嗯,与 gdb 不同,kdb 的手册和参考资料很少。 哪些是
当我尝试在linux6.1的arm64板上使用bph(硬件断点)时,出现错误
kernel NULL pointer dereference at virtual address 0000000000000000root@root:~# echo g > /proc/sysrq-trigger
[ 2189.865491] sysrq: DEBUG
Entering kdb (current=0xffff0003856b5700, pid 314) on processor 4 due to Keyboard Entry
[4]kdb> bph jiffies_read
Instruction(Register) BP #0 at 0xffff800008135ee0 (jiffies_read)
is enabled addr at ffff800008135ee0, hardtype=1 installed=0
[4]kdb> go
[ 2220.051476] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 2220.051719] Mem abort info:
[ 2220.051750] ESR = 0x0000000086000005
[ 2220.051841] EC = 0x21: IABT (current EL), IL = 32 bits
[ 2220.051898] SET = 0, FnV = 0
[ 2220.051934] EA = 0, S1PTW = 0
[ 2220.051977] FSC = 0x05: level 1 translation fault
[ 2220.052195] user pgtable: 64k pages, 48-bit VAs, pgdp=0000000402e23a00
[ 2220.052254] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 2220.052804] Internal error: Oops: 0000000086000005 [#1] PREEMPT_RT SMP
[ 2220.054226] Modules linked in:
[ 2220.054509] CPU: 4 PID: 314 Comm: bash Not tainted 6.1.12-rt7
[ 2220.054566] Hardware name: ARM64 board
[ 2220.054595] pstate: 004003c9 (nzcv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2220.054638] pc : 0x0
[ 2220.054811] lr : kdb_bp_install+0x120/0x200
[ 2220.054865] sp : ffff80000a46f870
[ 2220.054879] x29: ffff80000a46f870 x28: ffff8000090b8000 x27: ffff8000090bb1c0
[ 2220.054939] x26: ffff80000a46fb30 x25: ffff8000088dd610 x24: ffff8000088dd5d8
[ 2220.054988] x23: ffff8000090b8ff4 x22: ffff8000090b8cd8 x21: ffff8000090bb1c0
[ 2220.055037] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000001
[ 2220.055084] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0003856b5bd0
[ 2220.055131] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000090b9000
[ 2220.055178] x11: 0000000000000022 x10: ffffffffff9836a8 x9 : 0000000000000010
[ 2220.055226] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 0000000000220400
[ 2220.055274] x5 : 0000000000000000 x4 : ffff8003f6d10000 x3 : 0000000000000000
[ 2220.055320] x2 : 0000000000000001 x1 : 0000000000000001 x0 : ffff800008135ee0
[ 2220.055371] Call trace:
[ 2220.055392] 0x0
[ 2220.055423] kdb_stub+0x288/0x428
[ 2220.055455] kgdb_cpu_enter+0x168/0x740
[ 2220.055493] kgdb_handle_exception+0xd0/0x128
[ 2220.055531] kgdb_compiled_brk_fn+0x28/0x38
[ 2220.055567] call_break_hook+0x6c/0x80
[ 2220.055597] brk_handler+0x1c/0x60
[ 2220.055623] do_debug_exception+0x8c/0x118
[ 2220.055655] el1_dbg+0x38/0x58
[ 2220.055690] el1h_64_sync_handler+0xc8/0xe8
[ 2220.055718] el1h_64_sync+0x64/0x68
[ 2220.055741] kgdb_breakpoint+0x1c/0x80
[ 2220.055773] __handle_sysrq+0x90/0x1a0
[ 2220.055821] write_sysrq_trigger+0x74/0x98
[ 2220.055855] proc_reg_write+0xa4/0xf8
[ 2220.055894] vfs_write+0xd0/0x388
[ 2220.055934] ksys_write+0x6c/0x100
[ 2220.055968] __arm64_sys_write+0x1c/0x28
[ 2220.056007] invoke_syscall+0x44/0x108
[ 2220.056061] el0_svc_common.constprop.0+0x44/0xf0
[ 2220.056109] do_el0_svc+0x2c/0xc8
[ 2220.056150] el0_svc+0x28/0x98
[ 2220.056174] el0t_64_sync_handler+0xb8/0xc0
[ 2220.056200] el0t_64_sync+0x18c/0x190
[ 2220.056592] Code: bad PC value
[ 2220.083989] ---[ end trace 0000000000000000 ]---
[ 2220.084622] Kernel panic - not syncing: Oops: Fatal exception
嗯,与此同时,我联系了 linux-debugger 邮件列表,非常感谢 Stephen 的回答。 我曾经犹豫是否要提问或联系那些专家。不过最近我发现他们真的很好,很愿意帮助我们这些新手。真的很感激! 邮件列表存档链接:https://lore.kernel.org/linux-debuggers/[email protected]/T/#t
并将回复复制到此处
Hello,
I've only used KDB a handfull of times, so I can't speak from
experience. But from reading the code, I see that there don't seem to be
any arch-specific debugger hooks set for the arm64 architecture:
https://elixir.bootlin.com/linux/v6.1.12/source/arch/arm64/kernel/kgdb.c#L336
Compare this to the x86_64 version of the arch_kgdb_ops, which has
several fields set:
https://elixir.bootlin.com/linux/v6.1.12/source/arch/x86/kernel/kgdb.c#L776
In particular, what you're interested in is "set_hw_breakpoint". Looking
through the code where your crash happened:
https://elixir.bootlin.com/linux/v6.1.12/source/kernel/debug/kdb/kdb_bp.c#L148
It does seem like KDB went right ahead and tried to call the NULL
set_hw_breakpoint function... There's no check to see whether the
pointer is non-NULL, at least not here. This would match your crash,
since lr = kdb_bp_install+something, and pc = 0.
What's strange is that KDB should not even _have_ a "bph" command
available, because it uses (arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT) to
check before initializing the "bph" command:
https://elixir.bootlin.com/linux/v6.1.12/source/kernel/debug/kdb/kdb_bp.c#L590
So it seems that your kernel has "KGDB_HW_BREAKPOINT" bit set, while
there is no actual implementation of the function. Seems like a bug...
the arm64 code doesn't set that bit. I've added the KGDB mailing list
onto this thread, maybe they have more context?
Stephen