3 This kgdb will get called and will trap almost any kernel
4 fault WITHOUT BEING ARMED.
6 It is entered at boot time via "kgdb" in the boot string,
7 not "gdb". This entry occurs when the first setup on the
8 boot string is called, not sometime later. You will not
9 find a "waiting for gdb" on your console, as the console has
10 not yet been enabled at this time. (Note, this early stuff
11 is a bit fragile as the full trap table has yet to be
12 loaded, something I might address, sometime... So don't try
13 to look at memory that can not be reached, for example.
14 Once the full trap table is loaded this restriction goes
17 If you hard code it, you can put a breakpoint() as the FIRST
20 It does NOT use the serial driver, but if the serial driver
21 is loaded, it tells it to release the port to avoid
24 The threads stuff is not configurable, does not require
25 redirection of schedule() calls and does back track to the
26 first non schedule() caller on the info threads command. If
27 you switch to the thread, however, it will show it in the
28 switch code (as it should).
30 It is MUCH more aggressive and paranoid about grabbing the
31 other cpus on entry. It issues a "send_nmi_all_but_self()"
32 rather than depending on them to interrupt or hit an NMI
33 sometime in the distant future. If a cpu does not come to
34 the party, it will continue without it so all is not lost.
36 It does not have anything to do with IOCTL calls, but does
37 do the control-C thing.
39 There is a LOT of info in the patch which ends up in
40 .../Documentation/i386/kgdb/*
42 There is a nifty little thing call kgdb_ts() (kgdb time
43 stamp) which is a function you can code calls to which puts
44 some useful stuff in a circular buffer which can be examined
45 with the supplied gdb macros.
47 It also allows you do to do "p foobar(...)" i.e. to call a
48 function from gdb, just like gdb allows in program
51 In an SMP system, you can choose to "hold" any given set of
52 cpus. It also defaults to holding other cpus on single step
53 (this can be overridden).
55 This said, you can imagine my consternation when I found it
56 "lost it" on continues on 2.5. I found and fixed this this
57 early pm, a hold cpu on exit goof on my part.
59 Oh, and a final point, the configure options are more
60 extensive (the serial port is set up here, for example, (can
61 not wait for a command line to do this)). There is one to
62 do system call exit tests. This is VERY new and causes the
63 kernel to hit a hard "int 3" if a system call attempts to
64 exit with preempt count other than zero. This is a fault,
65 of course, but the current 2.5 is full of them so I don't
66 recommend turning this on.
71 Documentation/i386/kgdb/andthen | 100 +
72 Documentation/i386/kgdb/debug-nmi.txt | 37
73 Documentation/i386/kgdb/gdb-globals.txt | 71 +
74 Documentation/i386/kgdb/gdbinit | 14
75 Documentation/i386/kgdb/gdbinit-modules | 146 ++
76 Documentation/i386/kgdb/gdbinit.hw | 117 +
77 Documentation/i386/kgdb/kgdb.txt | 715 ++++++++++
78 Documentation/i386/kgdb/loadmodule.sh | 78 +
80 arch/i386/Kconfig | 180 ++
81 arch/i386/Makefile | 3
82 arch/i386/kernel/Makefile | 1
83 arch/i386/kernel/entry.S | 28
84 arch/i386/kernel/kgdb_stub.c | 2214 ++++++++++++++++++++++++++++++++
85 arch/i386/kernel/nmi.c | 25
86 arch/i386/kernel/smp.c | 12
87 arch/i386/kernel/traps.c | 86 +
88 arch/i386/lib/Makefile | 1
89 arch/i386/lib/kgdb_serial.c | 485 +++++++
90 arch/i386/mm/fault.c | 6
91 drivers/char/keyboard.c | 3
92 drivers/char/sysrq.c | 15
93 drivers/serial/8250.c | 42
94 include/asm-i386/bugs.h | 21
95 include/asm-i386/kgdb.h | 59
96 include/asm-i386/kgdb_local.h | 102 +
97 include/linux/config.h | 3
99 28 files changed, 4565 insertions(+), 12 deletions(-)
101 diff -puN arch/i386/Kconfig~kgdb-ga arch/i386/Kconfig
102 --- 25/arch/i386/Kconfig~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
103 +++ 25-akpm/arch/i386/Kconfig 2003-06-25 23:14:17.000000000 -0700
104 @@ -1419,14 +1419,194 @@ config DEBUG_SPINLOCK_SLEEP
105 If you say Y here, various routines which may sleep will become very
106 noisy if they are called with a spinlock held.
109 + bool "Include kgdb kernel debugger"
110 + depends on DEBUG_KERNEL
112 + If you say Y here, the system will be compiled with the debug
113 + option (-g) and a debugging stub will be included in the
114 + kernel. This stub communicates with gdb on another (host)
115 + computer via a serial port. The host computer should have
116 + access to the kernel binary file (vmlinux) and a serial port
117 + that is connected to the target machine. Gdb can be made to
118 + configure the serial port or you can use stty and setserial to
119 + do this. See the 'target' command in gdb. This option also
120 + configures in the ability to request a breakpoint early in the
121 + boot process. To request the breakpoint just include 'kgdb'
122 + as a boot option when booting the target machine. The system
123 + will then break as soon as it looks at the boot options. This
124 + option also installs a breakpoint in panic and sends any
125 + kernel faults to the debugger. For more information see the
126 + Documentation/i386/kgdb.txt file.
130 + prompt "Debug serial port BAUD"
131 + default KGDB_115200BAUD
133 + Gdb and the kernel stub need to agree on the baud rate to be
134 + used. Some systems (x86 family at this writing) allow this to
137 +config KGDB_9600BAUD
140 +config KGDB_19200BAUD
143 +config KGDB_38400BAUD
146 +config KGDB_57600BAUD
149 +config KGDB_115200BAUD
154 + hex "hex I/O port address of the debug serial port"
158 + Some systems (x86 family at this writing) allow the port
159 + address to be configured. The number entered is assumed to be
160 + hex, don't put 0x in front of it. The standard address are:
161 + COM1 3f8 , irq 4 and COM2 2f8 irq 3. Setserial /dev/ttySx
162 + will tell you what you have. It is good to test the serial
163 + connection with a live system before trying to debug.
166 + int "IRQ of the debug serial port"
170 + This is the irq for the debug port. If everything is working
171 + correctly and the kernel has interrupts on a control C to the
172 + port should cause a break into the kernel debug stub.
179 + bool "Add any additional compile options"
183 + Saying yes here turns on the ability to enter additional
188 + depends on KGDB_MORE
189 + string "Additional compile arguments"
192 + This option allows you enter additional compile options for
193 + the whole kernel compile. Each platform will have a default
194 + that seems right for it. For example on PPC "-ggdb -O1", and
195 + for i386 "-O1". Note that by configuring KGDB "-g" is already
196 + turned on. In addition, on i386 platforms
197 + "-fomit-frame-pointer" is deleted from the standard compile
201 + int "Number of CPUs"
202 + depends on KGDB && SMP
206 + This option sets the number of cpus for kgdb ONLY. It is used
207 + to prune some internal structures so they look "nice" when
208 + displayed with gdb. This is to overcome possibly larger
209 + numbers that may have been entered above. Enter the real
210 + number to get nice clean kgdb_info displays.
213 + bool "Enable kgdb time stamp macros?"
217 + Kgdb event macros allow you to instrument your code with calls
218 + to the kgdb event recording function. The event log may be
219 + examined with gdb at a break point. Turning on this
220 + capability also allows you to choose how many events to
221 + keep. Kgdb always keeps the lastest events.
225 + prompt "Max number of time stamps to save?"
226 + default KGDB_TS_128
245 +config STACK_OVERFLOW_TEST
246 + bool "Turn on kernel stack overflow testing?"
250 + This option enables code in the front line interrupt handlers
251 + to check for kernel stack overflow on interrupts and system
252 + calls. This is part of the kgdb code on x86 systems.
255 + bool "Enable serial console thru kgdb port"
259 + This option enables the command line "console=kgdb" option.
260 + When the system is booted with this option in the command line
261 + all kernel printk output is sent to gdb (as well as to other
262 + consoles). For this to work gdb must be connected. For this
263 + reason, this command line option will generate a breakpoint if
264 + gdb has not yet connected. After the gdb continue command is
265 + given all pent up console output will be printed by gdb on the
266 + host machine. Neither this option, nor KGDB require the
267 + serial driver to be configured.
270 + bool "Turn on SysRq 'G' command to do a break?"
274 + This option includes an option in the SysRq code that allows
275 + you to enter SysRq G which generates a breakpoint to the KGDB
276 + stub. This will work if the keyboard is alive and can
277 + interrupt the system. Because of constraints on when the
278 + serial port interrupt can be enabled, this code may allow you
279 + to interrupt the system before the serial port control C is
280 + available. Just say yes here.
283 bool "Compile the kernel with frame pointers"
286 If you say Y here the resulting kernel image will be slightly larger
287 and slower, but it will give very useful debugging information.
288 If you don't debug the kernel, you can say N, but we may not be able
289 to solve problems without frame pointers.
293 + depends on KGDB_SYSRQ
296 config X86_EXTRA_IRQS
298 depends on X86_LOCAL_APIC || X86_VOYAGER
299 diff -puN arch/i386/kernel/entry.S~kgdb-ga arch/i386/kernel/entry.S
300 --- 25/arch/i386/kernel/entry.S~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
301 +++ 25-akpm/arch/i386/kernel/entry.S 2003-06-25 23:14:17.000000000 -0700
304 #include <asm/page.h>
305 #include "irq_vectors.h"
306 + /* We do not recover from a stack overflow, but at least
307 + * we know it happened and should be able to track it down.
309 +#ifdef CONFIG_STACK_OVERFLOW_TEST
310 +#define STACK_OVERFLOW_TEST \
311 + testl $7680,%esp; \
313 + call stack_overflow; \
316 +#define STACK_OVERFLOW_TEST
321 @@ -98,7 +110,8 @@ TSS_ESP0_OFFSET = (4 - 0x200)
323 movl $(__USER_DS), %edx; \
327 + STACK_OVERFLOW_TEST
329 #define RESTORE_INT_REGS \
331 @@ -298,6 +311,19 @@ syscall_exit:
332 testw $_TIF_ALLWORK_MASK, %cx # current->work
333 jne syscall_exit_work
335 +#ifdef CONFIG_TRAP_BAD_SYSCALL_EXITS
336 + movl EFLAGS(%esp), %eax # mix EFLAGS and CS
338 + testl $(VM_MASK | 3), %eax
339 + jz resume_kernelX # returning to kernel or vm86-space
341 + cmpl $0,TI_PRE_COUNT(%ebx) # non-zero preempt_count ?
350 # perform work that needs to be done immediately before resumption
351 diff -puN /dev/null arch/i386/kernel/kgdb_stub.c
352 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
353 +++ 25-akpm/arch/i386/kernel/kgdb_stub.c 2003-06-25 23:14:17.000000000 -0700
357 + * This program is free software; you can redistribute it and/or modify it
358 + * under the terms of the GNU General Public License as published by the
359 + * Free Software Foundation; either version 2, or (at your option) any
362 + * This program is distributed in the hope that it will be useful, but
363 + * WITHOUT ANY WARRANTY; without even the implied warranty of
364 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
365 + * General Public License for more details.
370 + * Copyright (c) 2000 VERITAS Software Corporation.
373 +/****************************************************************************
374 + * Header: remcom.c,v 1.34 91/03/09 12:29:49 glenne Exp $
376 + * Module name: remcom.c $
378 + * Date: 91/03/09 12:29:49 $
379 + * Contributor: Lake Stevens Instrument Division$
381 + * Description: low level support for gdb debugger. $
383 + * Considerations: only works on target hardware $
385 + * Written by: Glenn Engel $
386 + * Updated by: David Grothe <dave@gcom.com>
387 + * ModuleState: Experimental $
389 + * NOTES: See Below $
391 + * Modified for 386 by Jim Kingdon, Cygnus Support.
392 + * Compatibility with 2.1.xx kernel by David Grothe <dave@gcom.com>
394 + * Changes to allow auto initilization. All that is needed is that it
395 + * be linked with the kernel and a break point (int 3) be executed.
396 + * The header file <asm/kgdb.h> defines BREAKPOINT to allow one to do
397 + * this. It should also be possible, once the interrupt system is up, to
398 + * call putDebugChar("+"). Once this is done, the remote debugger should
399 + * get our attention by sending a ^C in a packet. George Anzinger
400 + * <george@mvista.com>
401 + * Integrated into 2.2.5 kernel by Tigran Aivazian <tigran@sco.com>
402 + * Added thread support, support for multiple processors,
403 + * support for ia-32(x86) hardware debugging.
404 + * Amit S. Kale ( akale@veritas.com )
407 + * To enable debugger support, two things need to happen. One, a
408 + * call to set_debug_traps() is necessary in order to allow any breakpoints
409 + * or error conditions to be properly intercepted and reported to gdb.
410 + * Two, a breakpoint needs to be generated to begin communication. This
411 + * is most easily accomplished by a call to breakpoint(). Breakpoint()
412 + * simulates a breakpoint by executing an int 3.
416 + * The following gdb commands are supported:
418 + * command function Return value
420 + * g return the value of the CPU registers hex data or ENN
421 + * G set the value of the CPU registers OK or ENN
423 + * mAA..AA,LLLL Read LLLL bytes at address AA..AA hex data or ENN
424 + * MAA..AA,LLLL: Write LLLL bytes at address AA.AA OK or ENN
426 + * c Resume at current address SNN ( signal NN)
427 + * cAA..AA Continue at address AA..AA SNN
429 + * s Step one instruction SNN
430 + * sAA..AA Step one instruction from AA..AA SNN
434 + * ? What was the last sigval ? SNN (signal NN)
436 + * All commands and responses are sent with a packet which includes a
437 + * checksum. A packet consists of
439 + * $<packet info>#<checksum>.
442 + * <packet info> :: <characters representing the command or response>
443 + * <checksum> :: < two hex digits computed as modulo 256 sum of <packetinfo>>
445 + * When a packet is received, it is first acknowledged with either '+' or '-'.
446 + * '+' indicates a successful transfer. '-' indicates a failed transfer.
451 + * $m0,10#2a +$00010203040506070809101112131415#42
453 + ****************************************************************************/
454 +#define KGDB_VERSION "<20030530.0126.22>"
455 +#include <linux/config.h>
456 +#include <linux/types.h>
457 +#include <asm/string.h> /* for strcpy */
458 +#include <linux/kernel.h>
459 +#include <linux/sched.h>
460 +#include <asm/vm86.h>
461 +#include <asm/system.h>
462 +#include <asm/ptrace.h> /* for linux pt_regs struct */
463 +#include <asm/kgdb_local.h>
464 +#include <linux/list.h>
465 +#include <asm/atomic.h>
466 +#include <asm/processor.h>
467 +#include <linux/irq.h>
468 +#include <asm/desc.h>
470 +/************************************************************************
472 + * external low-level support routines
474 +typedef void (*Function) (void); /* pointer to a function */
476 +/* Thread reference */
477 +typedef unsigned char threadref[8];
479 +extern void putDebugChar(int); /* write a single character */
480 +extern int getDebugChar(void); /* read and return a single char */
482 +/************************************************************************/
483 +/* BUFMAX defines the maximum number of characters in inbound/outbound buffers*/
484 +/* at least NUMREGBYTES*2 are needed for register packets */
485 +/* Longer buffer is needed to list all threads */
488 +char *kgdb_version = KGDB_VERSION;
490 +/* debug > 0 prints ill-formed commands in valid packets & checksum errors */
491 +int debug_regs = 0; /* set to non-zero to print registers */
493 +/* filled in by an external module */
494 +char *gdb_module_offsets;
496 +static const char hexchars[] = "0123456789abcdef";
498 +/* Number of bytes of registers. */
499 +#define NUMREGBYTES 64
501 + * Note that this register image is in a different order than
502 + * the register image that Linux produces at interrupt time.
504 + * Linux's register image is defined by struct pt_regs in ptrace.h.
505 + * Just why GDB uses a different order is a historical mystery.
507 +enum regnames { _EAX, /* 0 */
515 + _PC /* 8 also known as eip */ ,
516 + _PS /* 9 also known as eflags */ ,
525 +/*************************** ASSEMBLY CODE MACROS *************************/
527 + * Put the error code here just in case the user cares.
528 + * Likewise, the vector number here (since GDB only gets the signal
529 + * number through the usual means, and that's not very specific).
530 + * The called_from is the return address so he can tell how we entered kgdb.
531 + * This will allow him to seperate out the various possible entries.
