Table of Contents
Kernel debugging kgdb
| Reference | GDB commands | Examining Symbol |
Linux Kernel coding style:
- Documentation/process/coding-style.rst
Linux Kernel documentation: for example of linux kernel 5.0
Kernel configure
kgdb内核配置
- 在 menuconfig 中选中 Kernel hacking → kernel debugging → KGDB: kernel debugger,使能 kgdb
- 在 menuconfig 中选中 Kernel hacking → Compile-time checks and compiler options → Compile the kernel with debug info, 生成调试信息.
- 检查最后的 config ,关闭选项 CONFIG_STRICT_KERNEL_RWX. 这个选项会使得运行周边内存为只读状态.
使能串口或者网口驱动,使得主机可以连接嵌入式板.
使用串口连接的配置如下:
# CONFIG_STRICT_KERNEL_RWX is not set CONFIG_FRAME_POINTER=y CONFIG_KGDB=y CONFIG_KGDB_SERIAL_CONSOLE=y CONFIG_DEBUG_INFO=y
kdb 内核配置
kdb 配置要在 kgdb内核配置 的基础上继续进行如下配置:
- 在 menuconfig 中选中 Kernel hacking → kernel debugging → KGDB: kernel debugger → KGDB_KDB: include kdb frontend for kgdb 使能 kdb
- 当需要使用键盘与 kdb 交互时, 需要在 menuconfig 中选中 Kernel hacking → kernel debugging → KGDB: kernel debugger → KGDB_KDB: keyboard as input device 使能键盘
最终在 config 文件中的配置如下:
#CONFIG_STRICT_KERNEL_RWX is not set CONFIG_FRAME_POINTER=y CONFIG_KGDB=y CONFIG_SERIAL_CONSOLE=y CONFIG_DEBUG_INFO=y CONFIG_KGDB_KDB=y CONFIG_KDB_KEYBOARD=y
Target side configuration
- echo ttyS0,115200 > /sys/module/kgdboc/parameters/kgdboc
- echo g > /proc/sysrq-trigger
- If you want to start the debugging when the kernel starts loading, append to the command line parameters of the kernel. You must use this order! First you must register the I/O driver and then kgdb will be able to wait.
- kgdboc=ttyS0,115200 kgdbwait
- console=ttyS0,115200 kgdboc=ttyS0,115200 nokaslr ???
- To check whether kgdb is enabled/disabled:
- root@babu-VirtualBox:~# cat /sys/module/kgdboc/parameters/kgdboc
- ttyS0,115200
- #disable
- echo “” > /sys/module/kgdboc/paramters/kgdboc
Host side configuration
# connect target via serial port % sudo gdb ./vmlinux (gdb) **set serial baud 115200** (gdb) **target remote /dev/ttyS0** #connect target via networking % gdb ./vmlinux (gdb) target remote 192.168.2.2:2012
Note:
- /dev/tty0 is also by default virtual console;
- /dev/tty is kind of an alias to the console (physical, virtual or pseudo device, if any) associated to the process that open it
- *
Using kgdb, kdb and the kernel debugger internals: https://www.kernel.org/doc/html/latest/dev-tools/kgdb.html
/proc/sysrq-trigger: https://ngelinux.com/what-is-proc-sysrq-trigger-in-linux-and-how-to-use-sysrq-kernel-feature/
Setup
- Host windows and VM is linux via virtualbox: http://sysprogs.com/VBoxGDB/tutorial/
- Debugging between Host ↔ VM via virtualbox: https://www.opensourceforu.com/2011/03/kgdb-with-virtualbox-debug-live-kernel/, or refer to https://cs.wmich.edu/~rhardin/cs4540/KernelDebuggingVirtualbox.pdf
- The socat binary installed on the host. This is used to link the pipe file (FIFO) that is created by VirtualBox, with a pseudo-terminal on the host system.
- https://wiki.ubuntu.com/Kernel/Systemtap: very good informatin, esp to get debug symbols for kernel X
Debugging between VM ↔ VM: http://www.alexlambert.com/2017/12/18/kernel-debugging-for-newbies.html
- Disable KASLR on the debuggee machine via grub configuration
set up gdb envrionment
- Using kgdb, kdb and the kernel debugger internals: https://www.kernel.org/doc/html/latest/dev-tools/kgdb.html
https://www.tecmint.com/install-kvm-on-ubuntu/
- Kernel Memory Leak Detector: https://www.kernel.org/doc/html/latest/dev-tools/kmemleak.html
/proc/sysrq-trigger commands
| Command | Function |
| b | Will immediately reboot the system without syncing or unmounting your disks |
| c | Will perform a system crash by a NULL pointer dereference. A crashdump will be taken if configured |
| d | Shows all locks that are held |
| e | Send a SIGTERM to all processes, except for init |
| f | Will call the oom killer to kill a memory hog process, but do not panic if nothing can be killed |
| g | Used by kgdb (kernel debugger) |
| h | Will display help (actually any other key than those listed here will display help. but h is easy to remember  |
| i | Send a SIGKILL to all processes, except for init |
| j | Forcibly “Just thaw it” - filesystems frozen by the FIFREEZE ioctl |
| k | Secure Access Key (SAK) Kills all programs on the current virtual console. NOTE: See important comments below in SAK section |
| l | Shows a stack backtrace for all active CPUs |
| m | Will dump current memory info to your console |
| n | Used to make RT tasks nice-able |
| o | Will shut your system off (if configured and supported) |
| p | Will dump the current registers and flags to your console |
| q | Will dump per CPU lists of all armed hrtimers (but NOT regular timer_list timers) and detailed information about all clockevent devices |
| r | Turns off keyboard raw mode and sets it to XLATE |
| s | Will attempt to sync all mounted filesystems |
| t | Will dump a list of current tasks and their information to your console |
| u | Will attempt to remount all mounted filesystems read-only |
| v | Forcefully restores framebuffer console |
| v | Causes ETM buffer dump [ARM-specific] |
| w | Dumps tasks that are in uninterruptable (blocked) state |
| x | Used by xmon interface on ppc/powerpc platforms. Show global PMU Registers on sparc64. Dump all TLB entries on MIPS |
| y | Show global CPU Registers [SPARC-64 specific] |
| z | Dump the ftrace buffer |
| 0-9 | Sets the console log level, controlling which kernel messages will be printed to your console. (0, for example would make it so that only emergency messages like PANICs or OOPSes would make it to your console.) |