Multiple breakpoint issue when debugging loadable kernel module

Jan Kiszka jan.kiszka@web.de
Tue Nov 1 15:32:00 GMT 2011


On 2011-10-31 21:53, Tom Tromey wrote:
>>>>>> "Jan" == Jan Kiszka <jan.kiszka@siemens.com> writes:
> 
> Jan> Tom, do you still like to have a description of the full reproduction
> Jan> scenario or are you debugging via Vimal?
> 
> I'd still like a way to reproduce it myself.

Here we go:

The setup is not that simple, in fact (unless I miss a much simpler
scenario). You need a target Linux system on which you can install a
kernel (with modules) which has debug symbols enabled. Either (re-)build
your own or use a -debug package from a distro.

Then you need to decide which gdbserver to use: either kgdb on a live
system or (I think that's easier) qemu with it's gdb stub. Boot the
kernel on the target/guest for which you have the corresponding debug
objects on the host. If you feel brave, run qemu as root and let it pick
up your host's disk for the guest - in no-modification mode:

qemu-system-x86_64 /dev/sda -snapshot -m 1G -s

Don't forget the -snapshot or host and guest will use the same disk...

If you have VT-x/AMD-V on your host: modprobe kvm-intel/kvm-amd first,
and then append -enable-kvm to the qemu command line (the qemu fork
qemu-kvm will imply this and refuse to work with kvm modules).

Once the target is up, check /proc/modules for some used module and its
start address. Pick one, say mac80211, and note the address (or use my
script later on). Also pick some function in that module (see
/proc/kallsyms, e.g. ieee80211_register_hw in the mac80211 case).

Next fire up the debugger (the kernel comes with kgdb docbook section,
qemu just requires the "-s" command line switch) and attach to the
target (kgdb via serial console, qemu is listening on TCP port 1234 by
default).

Now we get to the point. Load the module symbols at the right address
(or use my script) and perform the following steps:

(gdb) add-symbol-file /path/to/some/module.ko 0x...
(gdb) l ieee80211_register_hw
624             return local_to_hw(local);
625     }
626     EXPORT_SYMBOL(ieee80211_alloc_hw);
627
628     int ieee80211_register_hw(struct ieee80211_hw *hw)
629     {
630             struct ieee80211_local *local = hw_to_local(hw);
631             int result;
632             enum ieee80211_band band;
633             int channels, max_bitrates;
(gdb) b ieee80211_register_hw
Breakpoint 1 at 0xffffffffa01b31a0: file
/data/linux/net/mac80211/main.c, line 646.
(gdb) l ieee80211_register_hw
No line number known for ieee80211_register_hw.

That's the bug.

Hope that's manageable - somehow. Feel free to ask if you run into
problems with the setup.

Jan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://sourceware.org/pipermail/gdb/attachments/20111101/e182430e/attachment.sig>


More information about the Gdb mailing list