533 +#define REMOTE_DEBUG 0 /* set != to turn on printing (also available in info) */
535 +#define PID_MAX PID_MAX_DEFAULT
538 +void smp_send_nmi_allbutself(void);
541 +#ifndef CONFIG_NO_KGDB_CPUS
542 +#define CONFIG_NO_KGDB_CPUS 2
544 +#if CONFIG_NO_KGDB_CPUS > NR_CPUS
545 +#define MAX_NO_CPUS NR_CPUS
547 +#define MAX_NO_CPUS CONFIG_NO_KGDB_CPUS
549 +#define hold_init hold_on_sstep: 1,
550 +#define MAX_CPU_MASK (unsigned long)((1LL << MAX_NO_CPUS) - 1LL)
551 +#define NUM_CPUS num_online_cpus()
552 +extern volatile unsigned long cpu_callout_map;
557 +#define MAX_NO_CPUS 1
560 +#define NOCPU (struct task_struct *)0xbad1fbad
565 + long long entry_tsc;
568 + int print_debug_info;
572 + volatile struct task_struct *task;
575 + struct pt_regs *regs;
576 + } cpus_waiting[MAX_NO_CPUS];
578 +} kgdb_info = {hold_init print_debug_info:REMOTE_DEBUG, vector:-1};
582 +#define used_m kgdb_info.used_malloc
584 + * This is little area we set aside to contain the stack we
585 + * need to build to allow gdb to call functions. We use one
586 + * per cpu to avoid locking issues. We will do all this work
587 + * with interrupts off so that should take care of the protection
590 +#define LOOKASIDE_SIZE 200 /* should be more than enough */
591 +#define MALLOC_MAX 200 /* Max malloc size */
594 + int array[LOOKASIDE_SIZE];
595 +} fn_call_lookaside[MAX_NO_CPUS];
597 +static int trap_cpu;
598 +static unsigned int OLD_esp;
600 +#define END_OF_LOOKASIDE &fn_call_lookaside[trap_cpu].array[LOOKASIDE_SIZE]
601 +#define IF_BIT 0x200
602 +#define TF_BIT 0x100
604 +#define MALLOC_ROUND 8-1
606 +static char malloc_array[MALLOC_MAX];
607 +IF_SMP(static void to_gdb(const char *mess));
612 + if (size <= (MALLOC_MAX - used_m)) {
613 + int old_used = used_m;
614 + used_m += ((size + MALLOC_ROUND) & (~MALLOC_ROUND));
615 + return &malloc_array[old_used];
622 + * Gdb calls functions by pushing agruments, including a return address
623 + * on the stack and the adjusting EIP to point to the function. The
624 + * whole assumption in GDB is that we are on a different stack than the
625 + * one the "user" i.e. code that hit the break point, is on. This, of
626 + * course is not true in the kernel. Thus various dodges are needed to
627 + * do the call without directly messing with EIP (which we can not change
628 + * as it is just a location and not a register. To adjust it would then
629 + * require that we move every thing below EIP up or down as needed. This
630 + * will not work as we may well have stack relative pointer on the stack
631 + * (such as the pointer to regs, for example).
633 + * So here is what we do:
634 + * We detect gdb attempting to store into the stack area and instead, store
635 + * into the fn_call_lookaside.array at the same relative location as if it
636 + * were the area ESP pointed at. We also trap ESP modifications
637 + * and uses these to adjust fn_call_lookaside.esp. On entry
638 + * fn_call_lookaside.esp will be set to point at the last entry in
639 + * fn_call_lookaside.array. This allows us to check if it has changed, and
640 + * if so, on exit, we add the registers we will use to do the move and a
641 + * trap/ interrupt return exit sequence. We then adjust the eflags in the
642 + * regs array (remember we now have a copy in the fn_call_lookaside.array) to
643 + * kill the interrupt bit, AND we change EIP to point at our set up stub.
644 + * As part of the register set up we preset the registers to point at the
645 + * begining and end of the fn_call_lookaside.array, so all the stub needs to
646 + * do is move words from the array to the stack until ESP= the desired value
647 + * then do the rti. This will then transfer to the desired function with
648 + * all the correct registers. Nifty huh?
650 +extern asmlinkage void fn_call_stub(void);
651 +extern asmlinkage void fn_rtn_stub(void);
653 +__asm__("fn_rtn_stub:\n\t"
654 + "movl %eax,%esp\n\t"
655 + "fn_call_stub:\n\t"
657 + "addl $-4,%ebx\n\t"
658 + "movl (%ebx), %eax\n\t"
660 + "cmpl %esp,%ecx\n\t"
667 +#define gdb_i386vector kgdb_info.vector
668 +#define gdb_i386errcode kgdb_info.errcode
669 +#define waiting_cpus kgdb_info.cpus_waiting
670 +#define remote_debug kgdb_info.print_debug_info
671 +#define hold_cpu(cpu) kgdb_info.cpus_waiting[cpu].hold
675 +static int in_kgdb_called;
676 +static spinlock_t waitlocks[MAX_NO_CPUS] =
677 + {[0 ... MAX_NO_CPUS - 1] = SPIN_LOCK_UNLOCKED };
679 + * The following array has the thread pointer of each of the "other"
680 + * cpus. We make it global so it can be seen by gdb.
682 +volatile int in_kgdb_entry_log[MAX_NO_CPUS];
683 +volatile struct pt_regs *in_kgdb_here_log[MAX_NO_CPUS];
685 +static spinlock_t continuelocks[MAX_NO_CPUS];
687 +spinlock_t kgdb_spinlock = SPIN_LOCK_UNLOCKED;
688 +/* waiters on our spinlock plus us */
689 +static atomic_t spinlock_waiters = ATOMIC_INIT(1);
690 +static int spinlock_count = 0;
691 +static int spinlock_cpu = 0;
693 + * Note we use nested spin locks to account for the case where a break
694 + * point is encountered when calling a function by user direction from
695 + * kgdb. Also there is the memory exception recursion to account for.
696 + * Well, yes, but this lets other cpus thru too. Lets add a
697 + * cpu id to the lock.
699 +#define KGDB_SPIN_LOCK(x) if( spinlock_count == 0 || \
700 + spinlock_cpu != smp_processor_id()){\
701 + atomic_inc(&spinlock_waiters); \
702 + while (! spin_trylock(x)) {\
705 + atomic_dec(&spinlock_waiters); \
706 + spinlock_count = 1; \
707 + spinlock_cpu = smp_processor_id(); \
709 + spinlock_count++; \
711 +#define KGDB_SPIN_UNLOCK(x) if( --spinlock_count == 0) spin_unlock(x)
712 +extern volatile unsigned long cpu_callout_map;
714 +unsigned kgdb_spinlock = 0;
715 +#define KGDB_SPIN_LOCK(x) --*x
716 +#define KGDB_SPIN_UNLOCK(x) ++*x
722 + if ((ch >= 'a') && (ch <= 'f'))
723 + return (ch - 'a' + 10);
724 + if ((ch >= '0') && (ch <= '9'))
726 + if ((ch >= 'A') && (ch <= 'F'))
727 + return (ch - 'A' + 10);
731 +/* scan for the sequence $<data>#<checksum> */
733 +getpacket(char *buffer)
735 + unsigned char checksum;
736 + unsigned char xmitcsum;
742 + /* wait around for the start character, ignore all other characters */
743 + while ((ch = (getDebugChar() & 0x7f)) != '$') ;
749 + /* now, read until a # or end of buffer is found */
750 + while (count < BUFMAX) {
751 + ch = getDebugChar() & 0x7f;
754 + checksum = checksum + ch;
755 + buffer[count] = ch;
761 + xmitcsum = hex(getDebugChar() & 0x7f) << 4;
762 + xmitcsum += hex(getDebugChar() & 0x7f);
763 + if ((remote_debug) && (checksum != xmitcsum)) {
765 + ("bad checksum. My count = 0x%x, sent=0x%x. buf=%s\n",
766 + checksum, xmitcsum, buffer);
769 + if (checksum != xmitcsum)
770 + putDebugChar('-'); /* failed checksum */
772 + putDebugChar('+'); /* successful transfer */
773 + /* if a sequence char is present, reply the sequence ID */
774 + if (buffer[2] == ':') {
775 + putDebugChar(buffer[0]);
776 + putDebugChar(buffer[1]);
777 + /* remove sequence chars from buffer */
778 + count = strlen(buffer);
779 + for (i = 3; i <= count; i++)
780 + buffer[i - 3] = buffer[i];
784 + } while (checksum != xmitcsum);
787 + printk("R:%s\n", buffer);
790 +/* send the packet in buffer. */
793 +putpacket(char *buffer)
795 + unsigned char checksum;
799 + /* $<packet info>#<checksum>. */
802 + printk("T:%s\n", buffer);
807 + while ((ch = buffer[count])) {
814 + putDebugChar(hexchars[checksum >> 4]);
815 + putDebugChar(hexchars[checksum % 16]);
817 + } while ((getDebugChar() & 0x7f) != '+');
821 +static char remcomInBuffer[BUFMAX];
822 +static char remcomOutBuffer[BUFMAX];
826 +debug_error(char *format, char *parm)
829 + printk(format, parm);
833 +print_regs(struct pt_regs *regs)
835 + printk("EAX=%08lx ", regs->eax);
836 + printk("EBX=%08lx ", regs->ebx);
837 + printk("ECX=%08lx ", regs->ecx);
838 + printk("EDX=%08lx ", regs->edx);
840 + printk("ESI=%08lx ", regs->esi);
841 + printk("EDI=%08lx ", regs->edi);
842 + printk("EBP=%08lx ", regs->ebp);
843 + printk("ESP=%08lx ", (long) ®s->esp);
845 + printk(" DS=%08x ", regs->xds);
846 + printk(" ES=%08x ", regs->xes);
847 + printk(" SS=%08x ", __KERNEL_DS);
848 + printk(" FL=%08lx ", regs->eflags);
850 + printk(" CS=%08x ", regs->xcs);
851 + printk(" IP=%08lx ", regs->eip);
853 + printk(" FS=%08x ", regs->fs);
854 + printk(" GS=%08x ", regs->gs);
860 +#define NEW_esp fn_call_lookaside[trap_cpu].esp
863 +regs_to_gdb_regs(int *gdb_regs, struct pt_regs *regs)
865 + gdb_regs[_EAX] = regs->eax;
866 + gdb_regs[_EBX] = regs->ebx;
867 + gdb_regs[_ECX] = regs->ecx;
868 + gdb_regs[_EDX] = regs->edx;
869 + gdb_regs[_ESI] = regs->esi;
870 + gdb_regs[_EDI] = regs->edi;
871 + gdb_regs[_EBP] = regs->ebp;
872 + gdb_regs[_DS] = regs->xds;
873 + gdb_regs[_ES] = regs->xes;
874 + gdb_regs[_PS] = regs->eflags;
875 + gdb_regs[_CS] = regs->xcs;
876 + gdb_regs[_PC] = regs->eip;
877 + /* Note, as we are a debugging the kernel, we will always
878 + * trap in kernel code, this means no priviledge change,
879 + * and so the pt_regs structure is not completely valid. In a non
880 + * privilege change trap, only EFLAGS, CS and EIP are put on the stack,
881 + * SS and ESP are not stacked, this means that the last 2 elements of
882 + * pt_regs is not valid (they would normally refer to the user stack)
883 + * also, using regs+1 is no good because you end up will a value that is
884 + * 2 longs (8) too high. This used to cause stepping over functions
885 + * to fail, so my fix is to use the address of regs->esp, which
886 + * should point at the end of the stack frame. Note I have ignored
887 + * completely exceptions that cause an error code to be stacked, such
888 + * as double fault. Stuart Hughes, Zentropix.
889 + * original code: gdb_regs[_ESP] = (int) (regs + 1) ;
891 + * this is now done on entry and moved to OLD_esp (as well as NEW_esp).
893 + gdb_regs[_ESP] = NEW_esp;
894 + gdb_regs[_SS] = __KERNEL_DS;
895 + gdb_regs[_FS] = 0xFFFF;
896 + gdb_regs[_GS] = 0xFFFF;
897 +} /* regs_to_gdb_regs */
900 +gdb_regs_to_regs(int *gdb_regs, struct pt_regs *regs)
902 + regs->eax = gdb_regs[_EAX];
903 + regs->ebx = gdb_regs[_EBX];
904 + regs->ecx = gdb_regs[_ECX];
905 + regs->edx = gdb_regs[_EDX];
906 + regs->esi = gdb_regs[_ESI];
907 + regs->edi = gdb_regs[_EDI];
908 + regs->ebp = gdb_regs[_EBP];
909 + regs->xds = gdb_regs[_DS];
910 + regs->xes = gdb_regs[_ES];
911 + regs->eflags = gdb_regs[_PS];
912 + regs->xcs = gdb_regs[_CS];
913 + regs->eip = gdb_regs[_PC];
914 + NEW_esp = gdb_regs[_ESP]; /* keep the value */
915 +#if 0 /* can't change these */
916 + regs->esp = gdb_regs[_ESP];
917 + regs->xss = gdb_regs[_SS];
918 + regs->fs = gdb_regs[_FS];
919 + regs->gs = gdb_regs[_GS];
922 +} /* gdb_regs_to_regs */
923 +extern void scheduling_functions_start_here(void);
924 +extern void scheduling_functions_end_here(void);
925 +#define first_sched ((unsigned long) scheduling_functions_start_here)
926 +#define last_sched ((unsigned long) scheduling_functions_end_here)
928 +int thread_list = 0;
931 +get_gdb_regs(struct task_struct *p, struct pt_regs *regs, int *gdb_regs)
933 + unsigned long stack_page;
936 + if (!p || p == current) {
937 + regs_to_gdb_regs(gdb_regs, regs);
941 + for (i = 0; i < MAX_NO_CPUS; i++) {
942 + if (p == kgdb_info.cpus_waiting[i].task) {
943 + regs_to_gdb_regs(gdb_regs,
944 + kgdb_info.cpus_waiting[i].regs);
946 + (int) &kgdb_info.cpus_waiting[i].regs->esp;
952 + memset(gdb_regs, 0, NUMREGBYTES);
953 + gdb_regs[_ESP] = p->thread.esp;
954 + gdb_regs[_PC] = p->thread.eip;
955 + gdb_regs[_EBP] = *(int *) gdb_regs[_ESP];
956 + gdb_regs[_EDI] = *(int *) (gdb_regs[_ESP] + 4);
957 + gdb_regs[_ESI] = *(int *) (gdb_regs[_ESP] + 8);
960 + * This code is to give a more informative notion of where a process
961 + * is waiting. It is used only when the user asks for a thread info
962 + * list. If he then switches to the thread, s/he will find the task
963 + * is in schedule, but a back trace should show the same info we come
964 + * up with. This code was shamelessly purloined from process.c. It was
965 + * then enhanced to provide more registers than simply the program
969 + if (!thread_list) {
973 + if (p->state == TASK_RUNNING)
975 + stack_page = (unsigned long) p->thread_info;
976 + if (gdb_regs[_ESP] < stack_page || gdb_regs[_ESP] > 8188 + stack_page)
978 + /* include/asm-i386/system.h:switch_to() pushes ebp last. */
980 + if (gdb_regs[_EBP] < stack_page ||
981 + gdb_regs[_EBP] > 8184 + stack_page)
983 + gdb_regs[_PC] = *(unsigned long *) (gdb_regs[_EBP] + 4);
984 + gdb_regs[_ESP] = gdb_regs[_EBP] + 8;
985 + gdb_regs[_EBP] = *(unsigned long *) gdb_regs[_EBP];
986 + if (gdb_regs[_PC] < first_sched || gdb_regs[_PC] >= last_sched)
988 + } while (count++ < 16);
992 +/* Indicate to caller of mem2hex or hex2mem that there has been an
994 +static volatile int mem_err = 0;
995 +static volatile int mem_err_expected = 0;
996 +static volatile int mem_err_cnt = 0;
997 +static int garbage_loc = -1;
1000 +get_char(char *addr)
1006 +set_char(char *addr, int val, int may_fault)
1009 + * This code traps references to the area mapped to the kernel
1010 + * stack as given by the regs and, instead, stores to the
1011 + * fn_call_lookaside[cpu].array
1014 + (unsigned int) addr < OLD_esp &&
1015 + ((unsigned int) addr > (OLD_esp - (unsigned int) LOOKASIDE_SIZE))) {
1016 + addr = (char *) END_OF_LOOKASIDE - ((char *) OLD_esp - addr);
1021 +/* convert the memory pointed to by mem into hex, placing result in buf */
1022 +/* return a pointer to the last char put in buf (null) */
1023 +/* If MAY_FAULT is non-zero, then we should set mem_err in response to
1024 + a fault; if zero treat a fault like any other fault in the stub. */
1026 +mem2hex(char *mem, char *buf, int count, int may_fault)
1032 + mem_err_expected = 1;
1035 + for (i = 0; i < count; i++) {
1036 + /* printk("%lx = ", mem) ; */
1038 + ch = get_char(mem++);
1040 + /* printk("%02x\n", ch & 0xFF) ; */
1041 + if (may_fault && mem_err) {
1043 + printk("Mem fault fetching from addr %lx\n",
1044 + (long) (mem - 1));
1045 + *buf = 0; /* truncate buffer */
1048 + *buf++ = hexchars[ch >> 4];
