在调试内核时,我们有时候需要更详细的内容展示,这时候crash工具就上场了,crash工具在RK平台默认是不可用的,本文主要说明在rk平台上麒麟系统开启crash工具的基本方法
我们直接安装一个依赖空包即可
apt install linux-crashdump crash
这个包会主动安装
apt install kdump-tools kexec-tools makedumpfile crash
此时我们查看如下工具正常运行即可:
# crash --version crash 7.2.8 Copyright (C) 2002-2020 Red Hat, Inc. Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation Copyright (C) 1999-2006 Hewlett-Packard Co Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited Copyright (C) 2006, 2007 VA Linux Systems Japan K.K. Copyright (C) 2005, 2011 NEC Corporation Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc. Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. This program is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Enter "help copying" to see the conditions. This program has absolutely no warranty. Enter "help warranty" for details. GNU gdb (GDB) 7.6 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "aarch64-unknown-linux-gnu".
# kexec --version kexec-tools 2.0.29
# kdump-config --help Usage: kdump-config {help|test|show|status|load|unload|savecore|propagate|symlinks kernel-version}" help - print this page test - Do a dry-run of kdump kernel load command by showing the kernels and parameters that will be used and echo'ing the kexec command. The kexec command will not be executed. If using fadump, check if required sysfs directories exist. show - Show dump mode, status, any current parameters. Show kexec command for kdump. status - evaluate /sys/kernel/{kexec_crash_loaded,fadump_registered} depending on dump mode. Print appropriate message load - Locate the kdump kernel, debug kernel, and establish links for makedumpfile. Then load the kdump kernel using kexec If using fadump, register. unload - unload the kdump kernel using kexec If using fadump, unregister. savecore - use previously made links to save /proc/vmcore propagate - Send public ssh key to remote host for passwordless connection symlinks - Verify and create vmlinuz and initrd.img links in /var/lib/kdump according to the provided kernel version. If the target initrd.img file is absent, it will create it.
接下来我们会用到crash工具
为了使得crash工具正常,我们需要打开内核的配置,如下:
CONFIG_KEXEC=y CONFIG_SYSFS=y CONFIG_DEBUG_INFO=y CONFIG_CRASH_DUMP=y CONFIG_PROC_VMCORE=y
为了vmcore,我们可以在bootargs添加crashkernel=256M,用作core的收集
重新编译内核即可。 我们需要boot.img和vmlinux两个文件
上述准备好了之后,我们还需要vmlinux用来加载crash,如下:
crash ./vmlinux /proc/kcore
稍等一会儿,我们加载好所有符号即可开始crash调试
crash 7.2.8 Copyright (C) 2002-2020 Red Hat, Inc. Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation Copyright (C) 1999-2006 Hewlett-Packard Co Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited Copyright (C) 2006, 2007 VA Linux Systems Japan K.K. Copyright (C) 2005, 2011 NEC Corporation Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc. Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. This program is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Enter "help copying" to see the conditions. This program has absolutely no warranty. Enter "help warranty" for details. GNU gdb (GDB) 7.6 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "aarch64-unknown-linux-gnu"... please wait... (patching 189292 gdb minimal_symbol values) SYSTEM MAP: /boot/System.map DEBUG KERNEL: /root/vmlinux (5.10.198) DUMPFILE: /proc/kcore CPUS: 8 DATE: Mon Nov 25 17:36:10 2024 UPTIME: 00:12:52 LOAD AVERAGE: 0.73, 0.35, 0.21 TASKS: 659 NODENAME: kylin RELEASE: 5.10.198 VERSION: #4 SMP Tue Nov 26 00:17:27 CST 2024 MACHINE: aarch64 (unknown Mhz) MEMORY: 4 GB PID: 15712 COMMAND: "crash" TASK: ffffff8062f84880 [THREAD_INFO: ffffff8062f84880] CPU: 6 STATE: TASK_RUNNING (ACTIVE) crash>
为了简单演示crash,我随便介绍几个示例,有兴趣了解crash的,可以私下咨询,或查看官方文档如下:
https://crash-utility.github.io/crash_whitepaper.html
crash> p saved_command_line saved_command_line = $1 = 0xffffff81feee7dc0 "storagemedia=emmc androidboot.storagemedia=emmc androidboot.mode=normal dsi-0=2 storagenode=/mmc@fe2e0000 androidboot.verifiedbootstate=orange androidboot.serialno=cc45dde649cc1b19 ro rootwait earlycon=uart8250,mmio32,0xfeb50000 console=ttyFIQ0 irqchip.g"...
crash> dis blk_update_request 0xffffffc0087d2fb8 <blk_update_request>: mov x9, x30 0xffffffc0087d2fbc <blk_update_request+4>: nop 0xffffffc0087d2fc0 <blk_update_request+8>: sub sp, sp, #0x60 0xffffffc0087d2fc4 <blk_update_request+12>: stp x29, x30, [sp,#16] 0xffffffc0087d2fc8 <blk_update_request+16>: add x29, sp, #0x10 0xffffffc0087d2fcc <blk_update_request+20>: stp x19, x20, [sp,#32] ....................
crash> struct task_struct ffffff8026600000 struct task_struct { thread_info = { flags = 0, addr_limit = 549755813887, { preempt_count = 4294967296, preempt = { count = 0, need_resched = 1 } } }, state = 264, stack = 0xffffffc00f248000, .......................
假设我们有驱动如下操作:
test = kmalloc(128, GFP_KERNEL);; memcpy(test, "helloworld", 128);
此时我们加载ko,获取test 的虚拟地址0xffffff806f63eb00,crash内直接打印即可
crash> rd -8 0xffffff806f63eb00 10 ffffff806f63eb00: 68 65 6c 6c 6f 77 6f 72 6c 64 helloworld
至此,我们可以发现crash对于调试内核来说还是挺方便的。