name is related to a specific architecture. Currently, the control register cannot be modified. The EF command is used as a parameter, which displays the exception frame at the specified address. Example Display Universal Register Group: [0] KDB> RD Sets the contents of the register EBX to 0x25: [0] KDB> RM% EBX 0x25 breakpoint common breakpoint command has BP, BC, BD, BE and BL.BP commands An address / symbol is used as a parameter, which applies breakpoints at the address. When the breakpoint is encountered, the execution is stopped and the control is given to KDB. This command has several useful variants. BPA commands in the SMP system All processor application breakpoints.bph commands Force on systems that support hardware registers. BPHA commands are similar to the BPA command, and the difference is that it enforces hardware registers. The BD command disables special breakpoints. It receives breakpoints as parameters. This command is not removed from the breakpoint table, but only disables it. The breakpoint number starts from 0 and assigns a breakpoint according to the availability sequence. The be command enables breakpoints. The parameters of the command are also breakpoints. The BL command lists the current breakpoint set. It contains the enabled and disabled breakpoints. The BC command removes the breakpoint from the breakpoint table. It uses a specific breakpoint number or * as a parameter, in the latter case it will remove all breakpoints. Example For the function sys_write () set breakpoint: [0] kdb> bp sys_write lists all breakpoints in breakpoint table: [0] KDB> BL clear breakpoint number 1: [0] KDB> BC 1 stack tracking main The stack tracking command has BT, BTP, BTC and BTA. The BT command tries to provide information about the stack of the current thread. It can selectively use the stack frame address as a parameter. If the address is not provided, then it uses the current register to retrospectively stack. Otherwise, it assumes that the address provided is a valid stack Frame start addresses and try to use the config_frame_pointer option during the kernel compilation, then use the frame pointer register to maintain the stack correctly. If you do not set the config_frame_pointer, then the BT command may generate errors. result. The BTP command identifies the process as a parameter and stacks the specific process. The BTC command performs a stack back to the process that is running on each active CPU. It starts BT from the first active CPU, then switch to the next active CPU, and so on. The BTA command executes a backtrack on all the processes in a particular state. If no parameters, it executes the backtracking of all processes. You can choose to pass various parameters to this command. Processing will be in a specific state according to parameter processing The options and corresponding status are as follows: D: Uninterrupted Status R: Run S: Interrupt Sleep T: Tracked or Stop z: Zode U: Unable to run a lot of information in each of this type of command. Please refer to the reference information below Get detailed documentation for these fields. Example Track the stack of current active threads: [0] KDB> BT Tracking Stack of Process for 575: [0] KDB> BTP 575 Other Commands The following is a very useful KDB command that is very useful during the kernel debugging. The ID command is used as a parameter in an address / symbol, which disassembles the instruction starting from the address. Environment variable IDCount determines how many rows of output to display. The SS command is single-step execution instruction and then returns the control to KDB. One variant of the instruction is an SSB, which performs instructions starting from the current command pointer address (print instructions on the screen) until it encounters instructions that will cause branch transfer So far. Typical examples of branch transfer instructions have Call, Return, and JUMP. The go command allows the system to continue properly. Opened to encounter breakpoints (if a breakpoint is applied). The reboot command immediately reboots the system. It does not completely shut down the system, so the result is unpredictable. The ll command is used as a parameter with an address, offset, and another kdb command. It repeatedly executes this command as a parameter for each element in the list. The execution command is used as the address of the current element in the list. Example Disassembled from routine SCHEDULE. The number of rows displayed depends on environment variable idcount: [0] KDB> ID Schedule executes instruction until it encounters branch transfer conditions (in this example for instruction JNE): [0 ] KDB> SSB 0xc0105355 default_idle 0x25: cli0xc0105356 default_idle 0x26: mov 0x14 (% edx),% eax0xc0105359 default_idle 0x29: test% eax,% eax0xc010535b default_idle 0x2b: jne 0xc0105361 default_idle 0x31 tips and tricks to debug a problem related to: the use of a debugger (Or any other tool) find the root of the problem and use the source code to track the root causes of the problem. Single use of the source code to determine the problem is extremely difficult, only the sophisticated kernel hacker is likely to do. On the contrary, most new hands It is often necessary to rely too much to rely over the debugger to correct the error. This method may generate an incorrect problem solution. We are worried that this method will only correct surface symptoms without resolving true problems. Example of this error It is an incorrectly handled code to handle NULL pointer or an error, but there is no real reason for invalid reference. Binding research code and using debugging tools is the best solution for identifying and correcting issues. The main purpose of the debugger is to find the wrong location, confirm the symptoms (in some cases, the cause of the determines the value of the variable, and how the program is in this case (ie, establish a call stack). Experience Hackers