1049 + *buf++ = hexchars[ch % 16];
1053 + mem_err_expected = 0;
1057 +/* convert the hex array pointed to by buf into binary to be placed in mem */
1058 +/* return a pointer to the character AFTER the last byte written */
1059 +/* NOTE: We use the may fault flag to also indicate if the write is to
1060 + * the registers (0) or "other" memory (!=0)
1063 +hex2mem(char *buf, char *mem, int count, int may_fault)
1069 + mem_err_expected = 1;
1072 + for (i = 0; i < count; i++) {
1073 + ch = hex(*buf++) << 4;
1074 + ch = ch + hex(*buf++);
1075 + set_char(mem++, ch, may_fault);
1077 + if (may_fault && mem_err) {
1079 + printk("Mem fault storing to addr %lx\n",
1080 + (long) (mem - 1));
1085 + mem_err_expected = 0;
1089 +/**********************************************/
1090 +/* WHILE WE FIND NICE HEX CHARS, BUILD AN INT */
1091 +/* RETURN NUMBER OF CHARS PROCESSED */
1092 +/**********************************************/
1094 +hexToInt(char **ptr, int *intValue)
1102 + hexValue = hex(**ptr);
1103 + if (hexValue >= 0) {
1104 + *intValue = (*intValue << 4) | hexValue;
1112 + return (numChars);
1115 +#define stubhex(h) hex(h)
1118 +stub_unpack_int(char *buff, int fieldlength)
1123 + while (fieldlength) {
1124 + nibble = stubhex(*buff++);
1128 + retval = retval << 4;
1134 +pack_hex_byte(char *pkt, int byte)
1136 + *pkt++ = hexchars[(byte >> 4) & 0xf];
1137 + *pkt++ = hexchars[(byte & 0xf)];
1141 +#define BUF_THREAD_ID_SIZE 16
1144 +pack_threadid(char *pkt, threadref * id)
1147 + unsigned char *altid;
1149 + altid = (unsigned char *) id;
1150 + limit = pkt + BUF_THREAD_ID_SIZE;
1151 + while (pkt < limit)
1152 + pkt = pack_hex_byte(pkt, *altid++);
1157 +unpack_byte(char *buf, int *value)
1159 + *value = stub_unpack_int(buf, 2);
1164 +unpack_threadid(char *inbuf, threadref * id)
1167 + char *limit = inbuf + BUF_THREAD_ID_SIZE;
1170 + altref = (char *) id;
1172 + while (inbuf < limit) {
1173 + x = stubhex(*inbuf++);
1174 + y = stubhex(*inbuf++);
1175 + *altref++ = (x << 4) | y;
1181 +int_to_threadref(threadref * id, int value)
1183 + unsigned char *scan;
1185 + scan = (unsigned char *) id;
1191 + *scan++ = (value >> 24) & 0xff;
1192 + *scan++ = (value >> 16) & 0xff;
1193 + *scan++ = (value >> 8) & 0xff;
1194 + *scan++ = (value & 0xff);
1198 +threadref_to_int(threadref * ref)
1201 + unsigned char *scan;
1203 + scan = (char *) ref;
1207 + value = (value << 8) | ((*scan++) & 0xff);
1211 +#if 1 /* this is a hold over from 2.4 where O(1) was "sometimes" */
1212 +extern struct task_struct *kgdb_get_idle(int cpu);
1213 +#define idle_task(cpu) kgdb_get_idle(cpu)
1215 +#define idle_task(cpu) init_tasks[cpu]
1218 +struct task_struct *
1221 + struct task_struct *thread;
1222 + if (pid >= PID_MAX && pid <= (PID_MAX + MAX_NO_CPUS)) {
1224 + return idle_task(pid - PID_MAX);
1227 + * find_task_by_pid is relatively safe all the time
1228 + * Other pid functions require lock downs which imply
1229 + * that we may be interrupting them (as we get here
1230 + * in the middle of most any lock down)
1232 + thread = find_task_by_pid(pid);
1240 +struct hw_breakpoint {
1245 +} breakinfo[4] = { {enabled:0},
1250 +unsigned hw_breakpoint_status;
1252 +correct_hw_break(void)
1259 + asm volatile ("movl %%db7, %0\n":"=r" (dr7)
1261 + /* *INDENT-OFF* */
1263 + unsigned addr0, addr1, addr2, addr3;
1264 + asm volatile ("movl %%db0, %0\n"
1265 + "movl %%db1, %1\n"
1266 + "movl %%db2, %2\n"
1267 + "movl %%db3, %3\n"
1268 + :"=r" (addr0), "=r"(addr1),
1269 + "=r"(addr2), "=r"(addr3)
1274 + for (breakno = 0; breakno < 3; breakno++) {
1275 + breakbit = 2 << (breakno << 1);
1276 + if (!(dr7 & breakbit) && breakinfo[breakno].enabled) {
1279 + dr7 &= ~(0xf0000 << (breakno << 2));
1280 + dr7 |= (((breakinfo[breakno].len << 2) |
1281 + breakinfo[breakno].type) << 16) <<
1283 + switch (breakno) {
1285 + asm volatile ("movl %0, %%dr0\n"::"r"
1286 + (breakinfo[breakno].addr));
1290 + asm volatile ("movl %0, %%dr1\n"::"r"
1291 + (breakinfo[breakno].addr));
1295 + asm volatile ("movl %0, %%dr2\n"::"r"
1296 + (breakinfo[breakno].addr));
1300 + asm volatile ("movl %0, %%dr3\n"::"r"
1301 + (breakinfo[breakno].addr));
1304 + } else if ((dr7 & breakbit) && !breakinfo[breakno].enabled) {
1307 + dr7 &= ~(0xf0000 << (breakno << 2));
1311 + asm volatile ("movl %0, %%db7\n"::"r" (dr7));
1316 +remove_hw_break(unsigned breakno)
1318 + if (!breakinfo[breakno].enabled) {
1321 + breakinfo[breakno].enabled = 0;
1326 +set_hw_break(unsigned breakno, unsigned type, unsigned len, unsigned addr)
1328 + if (breakinfo[breakno].enabled) {
1331 + breakinfo[breakno].enabled = 1;
1332 + breakinfo[breakno].type = type;
1333 + breakinfo[breakno].len = len;
1334 + breakinfo[breakno].addr = addr;
1339 +static int in_kgdb_console = 0;
1342 +in_kgdb(struct pt_regs *regs)
1345 + int cpu = smp_processor_id();
1346 + in_kgdb_called = 1;
1347 + if (!spin_is_locked(&kgdb_spinlock)) {
1348 + if (in_kgdb_here_log[cpu] || /* we are holding this cpu */
1349 + in_kgdb_console) { /* or we are doing slow i/o */
1355 + /* As I see it the only reason not to let all cpus spin on
1356 + * the same spin_lock is to allow selected ones to proceed.
1357 + * This would be a good thing, so we leave it this way.
1358 + * Maybe someday.... Done !
1360 + * in_kgdb() is called from an NMI so we don't pretend
1361 + * to have any resources, like printk() for example.
1364 + kgdb_local_irq_save(flags); /* only local here, to avoid hanging */
1366 + * log arival of this cpu
1367 + * The NMI keeps on ticking. Protect against recurring more
1368 + * than once, and ignor the cpu that has the kgdb lock
1370 + in_kgdb_entry_log[cpu]++;
1371 + in_kgdb_here_log[cpu] = regs;
1372 + if (cpu == spinlock_cpu || waiting_cpus[cpu].task) {
1373 + goto exit_in_kgdb;
1376 + * For protection of the initilization of the spin locks by kgdb
1377 + * it locks the kgdb spinlock before it gets the wait locks set
1378 + * up. We wait here for the wait lock to be taken. If the
1379 + * kgdb lock goes away first?? Well, it could be a slow exit
1380 + * sequence where the wait lock is removed prior to the kgdb lock
1381 + * so if kgdb gets unlocked, we just exit.
1383 + while (spin_is_locked(&kgdb_spinlock) &&
1384 + !spin_is_locked(waitlocks + cpu)) ;
1385 + if (!spin_is_locked(&kgdb_spinlock)) {
1386 + goto exit_in_kgdb;
1388 + waiting_cpus[cpu].task = current;
1389 + waiting_cpus[cpu].pid = (current->pid) ? : (PID_MAX + cpu);
1390 + waiting_cpus[cpu].regs = regs;
1392 + spin_unlock_wait(waitlocks + cpu);
1394 + * log departure of this cpu
1396 + waiting_cpus[cpu].task = 0;
1397 + waiting_cpus[cpu].pid = 0;
1398 + waiting_cpus[cpu].regs = 0;
1399 + correct_hw_break();
1401 + in_kgdb_here_log[cpu] = 0;
1402 + kgdb_local_irq_restore(flags);
1405 + spin_unlock(continuelocks + smp_processor_id());
1410 +smp__in_kgdb(struct pt_regs regs)
1417 +in_kgdb(struct pt_regs *regs)
1419 + return (kgdb_spinlock);
1424 +printexceptioninfo(int exceptionNo, int errorcode, char *buffer)
1428 + switch (exceptionNo) {
1429 + case 1: /* debug exception */
1431 + case 3: /* breakpoint */
1432 + sprintf(buffer, "Software breakpoint");
1435 + sprintf(buffer, "Details not available");
1438 + asm volatile ("movl %%db6, %0\n":"=r" (dr6)
1440 + if (dr6 & 0x4000) {
1441 + sprintf(buffer, "Single step");
1444 + for (i = 0; i < 4; ++i) {
1445 + if (dr6 & (1 << i)) {
1446 + sprintf(buffer, "Hardware breakpoint %d", i);
1450 + sprintf(buffer, "Unknown trap");
1455 + * This function does all command procesing for interfacing to gdb.
1457 + * NOTE: The INT nn instruction leaves the state of the interrupt
1458 + * enable flag UNCHANGED. That means that when this routine
1459 + * is entered via a breakpoint (INT 3) instruction from code
1460 + * that has interrupts enabled, then interrupts will STILL BE
1461 + * enabled when this routine is entered. The first thing that
1462 + * we do here is disable interrupts so as to prevent recursive
1463 + * entries and bothersome serial interrupts while we are
1464 + * trying to run the serial port in polled mode.
1466 + * For kernel version 2.1.xx the kgdb_cli() actually gets a spin lock so
1467 + * it is always necessary to do a restore_flags before returning
1468 + * so as to let go of that lock.
1471 +kgdb_handle_exception(int exceptionVector,
1472 + int signo, int err_code, struct pt_regs *linux_regs)
1474 + struct task_struct *usethread = NULL;
1475 + struct task_struct *thread_list_start = 0, *thread = NULL;
1477 + int breakno, breaktype;
1482 + int thread_min = PID_MAX + MAX_NO_CPUS;
1485 + unsigned long flags;
1486 + int gdb_regs[NUMREGBYTES / 4];
1488 + IF_SMP(int entry_state = 0); /* 0, ok, 1, no nmi, 2 sync failed */
1491 +#define regs (*linux_regs)
1492 +#define NUMREGS NUMREGBYTES/4
1494 + * If the entry is not from the kernel then return to the Linux
1495 + * trap handler and let it process the interrupt normally.
1497 + if ((linux_regs->eflags & VM_MASK) || (3 & linux_regs->xcs)) {
1498 + printk("ignoring non-kernel exception\n");
1499 + print_regs(®s);
1503 + kgdb_local_irq_save(flags);
1505 + /* Get kgdb spinlock */
1507 + KGDB_SPIN_LOCK(&kgdb_spinlock);
1508 + rdtscll(kgdb_info.entry_tsc);
1510 + * We depend on this spinlock and the NMI watch dog to control the
1511 + * other cpus. They will arrive at "in_kgdb()" as a result of the
1512 + * NMI and will wait there for the following spin locks to be
1517 + if (cpu_callout_map & ~MAX_CPU_MASK) {
1518 + printk("kgdb : too many cpus, possibly not mapped"
1519 + " in contiguous space, change MAX_NO_CPUS"
1520 + " in kgdb_stub and make new kernel.\n"
1521 + " cpu_callout_map is %lx\n", cpu_callout_map);
1522 + goto exit_just_unlock;
1525 + if (spinlock_count == 1) {
1526 + int time, end_time, dum;
1528 + int cpu_logged_in[MAX_NO_CPUS] = {[0 ... MAX_NO_CPUS - 1] = (0)
1530 + if (remote_debug) {
1531 + printk("kgdb : cpu %d entry, syncing others\n",
1532 + smp_processor_id());
1534 + for (i = 0; i < MAX_NO_CPUS; i++) {
1536 + * Use trylock as we may already hold the lock if
1537 + * we are holding the cpu. Net result is all
1540 + spin_trylock(&waitlocks[i]);
1542 + for (i = 0; i < MAX_NO_CPUS; i++)
1543 + cpu_logged_in[i] = 0;
1545 + * Wait for their arrival. We know the watch dog is active if
1546 + * in_kgdb() has ever been called, as it is always called on a
1550 + end_time = time + 2; /* Note: we use the High order bits! */
1552 + if (num_online_cpus() > 1) {
1553 + int me_in_kgdb = in_kgdb_entry_log[smp_processor_id()];
1554 + smp_send_nmi_allbutself();
1555 + while (i < num_online_cpus() && time != end_time) {
1557 + for (j = 0; j < MAX_NO_CPUS; j++) {
1558 + if (waiting_cpus[j].task &&
1559 + !cpu_logged_in[j]) {
1561 + cpu_logged_in[j] = 1;
1562 + if (remote_debug) {
1564 + ("kgdb : cpu %d arrived at kgdb\n",
1568 + } else if (!waiting_cpus[j].task &&
1570 + waiting_cpus[j].task = NOCPU;
1571 + cpu_logged_in[j] = 1;
1572 + waiting_cpus[j].hold = 1;
1575 + if (!waiting_cpus[j].task &&
1576 + in_kgdb_here_log[j]) {
1578 + int wait = 100000;
1580 + if (!waiting_cpus[j].task &&
1581 + in_kgdb_here_log[j]) {
1583 + ("kgdb : cpu %d stall"
1587 + cpu_logged_in[j] = 1;
1588 + waiting_cpus[j].task =
1589 + (struct task_struct
1595 + if (in_kgdb_entry_log[smp_processor_id()] >
1596 + (me_in_kgdb + 10)) {
1602 + if (i < num_online_cpus()) {
1604 + ("kgdb : time out, proceeding without sync\n");
1606 + printk("kgdb : Waiting_cpus: 0 = %d, 1 = %d\n",
1607 + waiting_cpus[0].task != 0,
1608 + waiting_cpus[1].task != 0);
1609 + printk("kgdb : Cpu_logged in: 0 = %d, 1 = %d\n",
1610 + cpu_logged_in[0], cpu_logged_in[1]);
1612 + ("kgdb : in_kgdb_here_log in: 0 = %d, 1 = %d\n",
1613 + in_kgdb_here_log[0] != 0,
1614 + in_kgdb_here_log[1] != 0);
1616 + entry_state = NO_SYNC;
1620 + in_kgdb_entry_log[smp_processor_id()] -
1622 + printk("kgdb : sync after %d entries\n", ent);
1626 + if (remote_debug) {
1628 + ("kgdb : %d cpus, but watchdog not active\n"
1629 + "proceeding without locking down other cpus\n",
1630 + num_online_cpus());
1631 + entry_state = NO_NMI;
1637 + if (remote_debug) {
1638 + unsigned long *lp = (unsigned long *) &linux_regs;
1640 + printk("handle_exception(exceptionVector=%d, "
1641 + "signo=%d, err_code=%d, linux_regs=%p)\n",
1642 + exceptionVector, signo, err_code, linux_regs);
1644 + print_regs(®s);
1645 + printk("Stk: %8lx %8lx %8lx %8lx"
1646 + " %8lx %8lx %8lx %8lx\n",
1647 + lp[0], lp[1], lp[2], lp[3],
1648 + lp[4], lp[5], lp[6], lp[7]);
1649 + printk(" %8lx %8lx %8lx %8lx"
1650 + " %8lx %8lx %8lx %8lx\n",
1651 + lp[8], lp[9], lp[10], lp[11],
1652 + lp[12], lp[13], lp[14], lp[15]);
1653 + printk(" %8lx %8lx %8lx %8lx "
1654 + "%8lx %8lx %8lx %8lx\n",
1655 + lp[16], lp[17], lp[18], lp[19],
1656 + lp[20], lp[21], lp[22], lp[23]);
1657 + printk(" %8lx %8lx %8lx %8lx "
1658 + "%8lx %8lx %8lx %8lx\n",
1659 + lp[24], lp[25], lp[26], lp[27],
1660 + lp[28], lp[29], lp[30], lp[31]);
1664 + /* Disable hardware debugging while we are in kgdb */
1665 + /* Get the debug register status register */
1667 + __asm__("movl %0,%%db7"
1671 + asm volatile ("movl %%db6, %0\n"
1672 + :"=r" (hw_breakpoint_status)
1676 + switch (exceptionVector) {
1677 + case 0: /* divide error */
1678 + case 1: /* debug exception */
1680 + case 3: /* breakpoint */
1681 + case 4: /* overflow */
1682 + case 5: /* bounds check */
1683 + case 6: /* invalid opcode */
1684 + case 7: /* device not available */
1685 + case 8: /* double fault (errcode) */
1686 + case 10: /* invalid TSS (errcode) */
1687 + case 12: /* stack fault (errcode) */
1688 + case 16: /* floating point error */
1689 + case 17: /* alignment check (errcode) */
1690 + default: /* any undocumented */
1692 + case 11: /* segment not present (errcode) */
1693 + case 13: /* general protection (errcode) */
1694 + case 14: /* page fault (special errcode) */
1695 + case 19: /* cache flush denied */
1696 + if (mem_err_expected) {
1698 + * This fault occured because of the
1699 + * get_char or set_char routines. These
1700 + * two routines use either eax of edx to
1701 + * indirectly reference the location in
1702 + * memory that they are working with.
1703 + * For a page fault, when we return the
1704 + * instruction will be retried, so we
1705 + * have to make sure that these
1706 + * registers point to valid memory.
1708 + mem_err = 1; /* set mem error flag */
1709 + mem_err_expected = 0;
1710 + mem_err_cnt++; /* helps in debugging */
1711 + /* make valid address */
1712 + regs.eax = (long) &garbage_loc;
1713 + /* make valid address */
1714 + regs.edx = (long) &garbage_loc;
1716 + printk("Return after memory error: "
1717 + "mem_err_cnt=%d\n", mem_err_cnt);
1719 + print_regs(®s);
1725 + printk("kgdb : entered kgdb on cpu %d\n", smp_processor_id());
1727 + gdb_i386vector = exceptionVector;
1728 + gdb_i386errcode = err_code;
1729 + kgdb_info.called_from = __builtin_return_address(0);
1732 + * OK, we can now communicate, lets tell gdb about the sync.
1733 + * but only if we had a problem.
1735 + switch (entry_state) {
1737 + to_gdb("NMI not active, other cpus not stopped\n");
1740 + to_gdb("Some cpus not stopped, see 'kgdb_info' for details\n");
1746 + * Set up the gdb function call area.
1748 + trap_cpu = smp_processor_id();
1749 + OLD_esp = NEW_esp = (int) (&linux_regs->esp);
1751 + IF_SMP(once_again:)
1752 + /* reply to host that an exception has occurred */
1753 + remcomOutBuffer[0] = 'S';
1754 + remcomOutBuffer[1] = hexchars[signo >> 4];
1755 + remcomOutBuffer[2] = hexchars[signo % 16];
1756 + remcomOutBuffer[3] = 0;
1758 + putpacket(remcomOutBuffer);
1762 + remcomOutBuffer[0] = 0;
1763 + getpacket(remcomInBuffer);
1764 + switch (remcomInBuffer[0]) {
1766 + remcomOutBuffer[0] = 'S';
1767 + remcomOutBuffer[1] = hexchars[signo >> 4];
1768 + remcomOutBuffer[2] = hexchars[signo % 16];
1769 + remcomOutBuffer[3] = 0;
1772 + remote_debug = !(remote_debug); /* toggle debug flag */
1773 + printk("Remote debug %s\n",
1774 + remote_debug ? "on" : "off");
1776 + case 'g': /* return the value of the CPU registers */
1777 + get_gdb_regs(usethread, ®s, gdb_regs);
1778 + mem2hex((char *) gdb_regs,
1779 + remcomOutBuffer, NUMREGBYTES, 0);
1781 + case 'G': /* set the value of the CPU registers - return OK */
1782 + hex2mem(&remcomInBuffer[1],
1783 + (char *) gdb_regs, NUMREGBYTES, 0);
1784 + if (!usethread || usethread == current) {
1785 + gdb_regs_to_regs(gdb_regs, ®s);
1786 + strcpy(remcomOutBuffer, "OK");
1788 + strcpy(remcomOutBuffer, "E00");
1792 + case 'P':{ /* set the value of a single CPU register -
1795 + * For some reason, gdb wants to talk about psudo
1796 + * registers (greater than 15). These may have
1797 + * meaning for ptrace, but for us it is safe to
1798 + * ignor them. We do this by dumping them into
1799 + * _GS which we also ignor, but do have memory for.
1803 + ptr = &remcomInBuffer[1];
1804 + regs_to_gdb_regs(gdb_regs, ®s);
1805 + if ((!usethread || usethread == current) &&
1806 + hexToInt(&ptr, ®no) &&
1807 + *ptr++ == '=' && (regno >= 0)) {
1809 + (regno >= NUMREGS ? _GS : regno);
1810 + hex2mem(ptr, (char *) &gdb_regs[regno],
1812 + gdb_regs_to_regs(gdb_regs, ®s);
1813 + strcpy(remcomOutBuffer, "OK");
1816 + strcpy(remcomOutBuffer, "E01");
1820 + /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */
1822 + /* TRY TO READ %x,%x. IF SUCCEED, SET PTR = 0 */
1823 + ptr = &remcomInBuffer[1];
1824 + if (hexToInt(&ptr, &addr) &&
1825 + (*(ptr++) == ',') && (hexToInt(&ptr, &length))) {
1828 + * hex doubles the byte count
1830 + if (length > (BUFMAX / 2))
1831 + length = BUFMAX / 2;
1832 + mem2hex((char *) addr,
1833 + remcomOutBuffer, length, 1);
1835 + strcpy(remcomOutBuffer, "E03");
1836 + debug_error("memory fault\n", NULL);
1841 + strcpy(remcomOutBuffer, "E01");
1843 + ("malformed read memory command: %s\n",
1849 + Write LLLL bytes at address AA.AA return OK */
1851 + /* TRY TO READ '%x,%x:'. IF SUCCEED, SET PTR = 0 */
1852 + ptr = &remcomInBuffer[1];
1853 + if (hexToInt(&ptr, &addr) &&
1854 + (*(ptr++) == ',') &&
1855 + (hexToInt(&ptr, &length)) && (*(ptr++) == ':')) {
1856 + hex2mem(ptr, (char *) addr, length, 1);
1859 + strcpy(remcomOutBuffer, "E03");
1860 + debug_error("memory fault\n", NULL);
1862 + strcpy(remcomOutBuffer, "OK");
1868 + strcpy(remcomOutBuffer, "E02");
1870 + ("malformed write memory command: %s\n",
1875 + /* cAA..AA Continue at address AA..AA(optional) */
1876 + /* sAA..AA Step one instruction from AA..AA(optional) */
1877 + /* D detach, reply OK and then continue */
1882 + /* try to read optional parameter,
1883 + pc unchanged if no parm */
1884 + ptr = &remcomInBuffer[1];
1885 + if (hexToInt(&ptr, &addr)) {
1887 + printk("Changing EIP to 0x%x\n", addr);
1894 + /* clear the trace bit */
1895 + regs.eflags &= 0xfffffeff;
1897 + /* set the trace bit if we're stepping */
1898 + if (remcomInBuffer[0] == 's')
1899 + regs.eflags |= 0x100;
1901 + /* detach is a friendly version of continue. Note that
1902 + debugging is still enabled (e.g hit control C)
1903 + until the process that issued an ioctl TIOCGDB
1906 + if (remcomInBuffer[0] == 'D') {
1907 + strcpy(remcomOutBuffer, "OK");
1908 + putpacket(remcomOutBuffer);
1911 + if (remote_debug) {
1912 + printk("Resuming execution\n");
1913 + print_regs(®s);
1915 + asm volatile ("movl %%db6, %0\n":"=r" (dr6)
1917 + if (!(dr6 & 0x4000)) {
1918 + for (breakno = 0; breakno < 4; ++breakno) {
1919 + if (dr6 & (1 << breakno) &&
1920 + (breakinfo[breakno].type == 0)) {
1921 + /* Set restore flag */
1922 + regs.eflags |= 0x10000;
1927 + correct_hw_break();
1928 + asm volatile ("movl %0, %%db6\n"::"r" (0));
1931 + /* kill the program */
1932 + case 'k': /* do nothing */
1937 + switch (remcomInBuffer[1]) {
1939 + /* List threads */
1941 + thread_list_start = (usethread ? : current);
1942 + unpack_byte(remcomInBuffer + 3, &maxthreads);
1943 + unpack_threadid(remcomInBuffer + 5, &thref);
1945 + int buf_thread_limit =
1946 + (BUFMAX - 22) / BUF_THREAD_ID_SIZE;
1947 + if (maxthreads > buf_thread_limit) {
1948 + maxthreads = buf_thread_limit;
1951 + remcomOutBuffer[0] = 'q';
1952 + remcomOutBuffer[1] = 'M';
1953 + remcomOutBuffer[4] = '0';
1954 + pack_threadid(remcomOutBuffer + 5, &thref);
1956 + threadid = threadref_to_int(&thref);
1957 + for (nothreads = 0;
1958 + nothreads < maxthreads &&
1959 + threadid < PID_MAX + MAX_NO_CPUS;
1961 + thread = getthread(threadid);
1963 + int_to_threadref(&thref,
1965 + pack_threadid(remcomOutBuffer +
1970 + if (thread_min > threadid)
1971 + thread_min = threadid;
1975 + if (threadid == PID_MAX + MAX_NO_CPUS) {
1976 + remcomOutBuffer[4] = '1';
1978 + pack_hex_byte(remcomOutBuffer + 2, nothreads);
1979 + remcomOutBuffer[21 + nothreads * 16] = '\0';
1983 + /* Current thread id */
1984 + remcomOutBuffer[0] = 'Q';
1985 + remcomOutBuffer[1] = 'C';
1986 + threadid = current->pid;
1991 + for (threadid = PID_MAX;
1992 + threadid < PID_MAX + MAX_NO_CPUS;
1995 + idle_task(threadid -
2000 + int_to_threadref(&thref, threadid);
2001 + pack_threadid(remcomOutBuffer + 2, &thref);
2002 + remcomOutBuffer[18] = '\0';
2006 + /* Print exception info */
2007 + printexceptioninfo(exceptionVector,
2008 + err_code, remcomOutBuffer);
2013 + /* task related */
2015 + switch (remcomInBuffer[1]) {
2017 + ptr = &remcomInBuffer[2];
2018 + hexToInt(&ptr, &threadid);
2019 + thread = getthread(threadid);
2021 + remcomOutBuffer[0] = 'E';
2022 + remcomOutBuffer[1] = '\0';
2026 + * Just in case I forget what this is all about,
2027 + * the "thread info" command to gdb causes it
2028 + * to ask for a thread list. It then switches
2029 + * to each thread and asks for the registers.
2030 + * For this (and only this) usage, we want to
2031 + * fudge the registers of tasks not on the run
2032 + * list (i.e. waiting) to show the routine that
2033 + * called schedule. Also, gdb, is a minimalist
2034 + * in that if the current thread is the last
2035 + * it will not re-read the info when done.
2036 + * This means that in this case we must show
2037 + * the real registers. So here is how we do it:
2038 + * Each entry we keep track of the min
2039 + * thread in the list (the last that gdb will)
2040 + * get info for. We also keep track of the
2041 + * starting thread.
2042 + * "thread_list" is cleared when switching back
2043 + * to the min thread if it is was current, or
2044 + * if it was not current, thread_list is set
2045 + * to 1. When the switch to current comes,
2046 + * if thread_list is 1, clear it, else do
2049 + usethread = thread;
2050 + if ((thread_list == 1) &&
2051 + (thread == thread_list_start)) {
2054 + if (thread_list && (threadid == thread_min)) {
2055 + if (thread == thread_list_start) {
2061 + /* follow through */
2063 + remcomOutBuffer[0] = 'O';
2064 + remcomOutBuffer[1] = 'K';
2065 + remcomOutBuffer[2] = '\0';
2070 + /* Query thread status */
2072 + ptr = &remcomInBuffer[1];
2073 + hexToInt(&ptr, &threadid);
2074 + thread = getthread(threadid);
2076 + remcomOutBuffer[0] = 'O';
2077 + remcomOutBuffer[1] = 'K';
2078 + remcomOutBuffer[2] = '\0';
2079 + if (thread_min > threadid)
2080 + thread_min = threadid;
2082 + remcomOutBuffer[0] = 'E';
2083 + remcomOutBuffer[1] = '\0';
2088 + ptr = &remcomInBuffer[1];
2089 + hexToInt(&ptr, &breakno);
2091 + hexToInt(&ptr, &breaktype);
2093 + hexToInt(&ptr, &length);
2095 + hexToInt(&ptr, &addr);
2096 + if (set_hw_break(breakno & 0x3,
2098 + length & 0x3, addr) == 0) {
2099 + strcpy(remcomOutBuffer, "OK");
2101 + strcpy(remcomOutBuffer, "ERROR");
2105 + /* Remove hardware breakpoint */
2107 + ptr = &remcomInBuffer[1];
2108 + hexToInt(&ptr, &breakno);
2109 + if (remove_hw_break(breakno & 0x3) == 0) {
2110 + strcpy(remcomOutBuffer, "OK");
2112 + strcpy(remcomOutBuffer, "ERROR");
2116 + case 'r': /* reboot */
2117 + strcpy(remcomOutBuffer, "OK");
2118 + putpacket(remcomOutBuffer);
2119 + /*to_gdb("Rebooting\n"); */
2120 + /* triplefault no return from here */
2122 + static long no_idt[2];
2123 + __asm__ __volatile__("lidt %0"::"m"(no_idt));
2129 + /* reply to the request */
2130 + putpacket(remcomOutBuffer);
2131 + } /* while(1==1) */
2133 + * reached by goto only.
2137 + * Here is where we set up to trap a gdb function call. NEW_esp
2138 + * will be changed if we are trying to do this. We handle both
2139 + * adding and subtracting, thus allowing gdb to put grung on
2140 + * the stack which it removes later.
2142 + if (NEW_esp != OLD_esp) {
2143 + int *ptr = END_OF_LOOKASIDE;
2144 + if (NEW_esp < OLD_esp)
2145 + ptr -= (OLD_esp - NEW_esp) / sizeof (int);
2146 + *--ptr = linux_regs->eflags;
2147 + *--ptr = linux_regs->xcs;
2148 + *--ptr = linux_regs->eip;
2149 + *--ptr = linux_regs->ecx;
2150 + *--ptr = linux_regs->ebx;
2151 + *--ptr = linux_regs->eax;
2152 + linux_regs->ecx = NEW_esp - (sizeof (int) * 6);
2153 + linux_regs->ebx = (unsigned int) END_OF_LOOKASIDE;
2154 + if (NEW_esp < OLD_esp) {
2155 + linux_regs->eip = (unsigned int) fn_call_stub;
2157 + linux_regs->eip = (unsigned int) fn_rtn_stub;
2158 + linux_regs->eax = NEW_esp;
2160 + linux_regs->eflags &= ~(IF_BIT | TF_BIT);
2164 + * Release gdb wait locks
2165 + * Sanity check time. Must have at least one cpu to run. Also single
2166 + * step must not be done if the current cpu is on hold.
2168 + if (spinlock_count == 1) {
2169 + int ss_hold = (regs.eflags & 0x100) && kgdb_info.hold_on_sstep;
2170 + int cpu_avail = 0;
2173 + for (i = 0; i < MAX_NO_CPUS; i++) {
2174 + if (!cpu_online(i))
2176 + if (!hold_cpu(i)) {
2181 + * Early in the bring up there will be NO cpus on line...
2183 + if (!cpu_avail && cpu_online_map) {
2184 + to_gdb("No cpus unblocked, see 'kgdb_info.hold_cpu'\n");
2187 + if (hold_cpu(smp_processor_id()) && (regs.eflags & 0x100)) {
2189 + ("Current cpu must be unblocked to single step\n");
2194 + for (i = 0; i < MAX_NO_CPUS; i++) {
2195 + if (!hold_cpu(i)) {
2196 + spin_unlock(&waitlocks[i]);
2200 + spin_unlock(&waitlocks[smp_processor_id()]);
2202 + /* Release kgdb spinlock */
2203 + KGDB_SPIN_UNLOCK(&kgdb_spinlock);
2205 + * If this cpu is on hold, this is where we
2206 + * do it. Note, the NMI will pull us out of here,
2207 + * but will return as the above lock is not held.
2208 + * We will stay here till another cpu releases the lock for us.
2210 + spin_unlock_wait(waitlocks + smp_processor_id());
2211 + kgdb_local_irq_restore(flags);
2216 + /* Release kgdb spinlock */
2217 + KGDB_SPIN_UNLOCK(&kgdb_spinlock);
2218 + kgdb_local_irq_restore(flags);
2222 +/* this function is used to set up exception handlers for tracing and
2224 + * This function is not needed as the above line does all that is needed.
2225 + * We leave it for backward compatitability...
2228 +set_debug_traps(void)
2231 + * linux_debug_hook is defined in traps.c. We store a pointer
2232 + * to our own exception handler into it.
2234 + * But really folks, every hear of labeled common, an old Fortran
2235 + * concept. Lots of folks can reference it and it is define if
2236 + * anyone does. Only one can initialize it at link time. We do
2237 + * this with the hook. See the statement above. No need for any
2238 + * executable code and it is ready as soon as the kernel is
2239 + * loaded. Very desirable in kernel debugging.
2241 + linux_debug_hook = handle_exception ;
2244 + /* In case GDB is started before us, ack any packets (presumably
2245 + "$?#xx") sitting there.