will know which debugger should be used for some specific question, and can quickly obtain the necessary information based on debug, then continue to analyze the code to identify the cause. Therefore, here is some tips to you so you can quickly achieve the above results using KDB. Of course, to remember, speed and accuracy of debugging come from experience, practical and good system knowledge (hardware and kernel internal mechanism, etc.) . Skills # 1 In KDB, enter the address at the prompt will return to the most matching symbol. This is extremely useful in stack analysis and determining the address / value of global data. Similarly, the input symbol name returns its virtual address. . Example Indicates that the function sys_read starts from the address 0xc013db4c: [0] kdb> 0xc013db4c 0xc013db4c = 0xc013db4c (sys_read) is also, Similarly, indicating that sys_write is located in the address 0xc013dcc8: [0] KDB> SYS_WRITE SYS_WRITE = 0xc013dcc8 (sys_write) These help find global data and function addresses when analyzing the stack. Skills # 2 When compiling with KDB's kernel, just use this option as long as the config_frame_pointer option appears. To do this, you need to select the "CoMPile The Kernel With Frame Pointers" below in the "Kernel Hacking" section when configuring the kernel. This ensures frame The pointer register will be used as a frame pointer to generate the correct backtrack. In fact, you can manually dump the contents of the frame pointer register and track the entire stack. For example, the% EBP register can be used back to back to the entire stack. For example, after executing the first instruction on the function rmqueue (), the stack looks similar to the following: [0] KDB> MD% EBP 0xc74c9f38 c74c9f60 c0136c40 000001f0 000000000xc74c9f48 08053328 c0425238 c04253a8 000000000xc74c9f58 000001f0 00000246 c74c9f6c c0136a250xc74c9f68 c74c8000 c74c9f74 c0136d6d c74c9fbc0xc74c9f78 c014fe45 c74c8000 00000000 08053328 [0] KDB> 0xc0136C40 0xc0136c40 = 0xc0136c40 (__alloc_pages 0x44) [0] KDB> 0xc0136a25 0xc0136a25 = 0xc0136a25 (_alloc_pages 0x19) [0] KDB> 0xc0136D6D 0xc0136d6d = 0xc0136d6d (__get_free_pages 0xD) We can see RMQueue () is called by __alloc_pages, the latter Next is called _alloc_pages to call, in this class. The first double word (double word) of each frame points Frame, this is followed by the address of the call function. Therefore, the tracking stack becomes a relaxed job. Skills # 3GO commands can be selected as a parameter with an address. If you want to continue executing at a particular address, you can provide the address as a parameter. Another way to use the RM command to modify the instruction pointer register, then use as long as you enter Go If you want to skip some specific instructions or set of instructions that seem to cause problems, this will be useful. However, please note that the instructions can cause serious problems, and the system may seriously crash. Skills # 4 You can use a useful command called DEFCMD to define your own command set. For example, when you encounter breakpoints, you may want to check a particular variable, check the contents of some registers and dump Stack. Usually, you must enter a series of commands so that you can perform all of these work at the same time. DEFCMD allows you to define your own command, which can contain one or more predefined kdb commands. Then you only need to use one command. Complete all three work. The syntax is as follows: [0] KDB> DEFCMD name "usage" "Help" [0] KDB> [DEFCMD] Type The Commands Here [0] KDB> [DEFCMD] endefcmd, for example, can define a (simple) new command HARI, which displays a line memory starting from the address 0xc000000, displays the contents of the register and the stack: [0] KDB> DEFCMD HARI "" "NO Arguments Needed" [0] KDB> [DEFCMD] MD 0xC000000 1 [0] KDB> [DEFCMD] RD [0] KDB> [DEFCMD] MD% EBP 1 [0] KDB> [DEFCMD] endefcmd The output of this command is: [0] KDB> HARI [HARI] KDB> MD 0xC000000 1 0xC000000 00000001 F000E816 F000E2C3 F000E816 [HARI] KDB> RD EAX = 0x00000000 EBX = 0xc0105330 ECX = 0xc0466000 EDX = 0xc0466000 ....... [HARI] KDB> MD% EBP 1 0xC0467FBC C0467FD0 C01053D2 00000002 000A0200 [0] KDB> Skills # 5 can use BPH and BPHA commands (if the architecture supports using hardware registers) to apply read and write breakpoints. This means whenever the data is read from a particular address or writing data to the address We can control this. This may be extremely convenient when debug data / memory destruction, in which case you can use it to identify the destroyed code / process. Example Whenever the four bytes are written to address 0xc0204060, enter the kernel modulator: [0] kdb> bph 0xc0204060 DATAW 4 Enter kernel debugger when reading at least two bytes starting from 0xC000000: [0] KDB> BPH 0xC000000 DATAR 2 Conclusion Convergence For execution kernel debugging, KDB is a convenient and powerful tool. It provides a variety of options and allows us to analyze memory content and data structure. The most wonderful thing is that it doesn't need to use Another machine to perform debugging. Reference Please find the KDB man page in the Documentation / KDB directory. For information on setting up a serial console, find the serial-console.txt in the documentation directory. Please download KDB on the SGI's kernel debugger project website. For a summary of several program-based Linux debugging technologies, please read "Master Linux debugging technology" (DEVELOPERWORKS, Aug 2002). Tutorial "Compilation Linux kernel" (developerWorks, Aug 2000) Let you completely understand the configuration, Compile and install the process of the kernel. IBM AIX users get the help of KDB for AIX on the KDB Kernel Debugger and Command page. Those readers who seek information about debug OS / 2 should read the IBM Red Book The OS / 2 Debugging Handbook (Volume 4 Volumes). Find more reference materials for Linux developers in the developerWorks Linux zone.