2246 + putDebugChar ('+');
2252 +/* This function will generate a breakpoint exception. It is used at the
2253 + beginning of a program to sync up with a debugger and can be used
2254 + otherwise as a quick means to stop program execution and "break" into
2256 +/* But really, just use the BREAKPOINT macro. We will handle the int stuff
2261 + * possibly we should not go thru the traps.c code at all? Someday.
2264 +do_kgdb_int3(struct pt_regs *regs, long error_code)
2266 + kgdb_handle_exception(3, 5, error_code, regs);
2271 +#ifdef CONFIG_TRAP_BAD_SYSCALL_EXITS
2273 +bad_sys_call_exit(int stuff)
2275 + struct pt_regs *regs = (struct pt_regs *) &stuff;
2276 + printk("Sys call %d return with %x preempt_count\n",
2277 + (int) regs->orig_eax, preempt_count());
2280 +#ifdef CONFIG_STACK_OVERFLOW_TEST
2281 +#include <asm/kgdb.h>
2283 +stack_overflow(void)
2288 + printk("Kernel stack overflow, looping forever\n");
2295 +#if defined(CONFIG_SMP) || defined(CONFIG_KGDB_CONSOLE)
2296 +char gdbconbuf[BUFMAX];
2299 +kgdb_gdb_message(const char *s, unsigned count)
2305 + * This takes care of NMI while spining out chars to gdb
2307 + IF_SMP(in_kgdb_console = 1);
2308 + gdbconbuf[0] = 'O';
2309 + bufptr = gdbconbuf + 1;
2310 + while (count > 0) {
2311 + if ((count << 1) > (BUFMAX - 2)) {
2312 + wcount = (BUFMAX - 2) >> 1;
2317 + for (i = 0; i < wcount; i++) {
2318 + bufptr = pack_hex_byte(bufptr, s[i]);
2323 + putpacket(gdbconbuf);
2326 + IF_SMP(in_kgdb_console = 0);
2331 +to_gdb(const char *s)
2334 + while (s[count] && (count++ < BUFMAX)) ;
2335 + kgdb_gdb_message(s, count);
2338 +#ifdef CONFIG_KGDB_CONSOLE
2339 +#include <linux/console.h>
2340 +#include <linux/init.h>
2341 +#include <linux/fs.h>
2342 +#include <asm/uaccess.h>
2343 +#include <asm/semaphore.h>
2346 +kgdb_console_write(struct console *co, const char *s, unsigned count)
2349 + if (gdb_i386vector == -1) {
2351 + * We have not yet talked to gdb. What to do...
2352 + * lets break, on continue we can do the write.
2353 + * But first tell him whats up. Uh, well no can do,
2354 + * as this IS the console. Oh well...
2355 + * We do need to wait or the messages will be lost.
2356 + * Other option would be to tell the above code to
2357 + * ignore this breakpoint and do an auto return,
2358 + * but that might confuse gdb. Also this happens
2359 + * early enough in boot up that we don't have the traps
2360 + * set up yet, so...
2364 + kgdb_gdb_message(s, count);
2368 + * ------------------------------------------------------------
2369 + * Serial KGDB driver
2370 + * ------------------------------------------------------------
2373 +static struct console kgdbcons = {
2375 + write:kgdb_console_write,
2376 +#ifdef CONFIG_KGDB_USER_CONSOLE
2377 + device:kgdb_console_device,
2379 + flags:CON_PRINTBUFFER | CON_ENABLED,
2384 + * The trick here is that this file gets linked before printk.o
2385 + * That means we get to peer at the console info in the command
2386 + * line before it does. If we are up, we register, otherwise,
2387 + * do nothing. By returning 0, we allow printk to look also.
2389 +static int kgdb_console_enabled;
2392 +kgdb_console_init(char *str)
2394 + if ((strncmp(str, "kgdb", 4) == 0) || (strncmp(str, "gdb", 3) == 0)) {
2395 + register_console(&kgdbcons);
2396 + kgdb_console_enabled = 1;
2398 + return 0; /* let others look at the string */
2401 +__setup("console=", kgdb_console_init);
2403 +#ifdef CONFIG_KGDB_USER_CONSOLE
2404 +static kdev_t kgdb_console_device(struct console *c);
2405 +/* This stuff sort of works, but it knocks out telnet devices
2406 + * we are leaving it here in case we (or you) find time to figure it out
2411 + * We need a real char device as well for when the console is opened for user
2412 + * space activities.
2416 +kgdb_consdev_open(struct inode *inode, struct file *file)
2422 +kgdb_consdev_write(struct file *file, const char *buf,
2423 + size_t count, loff_t * ppos)
2425 + int size, ret = 0;
2426 + static char kbuf[128];
2427 + static DECLARE_MUTEX(sem);
2429 + /* We are not reentrant... */
2430 + if (down_interruptible(&sem))
2431 + return -ERESTARTSYS;
2433 + while (count > 0) {
2434 + /* need to copy the data from user space */
2436 + if (size > sizeof (kbuf))
2437 + size = sizeof (kbuf);
2438 + if (copy_from_user(kbuf, buf, size)) {
2442 + kgdb_console_write(&kgdbcons, kbuf, size);
2453 +struct file_operations kgdb_consdev_fops = {
2454 + open:kgdb_consdev_open,
2455 + write:kgdb_consdev_write
2458 +kgdb_console_device(struct console *c)
2460 + return MKDEV(TTYAUX_MAJOR, 1);
2464 + * This routine gets called from the serial stub in the i386/lib
2465 + * This is so it is done late in bring up (just before the console open).
2468 +kgdb_console_finit(void)
2470 + if (kgdb_console_enabled) {
2471 + char *cptr = cdevname(MKDEV(TTYAUX_MAJOR, 1));
2473 + while (*cptr && *cptr != '(')
2476 + unregister_chrdev(TTYAUX_MAJOR, cp);
2477 + register_chrdev(TTYAUX_MAJOR, "kgdb", &kgdb_consdev_fops);
2482 +#ifdef CONFIG_KGDB_TS
2483 +#include <asm/msr.h> /* time stamp code */
2484 +#include <asm/hardirq.h> /* in_interrupt */
2485 +#ifdef CONFIG_KGDB_TS_64
2486 +#define DATA_POINTS 64
2488 +#ifdef CONFIG_KGDB_TS_128
2489 +#define DATA_POINTS 128
2491 +#ifdef CONFIG_KGDB_TS_256
2492 +#define DATA_POINTS 256
2494 +#ifdef CONFIG_KGDB_TS_512
2495 +#define DATA_POINTS 512
2497 +#ifdef CONFIG_KGDB_TS_1024
2498 +#define DATA_POINTS 1024
2500 +#ifndef DATA_POINTS
2501 +#define DATA_POINTS 128 /* must be a power of two */
2503 +#define INDEX_MASK (DATA_POINTS - 1)
2504 +#if (INDEX_MASK & DATA_POINTS)
2505 +#error "CONFIG_KGDB_TS_COUNT must be a power of 2"
2507 +struct kgdb_and_then_struct {
2511 + struct task_struct *task;
2512 + long long at_time;
2520 +struct kgdb_and_then_struct2 {
2524 + struct task_struct *task;
2525 + long long at_time;
2530 + struct task_struct *t1;
2531 + struct task_struct *t2;
2533 +struct kgdb_and_then_struct kgdb_data[DATA_POINTS];
2535 +struct kgdb_and_then_struct *kgdb_and_then = &kgdb_data[0];
2536 +int kgdb_and_then_count;
2539 +kgdb_tstamp(int line, char *source, int data0, int data1)
2541 + static spinlock_t ts_spin = SPIN_LOCK_UNLOCKED;
2543 + kgdb_local_irq_save(flags);
2544 + spin_lock(&ts_spin);
2545 + rdtscll(kgdb_and_then->at_time);
2547 + kgdb_and_then->on_cpu = smp_processor_id();
2549 + kgdb_and_then->task = current;
2550 + kgdb_and_then->from_ln = line;
2551 + kgdb_and_then->in_src = source;
2552 + kgdb_and_then->from = __builtin_return_address(0);
2553 + kgdb_and_then->with_shpf = (int *) (((flags & IF_BIT) >> 9) |
2554 + (preempt_count() << 8));
2555 + kgdb_and_then->data0 = data0;
2556 + kgdb_and_then->data1 = data1;
2557 + kgdb_and_then = &kgdb_data[++kgdb_and_then_count & INDEX_MASK];
2558 + spin_unlock(&ts_spin);
2559 + kgdb_local_irq_restore(flags);
2560 +#ifdef CONFIG_PREEMPT
2566 +typedef int gdb_debug_hook(int exceptionVector,
2567 + int signo, int err_code, struct pt_regs *linux_regs);
2568 +gdb_debug_hook *linux_debug_hook = &kgdb_handle_exception; /* histerical reasons... */
2569 diff -puN arch/i386/kernel/Makefile~kgdb-ga arch/i386/kernel/Makefile
2570 --- 25/arch/i386/kernel/Makefile~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
2571 +++ 25-akpm/arch/i386/kernel/Makefile 2003-06-25 23:14:17.000000000 -0700
2572 @@ -14,6 +14,7 @@ obj-y += timers/
2573 obj-$(CONFIG_ACPI) += acpi/
2574 obj-$(CONFIG_X86_BIOS_REBOOT) += reboot.o
2575 obj-$(CONFIG_MCA) += mca.o
2576 +obj-$(CONFIG_KGDB) += kgdb_stub.o
2577 obj-$(CONFIG_X86_MSR) += msr.o
2578 obj-$(CONFIG_X86_CPUID) += cpuid.o
2579 obj-$(CONFIG_MICROCODE) += microcode.o
2580 diff -puN arch/i386/kernel/nmi.c~kgdb-ga arch/i386/kernel/nmi.c
2581 --- 25/arch/i386/kernel/nmi.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
2582 +++ 25-akpm/arch/i386/kernel/nmi.c 2003-06-25 23:14:17.000000000 -0700
2584 #include <asm/mpspec.h>
2585 #include <asm/nmi.h>
2588 +#include <asm/kgdb.h>
2590 +unsigned int nmi_watchdog = NMI_IO_APIC;
2592 +unsigned int nmi_watchdog = NMI_LOCAL_APIC;
2595 unsigned int nmi_watchdog = NMI_NONE;
2598 static unsigned int nmi_hz = HZ;
2599 unsigned int nmi_perfctr_msr; /* the MSR to reset in NMI handler */
2600 extern void show_registers(struct pt_regs *regs);
2601 @@ -398,6 +408,9 @@ void touch_nmi_watchdog (void)
2602 for (i = 0; i < NR_CPUS; i++)
2603 alert_counter[i] = 0;
2606 +int tune_watchdog = 5*HZ;
2609 void nmi_watchdog_tick (struct pt_regs * regs)
2611 @@ -411,12 +424,24 @@ void nmi_watchdog_tick (struct pt_regs *
2613 sum = irq_stat[cpu].apic_timer_irqs;
2616 + if (! in_kgdb(regs) && last_irq_sums[cpu] == sum ) {
2619 if (last_irq_sums[cpu] == sum) {
2622 * Ayiee, looks like this CPU is stuck ...
2623 * wait a few IRQs (5 seconds) before doing the oops ...
2625 alert_counter[cpu]++;
2627 + if (alert_counter[cpu] == tune_watchdog) {
2628 + kgdb_handle_exception(2, SIGPWR, 0, regs);
2629 + last_irq_sums[cpu] = sum;
2630 + alert_counter[cpu] = 0;
2633 if (alert_counter[cpu] == 5*nmi_hz) {
2634 spin_lock(&nmi_print_lock);
2636 diff -puN arch/i386/kernel/smp.c~kgdb-ga arch/i386/kernel/smp.c
2637 --- 25/arch/i386/kernel/smp.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
2638 +++ 25-akpm/arch/i386/kernel/smp.c 2003-06-25 23:14:17.000000000 -0700
2639 @@ -459,7 +459,17 @@ void smp_send_reschedule(int cpu)
2641 send_IPI_mask(1 << cpu, RESCHEDULE_VECTOR);
2646 + * By using the NMI code instead of a vector we just sneak thru the
2647 + * word generator coming out with just what we want. AND it does
2648 + * not matter if clustered_apic_mode is set or not.
2650 +void smp_send_nmi_allbutself(void)
2652 + send_IPI_allbutself(APIC_DM_NMI);
2656 * Structure and data for smp_call_function(). This is designed to minimise
2657 * static memory requirements. It also looks cleaner.
2658 diff -puN arch/i386/kernel/traps.c~kgdb-ga arch/i386/kernel/traps.c
2659 --- 25/arch/i386/kernel/traps.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
2660 +++ 25-akpm/arch/i386/kernel/traps.c 2003-06-25 23:14:17.000000000 -0700
2661 @@ -90,6 +90,42 @@ asmlinkage void alignment_check(void);
2662 asmlinkage void spurious_interrupt_bug(void);
2663 asmlinkage void machine_check(void);
2666 +extern void sysenter_entry(void);
2667 +#include <asm/kgdb.h>
2668 +#include <linux/init.h>
2669 +extern void int3(void);
2670 +extern void debug(void);
2671 +void set_intr_gate(unsigned int n, void *addr);
2672 +static void set_intr_usr_gate(unsigned int n, void *addr);
2674 + * Should be able to call this breakpoint() very early in
2675 + * bring up. Just hard code the call where needed.
2676 + * The breakpoint() code is here because set_?_gate() functions
2677 + * are local (static) to trap.c. They need be done only once,
2678 + * but it does not hurt to do them over.
2680 +void breakpoint(void)
2682 + set_intr_usr_gate(3,&int3); /* disable ints on trap */
2683 + set_intr_gate(1,&debug);
2684 + set_intr_gate(14,&page_fault);
2688 +#define CHK_REMOTE_DEBUG(trapnr,signr,error_code,regs,after) \
2690 + if (!user_mode(regs) ) \
2692 + kgdb_handle_exception(trapnr, signr, error_code, regs); \
2694 + } else if ((trapnr == 3) && (regs->eflags &0x200)) local_irq_enable(); \
2697 +#define CHK_REMOTE_DEBUG(trapnr,signr,error_code,regs,after)
2701 static int kstack_depth_to_print = 24;
2703 void show_trace(struct task_struct *task, unsigned long * stack)
2704 @@ -258,6 +294,15 @@ void die(const char * str, struct pt_reg
2707 printk("%s: %04lx [#%d]\n", str, err & 0xffff, ++die_counter);
2709 + /* This is about the only place we want to go to kgdb even if in
2710 + * user mode. But we must go in via a trap so within kgdb we will
2711 + * always be in kernel mode.
2713 + if (user_mode(regs))
2716 + CHK_REMOTE_DEBUG(0,SIGTRAP,err,regs,)
2717 show_registers(regs);
2719 spin_unlock_irq(&die_lock);
2720 @@ -327,6 +372,7 @@ static inline void do_trap(int trapnr, i
2721 #define DO_ERROR(trapnr, signr, str, name) \
2722 asmlinkage void do_##name(struct pt_regs * regs, long error_code) \
2724 + CHK_REMOTE_DEBUG(trapnr,signr,error_code,regs,)\
2725 do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
2728 @@ -344,7 +390,9 @@ asmlinkage void do_##name(struct pt_regs
2729 #define DO_VM86_ERROR(trapnr, signr, str, name) \
2730 asmlinkage void do_##name(struct pt_regs * regs, long error_code) \
2732 + CHK_REMOTE_DEBUG(trapnr, signr, error_code,regs, return)\
2733 do_trap(trapnr, signr, str, 1, regs, error_code, NULL); \
2737 #define DO_VM86_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
2738 @@ -387,8 +435,10 @@ gp_in_vm86:
2742 - if (!fixup_exception(regs))
2743 + if (!fixup_exception(regs)){
2744 + CHK_REMOTE_DEBUG(13,SIGSEGV,error_code,regs,)
2745 die("general protection fault", regs, error_code);
2749 static void mem_parity_error(unsigned char reason, struct pt_regs * regs)
2750 @@ -550,8 +600,18 @@ asmlinkage void do_debug(struct pt_regs
2751 * allowing programs to debug themselves without the ptrace()
2754 - if ((regs->xcs & 3) == 0)
2757 + * I think this is the only "real" case of a TF in the kernel
2758 + * that really belongs to user space. Others are
2759 + * "Ours all ours!"
2761 + if (((regs->xcs & 3) == 0) && ((void *)regs->eip == sysenter_entry))
2762 goto clear_TF_reenable;
2764 + if ((regs->xcs & 3) == 0)
2765 + goto clear_TF_reenable;
2767 if ((tsk->ptrace & (PT_DTRACE|PT_PTRACED)) == PT_DTRACE)
2770 @@ -563,6 +623,17 @@ asmlinkage void do_debug(struct pt_regs
2772 info.si_code = TRAP_BRKPT;
2776 + * If this is a kernel mode trap, we need to reset db7 to allow us
2777 + * to continue sanely ALSO skip the signal delivery
2779 + if ((regs->xcs & 3) == 0)
2782 + /* if not kernel, allow ints but only if they were on */
2783 + if ( regs->eflags & 0x200) local_irq_enable();
2785 /* If this is a kernel mode trap, save the user PC on entry to
2786 * the kernel, that's what the debugger can make sense of.
2788 @@ -577,6 +648,7 @@ clear_dr7:
2789 __asm__("movl %0,%%db7"
2792 + CHK_REMOTE_DEBUG(1,SIGTRAP,error_code,regs,)
2796 @@ -823,6 +895,12 @@ static void __init set_call_gate(void *a
2798 _set_gate(a,12,3,addr,__KERNEL_CS);
2801 +void set_intr_usr_gate(unsigned int n, void *addr)
2803 + _set_gate(idt_table+n,14,3,addr,__KERNEL_CS);
2807 static void __init set_task_gate(unsigned int n, unsigned int gdt_entry)
2809 @@ -849,7 +927,11 @@ void __init trap_init(void)
2810 set_trap_gate(0,÷_error);
2811 set_intr_gate(1,&debug);
2812 set_intr_gate(2,&nmi);
2813 +#ifndef CONFIG_KGDB
2814 set_system_gate(3,&int3); /* int3-5 can be called from all */
2816 + set_intr_usr_gate(3,&int3); /* int3-5 can be called from all */
2818 set_system_gate(4,&overflow);
2819 set_system_gate(5,&bounds);
2820 set_trap_gate(6,&invalid_op);
2821 diff -puN /dev/null arch/i386/lib/kgdb_serial.c
2822 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
2823 +++ 25-akpm/arch/i386/lib/kgdb_serial.c 2003-06-25 23:14:17.000000000 -0700
2826 + * Serial interface GDB stub
2828 + * Written (hacked together) by David Grothe (dave@gcom.com)
2829 + * Modified to allow invokation early in boot see also
2830 + * kgdb.h for instructions by George Anzinger(george@mvista.com)
2834 +#include <linux/module.h>
2835 +#include <linux/errno.h>
2836 +#include <linux/signal.h>
2837 +#include <linux/sched.h>
2838 +#include <linux/timer.h>
2839 +#include <linux/interrupt.h>
2840 +#include <linux/tty.h>
2841 +#include <linux/tty_flip.h>
2842 +#include <linux/serial.h>
2843 +#include <linux/serial_reg.h>
2844 +#include <linux/config.h>
2845 +#include <linux/major.h>
2846 +#include <linux/string.h>
2847 +#include <linux/fcntl.h>
2848 +#include <linux/ptrace.h>
2849 +#include <linux/ioport.h>
2850 +#include <linux/mm.h>
2851 +#include <linux/init.h>
2852 +#include <linux/highmem.h>
2853 +#include <asm/system.h>
2854 +#include <asm/io.h>
2855 +#include <asm/segment.h>
2856 +#include <asm/bitops.h>
2857 +#include <asm/system.h>
2858 +#include <asm/kgdb_local.h>
2859 +#ifdef CONFIG_KGDB_USER_CONSOLE
2860 +extern void kgdb_console_finit(void);
2863 +#define TEST_EXISTANCE
2865 +#define dbprintk(s) printk s
2867 +#define dbprintk(s)
2869 +#define TEST_INTERRUPT_off
2870 +#ifdef TEST_INTERRUPT
2871 +#define intprintk(s) printk s
2873 +#define intprintk(s)
2876 +#define IRQ_T(info) ((info->flags & ASYNC_SHARE_IRQ) ? SA_SHIRQ : SA_INTERRUPT)
2878 +#define GDB_BUF_SIZE 512 /* power of 2, please */
2880 +static char gdb_buf[GDB_BUF_SIZE];
2881 +static int gdb_buf_in_inx;
2882 +static atomic_t gdb_buf_in_cnt;
2883 +static int gdb_buf_out_inx;
2885 +struct async_struct *gdb_async_info;
2886 +static int gdb_async_irq;
2888 +#define outb_px(a,b) outb_p(b,a)
2890 +static void program_uart(struct async_struct *info);
2891 +static void write_char(struct async_struct *info, int chr);
2893 + * Get a byte from the hardware data buffer and return it
2896 +read_data_bfr(struct async_struct *info)
2898 + char it = inb_p(info->port + UART_LSR);
2900 + if (it & UART_LSR_DR)
2901 + return (inb_p(info->port + UART_RX));
2903 + * If we have a framing error assume somebody messed with
2904 + * our uart. Reprogram it and send '-' both ways...
2907 + program_uart(info);
2908 + write_char(info, '-');
2913 +} /* read_data_bfr */
2916 + * Get a char if available, return -1 if nothing available.
2917 + * Empty the receive buffer first, then look at the interface hardware.
2919 + * Locking here is a bit of a problem. We MUST not lock out communication
2920 + * if we are trying to talk to gdb about a kgdb entry. ON the other hand
2921 + * we can loose chars in the console pass thru if we don't lock. It is also
2922 + * possible that we could hold the lock or be waiting for it when kgdb
2923 + * NEEDS to talk. Since kgdb locks down the world, it does not need locks.
2924 + * We do, of course have possible issues with interrupting a uart operation,
2925 + * but we will just depend on the uart status to help keep that straight.
2928 +static spinlock_t uart_interrupt_lock = SPIN_LOCK_UNLOCKED;
2930 +extern spinlock_t kgdb_spinlock;
2934 +read_char(struct async_struct *info)
2937 + unsigned long flags;
2938 + local_irq_save(flags);
2940 + if (!spin_is_locked(&kgdb_spinlock)) {
2941 + spin_lock(&uart_interrupt_lock);
2944 + if (atomic_read(&gdb_buf_in_cnt) != 0) { /* intr routine has q'd chars */
2945 + chr = gdb_buf[gdb_buf_out_inx++];
2946 + gdb_buf_out_inx &= (GDB_BUF_SIZE - 1);
2947 + atomic_dec(&gdb_buf_in_cnt);
2949 + chr = read_data_bfr(info);
2952 + if (!spin_is_locked(&kgdb_spinlock)) {
2953 + spin_unlock(&uart_interrupt_lock);
2956 + local_irq_restore(flags);
2961 + * Wait until the interface can accept a char, then write it.
2964 +write_char(struct async_struct *info, int chr)
2966 + while (!(inb_p(info->port + UART_LSR) & UART_LSR_THRE)) ;
2968 + outb_p(chr, info->port + UART_TX);
2973 + * Mostly we don't need a spinlock, but since the console goes
2974 + * thru here with interrutps on, well, we need to catch those
2978 + * This is the receiver interrupt routine for the GDB stub.
2979 + * It will receive a limited number of characters of input
2980 + * from the gdb host machine and save them up in a buffer.
2982 + * When the gdb stub routine getDebugChar() is called it
2983 + * draws characters out of the buffer until it is empty and
2984 + * then reads directly from the serial port.
2986 + * We do not attempt to write chars from the interrupt routine
2987 + * since the stubs do all of that via putDebugChar() which
2988 + * writes one byte after waiting for the interface to become
2991 + * The debug stubs like to run with interrupts disabled since,
2992 + * after all, they run as a consequence of a breakpoint in
2995 + * Perhaps someone who knows more about the tty driver than I
2996 + * care to learn can make this work for any low level serial
3000 +gdb_interrupt(int irq, void *dev_id, struct pt_regs *regs)
3002 + struct async_struct *info;
3003 + unsigned long flags;
3005 + info = gdb_async_info;
3006 + if (!info || !info->tty || irq != gdb_async_irq)
3009 + local_irq_save(flags);
3010 + spin_lock(&uart_interrupt_lock);
3012 + int chr = read_data_bfr(info);
3013 + intprintk(("Debug char on int: %x hex\n", chr));
3017 + if (chr == 3) { /* Ctrl-C means remote interrupt */
3022 + if (atomic_read(&gdb_buf_in_cnt) >= GDB_BUF_SIZE) {
3023 + /* buffer overflow tosses early char */
3026 + gdb_buf[gdb_buf_in_inx++] = chr;
3027 + gdb_buf_in_inx &= (GDB_BUF_SIZE - 1);
3028 + } while (inb_p(info->port + UART_IIR) & UART_IIR_RDI);
3029 + spin_unlock(&uart_interrupt_lock);
3030 + local_irq_restore(flags);
3031 + return IRQ_HANDLED;
3032 +} /* gdb_interrupt */
3035 + * Just a NULL routine for testing.
3042 +/* These structure are filled in with values defined in asm/kgdb_local.h
3044 +static struct serial_state state = SB_STATE;
3045 +static struct async_struct local_info = SB_INFO;
3046 +static int ok_to_enable_ints = 0;
3047 +static void kgdb_enable_ints_now(void);
3049 +extern char *kgdb_version;
3051 + * Hook an IRQ for KGDB.
3053 + * This routine is called from putDebugChar, below.
3055 +static int ints_disabled = 1;
3057 +gdb_hook_interrupt(struct async_struct *info, int verb)
3059 + struct serial_state *state = info->state;
3060 + unsigned long flags;
3062 +#ifdef TEST_EXISTANCE
3063 + int scratch, scratch2;
3066 + /* The above fails if memory managment is not set up yet.
3067 + * Rather than fail the set up, just keep track of the fact
3068 + * and pick up the interrupt thing later.
3070 + gdb_async_info = info;
3071 + port = gdb_async_info->port;
3072 + gdb_async_irq = state->irq;
3074 + printk("kgdb %s : port =%x, IRQ=%d, divisor =%d\n",
3077 + gdb_async_irq, gdb_async_info->state->custom_divisor);
3079 + local_irq_save(flags);
3080 +#ifdef TEST_EXISTANCE
3081 + /* Existance test */
3082 + /* Should not need all this, but just in case.... */
3084 + scratch = inb_p(port + UART_IER);
3085 + outb_px(port + UART_IER, 0);
3086 + outb_px(0xff, 0x080);
3087 + scratch2 = inb_p(port + UART_IER);
3088 + outb_px(port + UART_IER, scratch);
3091 + ("gdb_hook_interrupt: Could not clear IER, not a UART!\n");
3092 + local_irq_restore(flags);
3093 + return 1; /* We failed; there's nothing here */
3095 + scratch2 = inb_p(port + UART_LCR);
3096 + outb_px(port + UART_LCR, 0xBF); /* set up for StarTech test */
3097 + outb_px(port + UART_EFR, 0); /* EFR is the same as FCR */
3098 + outb_px(port + UART_LCR, 0);
3099 + outb_px(port + UART_FCR, UART_FCR_ENABLE_FIFO);
3100 + scratch = inb_p(port + UART_IIR) >> 6;
3101 + if (scratch == 1) {
3102 + printk("gdb_hook_interrupt: Undefined UART type!"
3103 + " Not a UART! \n");
3104 + local_irq_restore(flags);
3107 + dbprintk(("gdb_hook_interrupt: UART type "
3108 + "is %d where 0=16450, 2=16550 3=16550A\n", scratch));
3110 + scratch = inb_p(port + UART_MCR);
3111 + outb_px(port + UART_MCR, UART_MCR_LOOP | scratch);
3112 + outb_px(port + UART_MCR, UART_MCR_LOOP | 0x0A);
3113 + scratch2 = inb_p(port + UART_MSR) & 0xF0;
3114 + outb_px(port + UART_MCR, scratch);
3115 + if (scratch2 != 0x90) {
3116 + printk("gdb_hook_interrupt: "
3117 + "Loop back test failed! Not a UART!\n");
3118 + local_irq_restore(flags);
3119 + return scratch2 + 1000; /* force 0 to fail */
3121 +#endif /* test existance */
3122 + program_uart(info);
3123 + local_irq_restore(flags);
3127 +} /* gdb_hook_interrupt */
3130 +program_uart(struct async_struct *info)
3132 + int port = info->port;
3134 + (void) inb_p(port + UART_RX);
3135 + outb_px(port + UART_IER, 0);
3137 + (void) inb_p(port + UART_RX); /* serial driver comments say */
3138 + (void) inb_p(port + UART_IIR); /* this clears the interrupt regs */
3139 + (void) inb_p(port + UART_MSR);
3140 + outb_px(port + UART_LCR, UART_LCR_WLEN8 | UART_LCR_DLAB);
3141 + outb_px(port + UART_DLL, info->state->custom_divisor & 0xff); /* LS */
3142 + outb_px(port + UART_DLM, info->state->custom_divisor >> 8); /* MS */
3143 + outb_px(port + UART_MCR, info->MCR);
3145 + outb_px(port + UART_FCR, UART_FCR_ENABLE_FIFO | UART_FCR_TRIGGER_1 | UART_FCR_CLEAR_XMIT | UART_FCR_CLEAR_RCVR); /* set fcr */
3146 + outb_px(port + UART_LCR, UART_LCR_WLEN8); /* reset DLAB */
3147 + outb_px(port + UART_FCR, UART_FCR_ENABLE_FIFO | UART_FCR_TRIGGER_1); /* set fcr */
3148 + if (!ints_disabled) {
3149 + intprintk(("KGDB: Sending %d to port %x offset %d\n",
3150 + gdb_async_info->IER,
3151 + (int) gdb_async_info->port, UART_IER));
3152 + outb_px(gdb_async_info->port + UART_IER, gdb_async_info->IER);
3160 + * This is a GDB stub routine. It waits for a character from the
3161 + * serial interface and then returns it. If there is no serial
3162 + * interface connection then it returns a bogus value which will
3163 + * almost certainly cause the system to hang. In the
3165 +int kgdb_in_isr = 0;
3166 +int kgdb_in_lsr = 0;
3167 +extern spinlock_t kgdb_spinlock;
3169 +/* Caller takes needed protections */
3174 + volatile int chr, dum, time, end_time;
3176 + dbprintk(("getDebugChar(port %x): ", gdb_async_info->port));
3178 + if (gdb_async_info == NULL) {
3179 + gdb_hook_interrupt(&local_info, 0);
3182 + * This trick says if we wait a very long time and get
3183 + * no char, return the -1 and let the upper level deal
3187 + end_time = time + 2;
3188 + while (((chr = read_char(gdb_async_info)) == -1) &&
3189 + (end_time - time) > 0) {
3193 + * This covers our butts if some other code messes with
3194 + * our uart, hay, it happens :o)
3197 + program_uart(gdb_async_info);
3199 + dbprintk(("%c\n", chr > ' ' && chr < 0x7F ? chr : ' '));
3202 +} /* getDebugChar */
3204 +static int count = 3;
3205 +static spinlock_t one_at_atime = SPIN_LOCK_UNLOCKED;
3208 +kgdb_enable_ints(void)
3210 + if (gdb_async_info == NULL) {
3211 + gdb_hook_interrupt(&local_info, 1);
3213 + ok_to_enable_ints = 1;
3214 + kgdb_enable_ints_now();
3215 +#ifdef CONFIG_KGDB_USER_CONSOLE
3216 + kgdb_console_finit();
3221 +#ifdef CONFIG_SERIAL_8250
3222 +void shutdown_for_kgdb(struct async_struct *gdb_async_info);
3225 +#ifdef CONFIG_DISCONTIGMEM
3226 +static inline int kgdb_mem_init_done(void)
3228 + return highmem_start_page != NULL;
3231 +static inline int kgdb_mem_init_done(void)
3233 + return max_mapnr != 0;
3238 +kgdb_enable_ints_now(void)
3240 + if (!spin_trylock(&one_at_atime))
3242 + if (!ints_disabled)
3244 + if (kgdb_mem_init_done() &&
3245 + ints_disabled) { /* don't try till mem init */
3246 +#ifdef CONFIG_SERIAL_8250
3248 + * The ifdef here allows the system to be configured
3249 + * without the serial driver.
3250 + * Don't make it a module, however, it will steal the port
3252 + shutdown_for_kgdb(gdb_async_info);
3254 + ints_disabled = request_irq(gdb_async_info->state->irq,
3256 + IRQ_T(gdb_async_info),
3257 + "KGDB-stub", NULL);
3258 + intprintk(("KGDB: request_irq returned %d\n", ints_disabled));
3260 + if (!ints_disabled) {
3261 + intprintk(("KGDB: Sending %d to port %x offset %d\n",
3262 + gdb_async_info->IER,
3263 + (int) gdb_async_info->port, UART_IER));
3264 + outb_px(gdb_async_info->port + UART_IER, gdb_async_info->IER);
3267 + spin_unlock(&one_at_atime);
3273 + * This is a GDB stub routine. It waits until the interface is ready
3274 + * to transmit a char and then sends it. If there is no serial
3275 + * interface connection then it simply returns to its caller, having
3276 + * pretended to send the char. Caller takes needed protections.
3279 +putDebugChar(int chr)
3281 + dbprintk(("putDebugChar(port %x): chr=%02x '%c', ints_on=%d\n",
3282 + gdb_async_info->port,
3284 + chr > ' ' && chr < 0x7F ? chr : ' ', ints_disabled ? 0 : 1));
3286 + if (gdb_async_info == NULL) {
3287 + gdb_hook_interrupt(&local_info, 0);
3290 + write_char(gdb_async_info, chr); /* this routine will wait */
3291 + count = (chr == '#') ? 0 : count + 1;
3292 + if ((count == 2)) { /* try to enable after */
3293 + if (ints_disabled & ok_to_enable_ints)
3294 + kgdb_enable_ints_now(); /* try to enable after */
3296 + /* We do this a lot because, well we really want to get these
3297 + * interrupts. The serial driver will clear these bits when it
3298 + * initializes the chip. Every thing else it does is ok,
3301 + if (!ints_disabled) {
3302 + outb_px(gdb_async_info->port + UART_IER,
3303 + gdb_async_info->IER);
3307 +} /* putDebugChar */
3309 +module_init(kgdb_enable_ints);
3310 diff -puN arch/i386/lib/Makefile~kgdb-ga arch/i386/lib/Makefile
3311 --- 25/arch/i386/lib/Makefile~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
3312 +++ 25-akpm/arch/i386/lib/Makefile 2003-06-25 23:14:17.000000000 -0700
3313 @@ -9,4 +9,5 @@ lib-y = checksum.o delay.o \
3315 lib-$(CONFIG_X86_USE_3DNOW) += mmx.o
3316 lib-$(CONFIG_HAVE_DEC_LOCK) += dec_and_lock.o
3317 +lib-$(CONFIG_KGDB) += kgdb_serial.o
3318 lib-$(CONFIG_DEBUG_IOVIRT) += iodebug.o
3319 diff -puN arch/i386/Makefile~kgdb-ga arch/i386/Makefile
3320 --- 25/arch/i386/Makefile~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
3321 +++ 25-akpm/arch/i386/Makefile 2003-06-25 23:14:17.000000000 -0700
3322 @@ -85,6 +85,9 @@ mcore-$(CONFIG_X86_ES7000) := mach-es700
3323 # default subarch .h files
3324 mflags-y += -Iinclude/asm-i386/mach-default
3326 +mflags-$(CONFIG_KGDB) += -g
3327 +mflags-$(CONFIG_KGDB_MORE) += $(shell echo $(CONFIG_KGDB_OPTIONS) | sed -e 's/"//g')
3329 head-y := arch/i386/kernel/head.o arch/i386/kernel/init_task.o
3331 libs-y += arch/i386/lib/
3332 diff -puN arch/i386/mm/fault.c~kgdb-ga arch/i386/mm/fault.c
3333 --- 25/arch/i386/mm/fault.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
3334 +++ 25-akpm/arch/i386/mm/fault.c 2003-06-25 23:14:17.000000000 -0700
3335 @@ -236,6 +236,12 @@ no_context:
3336 * Oops. The kernel tried to access some bad page. We'll have to
3337 * terminate things with extreme prejudice.
3340 + if (!user_mode(regs)){
3341 + kgdb_handle_exception(14,SIGBUS, error_code, regs);
3348 diff -puN /dev/null Documentation/i386/kgdb/andthen
3349 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3350 +++ 25-akpm/Documentation/i386/kgdb/andthen 2003-06-25 23:14:17.000000000 -0700
3355 + set var $thp=(struct kgdb_and_then_struct *)&kgdb_data[0]
3356 + set var $at_size = (sizeof kgdb_data)/(sizeof *$thp)
3357 + set var $at_oc=kgdb_and_then_count
3358 + set var $at_cc=$at_oc
3361 +define andthen_next
3362 + set var $at_cc=$arg0
3367 + if ($at_cc >= $at_oc)
3368 + printf "Outside window. Window size is %d\n",($at_oc-$at_low)
3370 + printf "%d: ",$at_cc
3371 + output *($thp+($at_cc++ % $at_size ))
3375 +define andthen_set_edge
3376 + set var $at_oc=kgdb_and_then_count
3377 + set var $at_low = $at_oc - $at_size
3379 + set var $at_low = 0
3381 + if (( $at_cc > $at_oc) || ($at_cc < $at_low))
3382 + printf "Count outside of window, setting count to "
3383 + if ($at_cc >= $at_oc)
3384 + set var $at_cc = $at_oc
3386 + set var $at_cc = $at_low
3388 + printf "%d\n",$at_cc
3394 + if ($at_cc <= $at_low)
3395 + printf "Outside window. Window size is %d\n",($at_oc-$at_low)
3397 + printf "%d: ",$at_cc-1
3398 + output *($thp+(--$at_cc % $at_size ))
3403 +document andthen_next
3404 + andthen_next <count>
3405 + . sets the number of the event to display next. If this event
3406 + . is not in the event pool, either andthen or beforethat will
3407 + . correct it to the nearest event pool edge. The event pool
3408 + . ends at the last event recorded and begins <number of events>
3409 + . prior to that. If beforethat is used next, it will display
3410 + . event <count> -1.
3412 + andthen commands are: set_andthen, andthen_next, andthen and beforethat
3418 +. displays the next event in the list. <set_andthen> sets up to display
3419 +. the oldest saved event first.
3420 +. <count> (optional) count of the event to display.
3421 +. note the number of events saved is specified at configure time.
3422 +. if events are saved between calls to andthen the index will change
3423 +. but the displayed event will be the next one (unless the event buffer
3426 +. andthen commands are: set_andthen, andthen_next, andthen and beforethat
3429 +document set_andthen
3431 +. sets up to use the <andthen> and <beforethat> commands.
3432 +. if you have defined your own struct, use the above and
3433 +. then enter the following:
3434 +. p $thp=(struct kgdb_and_then_structX *)&kgdb_data[0]
3435 +. where <kgdb_and_then_structX> is the name of your structure.
3437 +. andthen commands are: set_andthen, andthen_next, andthen and beforethat
3440 +document beforethat
3442 +. displays the next prior event in the list. <set_andthen> sets up to
3443 +. display the last occuring event first.
3445 +. note the number of events saved is specified at configure time.
3446 +. if events are saved between calls to beforethat the index will change
3447 +. but the displayed event will be the next one (unless the event buffer
3450 +. andthen commands are: set_andthen, andthen_next, andthen and beforethat
3452 diff -puN /dev/null Documentation/i386/kgdb/debug-nmi.txt
3453 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3454 +++ 25-akpm/Documentation/i386/kgdb/debug-nmi.txt 2003-06-25 23:14:17.000000000 -0700
3456 +Subject: Debugging with NMI
3457 +Date: Mon, 12 Jul 1999 11:28:31 -0500
3458 +From: David Grothe <dave@gcom.com>
3459 +Organization: Gcom, Inc
3460 +To: David Grothe <dave@gcom.com>
3464 +Maybe this is old hat, but it is new to me --
3466 +On an ISA bus machine, if you short out the A1 and B1 pins of an ISA
3467 +slot you will generate an NMI to the CPU. This interrupts even a
3468 +machine that is hung in a loop with interrupts disabled. Used in
3469 +conjunction with kgdb <
3470 +ftp://ftp.gcom.com/pub/linux/src/kgdb-2.3.35/kgdb-2.3.35.tgz > you can
3471 +gain debugger control of a machine that is hung in the kernel! Even
3472 +without kgdb the kernel will print a stack trace so you can find out
3475 +The A1/B1 pins are directly opposite one another and the farthest pins
3476 +towards the bracket end of the ISA bus socket. You can stick a paper
3477 +clip or multi-meter probe between them to short them out.
3479 +I had a spare ISA bus to PC104 bus adapter around. The PC104 end of the
3480 +board consists of two rows of wire wrap pins. So I wired a push button
3481 +between the A1/B1 pins and now have an ISA board that I can stick into
3482 +any ISA bus slot for debugger entry.
3484 +Microsoft has a circuit diagram of a PCI card at
3485 +http://www.microsoft.com/hwdev/DEBUGGING/DMPSW.HTM. If you want to
3486 +build one you will have to mail them and ask for the PAL equations.
3487 +Nobody makes one comercially.
3489 +[THIS TIP COMES WITH NO WARRANTY WHATSOEVER. It works for me, but if
3490 +your machine catches fire, it is your problem, not mine.]
3492 +-- Dave (the kgdb guy)
3493 diff -puN /dev/null Documentation/i386/kgdb/gdb-globals.txt
3494 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3495 +++ 25-akpm/Documentation/i386/kgdb/gdb-globals.txt 2003-06-25 23:14:17.000000000 -0700
3497 +Sender: akale@veritas.com
3498 +Date: Fri, 23 Jun 2000 19:26:35 +0530
3499 +From: "Amit S. Kale" <akale@veritas.com>
3500 +Organization: Veritas Software (India)
3501 +To: Dave Grothe <dave@gcom.com>, linux-kernel@vger.rutgers.edu
3502 +CC: David Milburn <dmilburn@wirespeed.com>,
3503 + "Edouard G. Parmelan" <Edouard.Parmelan@quadratec.fr>,
3504 + ezannoni@cygnus.com, Keith Owens <kaos@ocs.com.au>
3505 +Subject: Re: Module debugging using kgdb
3511 +> There is a 2.4.0 version of kgdb on our ftp site:
3512 +> ftp://ftp.gcom.com/pub/linux/src/kgdb. I mirrored your version of gdb
3513 +> and loadmodule.sh there.
3515 +> Have a look at the README file and see if I go it right. If not, send
3516 +> me some corrections and I will update it.
3518 +> Does your version of gdb solve the global variable problem?
3521 +Thanks to Elena Zanoni, gdb (developement version) can now calculate
3522 +correctly addresses of dynamically loaded object files. I have not been
3523 +following gdb developement for sometime and am not sure when symbol
3524 +address calculation fix is going to appear in a gdb stable version.
3526 +Elena, any idea when the fix will make it to a prebuilt gdb from a
3529 +For the time being I have built a gdb developement version. It can be
3530 +used for module debugging with loadmodule.sh script.
3532 +The problem with calculating of module addresses with previous versions
3533 +of gdb was as follows:
3534 +gdb did not use base address of a section while calculating address of
3535 +a symbol in the section in an object file loaded via 'add-symbol-file'.
3536 +It used address of .text segment instead. Due to this addresses of
3537 +symbols in .data, .bss etc. (e.g. global variables) were calculated incorrectly.
3539 +Above mentioned fix allow gdb to use base address of a segment while
3540 +calculating address of a symbol in it. It adds a parameter '-s' to
3541 +'add-symbol-file' command for specifying base address of a segment.
3543 +loadmodule.sh script works as follows.
3545 +1. Copy a module file to target machine.
3546 +2. Load the module on the target machine using insmod with -m parameter.
3547 +insmod produces a module load map which contains base addresses of all
3548 +sections in the module and addresses of symbols in the module file.
3549 +3. Find all sections and their base addresses in the module from
3551 +4. Generate a script that loads the module file. The script uses
3552 +'add-symbol-file' and specifies address of text segment followed by
3553 +addresses of all segments in the module.
3555 +Here is an example gdb script produced by loadmodule.sh script.
3557 +add-symbol-file foo 0xd082c060 -s .text.lock 0xd08cbfb5
3558 +-s .fixup 0xd08cfbdf -s .rodata 0xd08cfde0 -s __ex_table 0xd08e3b38
3559 +-s .data 0xd08e3d00 -s .bss 0xd08ec8c0 -s __ksymtab 0xd08ee838
3561 +With this command gdb can calculate addresses of symbols in ANY segment
3567 +Veritas Software ( http://www.veritas.com )
3568 diff -puN /dev/null Documentation/i386/kgdb/gdbinit
3569 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3570 +++ 25-akpm/Documentation/i386/kgdb/gdbinit 2003-06-25 23:14:17.000000000 -0700
3572 +shell echo -e "\003" >/dev/ttyS0
3573 +set remotebaud 38400
3574 +target remote /dev/ttyS0
3577 +printf "EAX=%08x EBX=%08x ECX=%08x EDX=%08x\n", $eax, $ebx, $ecx, $edx
3578 +printf "ESI=%08x EDI=%08x EBP=%08x ESP=%08x\n", $esi, $edi, $ebp, $esp
3583 +printf "EAX=%08x EBX=%08x ECX=%08x EDX=%08x\n", $eax, $ebx, $ecx, $edx
3584 +printf "ESI=%08x EDI=%08x EBP=%08x ESP=%08x\n", $esi, $edi, $ebp, $esp
3586 diff -puN /dev/null Documentation/i386/kgdb/gdbinit.hw
3587 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3588 +++ 25-akpm/Documentation/i386/kgdb/gdbinit.hw 2003-06-25 23:14:17.000000000 -0700
3591 +#Using ia-32 hardware breakpoints.
3593 +#4 hardware breakpoints are available in ia-32 processors. These breakpoints
3594 +#do not need code modification. They are set using debug registers.
3596 +#Each hardware breakpoint can be of one of the
3597 +#three types: execution, write, access.
3598 +#1. An Execution breakpoint is triggered when code at the breakpoint address is
3600 +#2. A write breakpoint ( aka watchpoints ) is triggered when memory location
3601 +#at the breakpoint address is written.
3602 +#3. An access breakpoint is triggered when memory location at the breakpoint
3603 +#address is either read or written.
3605 +#As hardware breakpoints are available in limited number, use software
3606 +#breakpoints ( br command in gdb ) instead of execution hardware breakpoints.
3608 +#Length of an access or a write breakpoint defines length of the datatype to
3609 +#be watched. Length is 1 for char, 2 short , 3 int.
3611 +#For placing execution, write and access breakpoints, use commands
3612 +#hwebrk, hwwbrk, hwabrk
3613 +#To remove a breakpoint use hwrmbrk command.
3615 +#These commands take following types of arguments. For arguments associated
3616 +#with each command, use help command.
3617 +#1. breakpointno: 0 to 3
3619 +#3. address: Memory location in hex ( without 0x ) e.g c015e9bc
3621 +#Use the command exinfo to find which hardware breakpoint occured.
3623 +#hwebrk breakpointno address
3625 + maintenance packet Y$arg0,0,0,$arg1
3628 + hwebrk <breakpointno> <address>
3629 + Places a hardware execution breakpoint
3630 + <breakpointno> = 0 - 3
3631 + <address> = Hex digits without leading "0x".
3634 +#hwwbrk breakpointno length address
3636 + maintenance packet Y$arg0,1,$arg1,$arg2
3639 + hwwbrk <breakpointno> <length> <address>
3640 + Places a hardware write breakpoint
3641 + <breakpointno> = 0 - 3
3642 + <length> = 1 (1 byte), 2 (2 byte), 3 (4 byte)
3643 + <address> = Hex digits without leading "0x".
3646 +#hwabrk breakpointno length address
3648 + maintenance packet Y$arg0,1,$arg1,$arg2
3651 + hwabrk <breakpointno> <length> <address>
3652 + Places a hardware access breakpoint
3653 + <breakpointno> = 0 - 3
3654 + <length> = 1 (1 byte), 2 (2 byte), 3 (4 byte)
3655 + <address> = Hex digits without leading "0x".
3658 +#hwrmbrk breakpointno
3660 + maintenance packet y$arg0
3663 + hwrmbrk <breakpointno>
3664 + <breakpointno> = 0 - 3
3665 + Removes a hardware breakpoint
3669 + maintenance packet r
3673 + maintenance packet qE
3677 + Gives information about a breakpoint.
3680 + p $th=(struct thread_info *)((int)$esp & ~8191)
3684 + Gets and prints the current thread_info pointer, Defines th to be it.
3687 + p $cu=(struct thread_info *)((int)$esp & ~8191)->task
3691 + Gets and print the "current" value. Defines $cu to be it.
3694 + set var $flags=$eflags
3695 + set $eflags=$eflags&~0x200
3698 + set var $eflags|=$flags&0x200
3701 + saves the current interrupt state and clears the processor interrupt
3702 + flag. Use int_on to restore the saved flag.
3705 + Restores the interrupt flag saved by int_off.
3707 diff -puN /dev/null Documentation/i386/kgdb/gdbinit-modules
3708 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3709 +++ 25-akpm/Documentation/i386/kgdb/gdbinit-modules 2003-06-25 23:14:17.000000000 -0700
3712 +# Usefull GDB user-command to debug Linux Kernel Modules with gdbstub.
3714 +# This don't work for Linux-2.0 or older.
3716 +# Author Edouard G. Parmelan <Edouard.Parmelan@quadratec.fr>
3719 +# Fri Apr 30 20:33:29 CEST 1999
3720 +# First public release.
3722 +# Major cleanup after experiment Linux-2.0 kernel without success.
3723 +# Symbols of a module are not in the correct order, I can't explain
3726 +# Fri Mar 19 15:41:40 CET 1999
3729 +# Thu Jan 6 16:29:03 CST 2000
3730 +# A little fixing by Dave Grothe <dave@gcom.com>
3732 +# Mon Jun 19 09:33:13 CDT 2000
3733 +# Alignment changes from Edouard Parmelan
3735 +# The basic idea is to find where insmod load the module and inform
3736 +# GDB to load the symbol table of the module with the GDB command
3737 +# ``add-symbol-file <object> <address>''.
3739 +# The Linux kernel holds the list of all loaded modules in module_list,
3740 +# this list end with &kernel_module (exactly with module->next == NULL,
3741 +# but the last module is not a real module).
3743 +# Insmod allocates the struct module before the object file. Since
3744 +# Linux-2.1, this structure contain his size. The real address of
3745 +# the object file is then (char*)module + module->size_of_struct.
3747 +# You can use three user functions ``mod-list'', ``mod-print-symbols''
3748 +# and ``add-module-symbols''.
3750 +# mod-list list all loaded modules with the format:
3751 +# <module-address> <module-name>
3753 +# As soon as you have found the address of your module, you can
3754 +# print its exported symbols (mod-print-symbols) or inform GDB to add
3755 +# symbols from your module file (mod-add-symbols).
3757 +# The argument that you give to mod-print-symbols or mod-add-symbols
3758 +# is the <module-address> from the mod-list command.
3760 +# When using the mod-add-symbols command you must also give the full
3761 +# pathname of the modules object code file.
3763 +# The command mod-add-lis is an example of how to make this easier.
3764 +# You can edit this macro to contain the path name of your own
3765 +# favorite module and then use it as a shorthand to load it. You
3766 +# still need the module-address, however.
3768 +# The internal function ``mod-validate'' set the GDB variable $mod
3769 +# as a ``struct module*'' if the kernel known the module otherwise
3770 +# $mod is set to NULL. This ensure to not add symbols for a wrong
3773 +# Have a nice hacking day !
3777 + set $mod = (struct module*)module_list
3778 + # the last module is the kernel, ignore it
3779 + while $mod != &kernel_module
3780 + printf "%p\t%s\n", (long)$mod, ($mod)->name
3781 + set $mod = $mod->next
3785 +List all modules in the form: <module-address> <module-name>
3786 +Use the <module-address> as the argument for the other
3787 +mod-commands: mod-print-symbols, mod-add-symbols.
3790 +define mod-validate
3791 + set $mod = (struct module*)module_list
3792 + while ($mod != $arg0) && ($mod != &kernel_module)
3793 + set $mod = $mod->next
3795 + if $mod == &kernel_module
3797 + printf "%p is not a module\n", $arg0
3800 +document mod-validate
3801 +mod-validate <module-address>
3802 +Internal user-command used to validate the module parameter.
3803 +If <module> is a real loaded module, set $mod to it otherwise set $mod to 0.
3807 +define mod-print-symbols
3808 + mod-validate $arg0
3811 + while $i < $mod->nsyms
3812 + set $sym = $mod->syms[$i]
3813 + printf "%p\t%s\n", $sym->value, $sym->name
3818 +document mod-print-symbols
3819 +mod-print-symbols <module-address>
3820 +Print all exported symbols of the module. see mod-list
3824 +define mod-add-symbols-align
3825 + mod-validate $arg0
3827 + set $mod_base = ($mod->size_of_struct + (long)$mod)
3828 + if ($arg2 != 0) && (($mod_base & ($arg2 - 1)) != 0)
3829 + set $mod_base = ($mod_base | ($arg2 - 1)) + 1
3831 + add-symbol-file $arg1 $mod_base
3834 +document mod-add-symbols-align
3835 +mod-add-symbols-align <module-address> <object file path name> <align>
3836 +Load the symbols table of the module from the object file where
3837 +first section aligment is <align>.
3838 +To retreive alignment, use `objdump -h <object file path name>'.
3841 +define mod-add-symbols
3842 + mod-add-symbols-align $arg0 $arg1 sizeof(long)
3844 +document mod-add-symbols
3845 +mod-add-symbols <module-address> <object file path name>
3846 +Load the symbols table of the module from the object file.
3847 +Default alignment is 4. See mod-add-symbols-align.
3851 + mod-add-symbols-align $arg0 /usr/src/LiS/streams.o 16
3853 +document mod-add-lis
3854 +mod-add-lis <module-address>
3855 +Does mod-add-symbols <module-address> /usr/src/LiS/streams.o
3857 diff -puN /dev/null Documentation/i386/kgdb/kgdb.txt
3858 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
3859 +++ 25-akpm/Documentation/i386/kgdb/kgdb.txt 2003-06-25 23:14:17.000000000 -0700
3861 +Last edit: <20030506.1615.42>
3862 +This file has information specific to the i386 kgdb option. Other
3863 +platforms with the kgdb option may behave in a similar fashion.
3868 +We are starting to align with the sourceforge version, at least in
3869 +commands. To this end, the boot command sting to start kgdb at
3870 +boot time has been changed from "kgdb" to "gdb".
3872 +Andrew Morton sent a couple of patchs which are now included as follows:
3873 +1.) We now return a flag to the interrupt handler.
3874 +2.) We no longer use smp_num_cpus (a conflict with the lock meter).
3875 +3.) And from William Lee Irwin III <wli@holomorphy.com> code to make
3876 + sure high-mem is set up before we attempt to register our interrupt
3878 +We now include asm/kgdb.h from config.h so you will most likely never
3879 +have to include it. It also 'NULLS' the kgdb macros you might have in
3880 +your code when CONFIG_KGDB is not defined. This allows you to just
3881 +turn off CONFIG_KGDB to turn off all the kgdb_ts() calls and such.
3882 +This include is conditioned on the machine being an x86 so as to not
3883 +mess with other archs.
3886 +This is currently the version for the 2.4.18 (and beyond?) kernel.
3888 +We have several new "features" beginning with this version:
3890 +1.) Kgdb now syncs the "other" cpus with a cross cpu NMI. No more
3891 + waiting and it will pull that guy out of an irq off spin lock :)
3893 +2.) We doctored up the code that tells where a task is waiting and
3894 + included it so that the "info thread" command will show a bit more
3895 + than "schedule()". Try it...
3897 +3.) Added the ability to call a function from gdb. All the standard gdb
3898 + issues apply, i.e. if you hit a break point in the function you are
3899 + not allowed to call another (gdb limitation, not kgdb). T0 help
3900 + this capability we added a memory allocation function. Gdb does not
3901 + return this memory (it is used for stings you pass to that function
3902 + you are calling from gdb) so we fixed up a way to allow you to
3903 + manually return the memory (see below).
3905 +4.) Kgdb time stamps (kgdb_ts()) are enhanced to expand what was the
3906 + interrupt flag to now also include the preemption count and the
3907 + "in_interrupt" info. The flag is now called "with_pif" to indicate
3908 + the order, preempt_count, in_interrupt, flag. The preempt_count is
3909 + shifted left by 4 bits so you can read the count in hex by dropping
3910 + the low order digit. In_interrupt is in bit 1, and the flag is in
3913 +5.) The command: "p kgdb_info" is now expanded and prints something
3916 +$2 = {used_malloc = 0, called_from = 0xc0107506, entry_tsc = 67468627259,
3917 + errcode = 0, vector = 3, print_debug_info = 0, hold_on_sstep = 1,
3918 + cpus_waiting = {{task = 0xc027a000, pid = 32768, hold = 0,
3919 + regs = 0xc027bf84}, {task = 0x0, pid = 0, hold = 0, regs = 0x0}}}
3921 + Things to note here: a.) used_malloc is the amount of memory that
3922 + has been malloc'ed to do calls from gdb. You can reclaim this
3923 + memory like this: "p kgdb_info.used_malloc=0" Cool, huh? b.)
3924 + cpus_waiting is now "sized" by the number of cpus you enter at
3925 + configure time in the kgdb configure section. This is NOT used any
3926 + where else in the system, but it is "nice" here. c.) The tasks
3927 + "pid" is now in the structure. This is the pid you will need to use
3928 + to decode to the thread id to get gdb to look at that thread.
3929 + Remember that the "info thread" command prints a list of threads
3930 + where in it numbers each thread with its reference number followed
3931 + by the threads pid. Note that the per cpu idle threads actually
3932 + have pids of 0 (yes there is more than one pid 0 in an SMP system).
3933 + To avoid confusion, kgdb numbers these threads with numbers beyond
3934 + the MAX_PID. That is why you see 32768 above.
3936 +6.) A subtle change, we now provide the complete register set for tasks
3937 + that are active on the other cpus. This allows better trace back on
3940 + And, lets mention what we could not fix. Back-trace from all but the
3941 + thread that we trapped will, most likely, have a bogus entry in it.
3942 + The problem is that gdb does not recognize the entry code for
3943 + functions that use "current" near (at all?) the entry. The compiler
3944 + is putting the "current" decode as the first two instructions of the
3945 + function where gdb expects to find %ebp changing code. Back trace
3946 + also has trouble with interrupt frames. I am talking with Daniel
3947 + Jacobowitz about some way to fix this, but don't hold your breath.
3950 +Major enhancement with this version is the ability to hold one or more
3951 +cpus in an SMP system while allowing the others to continue. Also, by
3952 +default only the current cpu is enabled on single step commands (please
3953 +note that gdb issues single step commands at times other than when you
3954 +use the si command).
3956 +Another change is to collect some useful information in
3957 +a global structure called "kgdb_info". You should be able to just:
3961 +although I have seen cases where the first time this is done gdb just
3962 +prints the first member but prints the whole structure if you then enter
3963 +CR (carriage return or enter). This also works:
3969 +$4 = {called_from = 0xc010732c, entry_tsc = 32804123790856, errcode = 0,
3970 + vector = 3, print_debug_info = 0}
3972 +"Called_from" is the return address from the current entry into kgdb.
3973 +Sometimes it is useful to know why you are in kgdb, for example, was
3974 +it an NMI or a real break point? The simple way to interrogate this
3979 +which will print the surrounding few lines of source code.
3981 +"Entry_tsc" is the cpu TSC on entry to kgdb (useful to compare to the
3984 +"errcode" and "vector" are other entry parameters which may be helpful on
3987 +"print_debug_info" is the internal debugging kgdb print enable flag. Yes,
3990 +In SMP systems kgdb_info also includes the "cpus_waiting" structure and
3994 +$7 = {called_from = 0xc0112739, entry_tsc = 1034936624074, errcode = 0,
3995 + vector = 2, print_debug_info = 0, hold_on_sstep = 1, cpus_waiting = {{
3996 + task = 0x0, hold = 0, regs = 0x0}, {task = 0xc71b8000, hold = 0,
3997 + regs = 0xc71b9f70}, {task = 0x0, hold = 0, regs = 0x0}, {task = 0x0,
3998 + hold = 0, regs = 0x0}, {task = 0x0, hold = 0, regs = 0x0}, {task = 0x0,
3999 + hold = 0, regs = 0x0}, {task = 0x0, hold = 0, regs = 0x0}, {task = 0x0,
4000 + hold = 0, regs = 0x0}}}
4002 +"Cpus_waiting" has an entry for each cpu other than the current one that
4003 +has been stopped. Each entry contains the task_struct address for that
4004 +cpu, the address of the regs for that task and a hold flag. All these
4005 +have the proper typing so that, for example:
4007 +p *kgdb_info.cpus_waiting[1].regs
4009 +will print the registers for cpu 1.
4011 +"Hold_on_sstep" is a new feature with this version and comes up set or
4012 +true. What is means is that whenever kgdb is asked to single step all
4013 +other cpus are held (i.e. not allowed to execute). The flag applies to
4014 +all but the current cpu and, again, can be changed:
4016 +p kgdb_info.hold_on_sstep=0
4018 +restores the old behavior of letting all cpus run during single stepping.
4020 +Likewise, each cpu has a "hold" flag, which if set, locks that cpu out
4021 +of execution. Note that this has some risk in cases where the cpus need
4022 +to communicate with each other. If kgdb finds no cpu available on exit,
4023 +it will push a message thru gdb and stay in kgdb. Note that it is legal
4024 +to hold the current cpu as long as at least one cpu can execute.
4027 +This version implements an event queue. Events are signaled by calling
4028 +a function in the kgdb stub and may be examined from gdb. See EVENTS
4029 +below for details. This version also tighten up the interrupt and SMP
4030 +handling to not allow interrupts on the way to kgdb from a breakpoint
4031 +trap. It is fine to allow these interrupts for user code, but not
4037 +This version of the kgdb package was developed and tested on
4038 +kernel version 2.4.16. It will not install on any earlier kernels.
4039 +It is possible that it will continue to work on later versions
4040 +of 2.4 and then versions of 2.5 (I hope).
4046 +Designate one machine as the "development" machine. This is the
4047 +machine on which you run your compiles and which has your source
4048 +code for the kernel. Designate a second machine as the "target"
4049 +machine. This is the machine that will run your experimental
4052 +The two machines will be connected together via a serial line out
4053 +one or the other of the COM ports of the PC. You will need a modem
4054 +eliminator and the appropriate cables.
4056 +Decide on which tty port you want the machines to communicate, then
4057 +cable them up back-to-back using the null modem. COM1 is /dev/ttyS0 and
4058 +COM2 is /dev/ttyS1. You should test this connection with the two
4059 +machines prior to trying to debug a kernel. Once you have it working,
4060 +on the TARGET machine, enter:
4062 +setserial /dev/ttyS0 (or what ever tty you are using)
4064 +and record the port and the irq addresses.
4066 +On the DEVELOPMENT machine you need to apply the patch for the kgdb
4067 +hooks. You have probably already done that if you are reading this
4070 +On your DEVELOPMENT machine, go to your kernel source directory and do
4071 +"make Xconfig" where X is one of "x", "menu", or "". If you are
4072 +configuring in the standard serial driver, it must not be a module.
4073 +Either yes or no is ok, but making the serial driver a module means it
4074 +will initialize after kgdb has set up the UART interrupt code and may
4075 +cause a failure of the control C option discussed below. The configure
4076 +question for the serial driver is under the "Character devices" heading
4079 +"Standard/generic (8250/16550 and compatible UARTs) serial support"
4081 +Go down to the kernel debugging menu item and open it up. Enable the
4082 +kernel kgdb stub code by selecting that item. You can also choose to
4083 +turn on the "-ggdb -O1" compile options. The -ggdb causes the compiler
4084 +to put more debug info (like local symbols) in the object file. On the
4085 +i386 -g and -ggdb are the same so this option just reduces to "O1". The
4086 +-O1 reduces the optimization level. This may be helpful in some cases,
4087 +be aware, however, that this may also mask the problem you are looking
4090 +The baud rate. Default is 115200. What ever you choose be sure that
4091 +the host machine is set to the same speed. I recommend the default.
4093 +The port. This is the I/O address of the serial UART that you should
4094 +have gotten using setserial as described above. The standard com1 port
4095 +(3f8) using irq 4 is default . Com2 is 2f8 which by convention uses irq
4098 +The port irq (see above).
4100 +Stack overflow test. This option makes a minor change in the trap,
4101 +system call and interrupt code to detect stack overflow and transfer
4102 +control to kgdb if it happens. (Some platforms have this in the base
4103 +line code, but the i386 does not.)
4105 +You can also configure the system to recognize the boot option
4106 +"console=kgdb" which if given will cause all console output during
4107 +booting to be put thru gdb as well as other consoles. This option
4108 +requires that gdb and kgdb be connected prior to sending console output
4109 +so, if they are not, a breakpoint is executed to force the connection.
4110 +This will happen before any kernel output (it is going thru gdb, right),
4111 +and will stall the boot until the connection is made.
4113 +You can also configure in a patch to SysRq to enable the kGdb SysRq.
4114 +This request generates a breakpoint. Since the serial port irq line is
4115 +set up after any serial drivers, it is possible that this command will
4116 +work when the control C will not.
4118 +Save and exit the Xconfig program. Then do "make clean" , "make dep"
4119 +and "make bzImage" (or whatever target you want to make). This gets the
4120 +kernel compiled with the "-g" option set -- necessary for debugging.
4122 +You have just built the kernel on your DEVELOPMENT machine that you
4123 +intend to run on your TARGET machine.
4125 +To install this new kernel, use the following installation procedure.
4126 +Remember, you are on the DEVELOPMENT machine patching the kernel source
4127 +for the kernel that you intend to run on the TARGET machine.
4129 +Copy this kernel to your target machine using your usual procedures. I
4130 +usually arrange to copy development:
4131 +/usr/src/linux/arch/i386/boot/bzImage to /vmlinuz on the TARGET machine
4132 +via a LAN based NFS access. That is, I run the cp command on the target
4133 +and copy from the development machine via the LAN. Run Lilo (see "man
4134 +lilo" for details on how to set this up) on the new kernel on the target
4135 +machine so that it will boot! Then boot the kernel on the target
4138 +On the DEVELOPMENT machine, create a file called .gdbinit in the
4139 +directory /usr/src/linux. An example .gdbinit file looks like this:
4141 +shell echo -e "\003" >/dev/ttyS0
4142 +set remotebaud 38400 (or what ever speed you have chosen)
4143 +target remote /dev/ttyS0
4146 +Change the "echo" and "target" definition so that it specifies the tty
4147 +port that you intend to use. Change the "remotebaud" definition to
4148 +match the data rate that you are going to use for the com line.
4150 +You are now ready to try it out.
4152 +Boot your target machine with "kgdb" in the boot command i.e. something
4157 +or if you also want console output thru gdb:
4159 +lilo> test kgdb console=kgdb
4161 +You should see the lilo message saying it has loaded the kernel and then
4162 +all output stops. The kgdb stub is trying to connect with gdb. Start
4163 +gdb something like this:
4166 +On your DEVELOPMENT machine, cd /usr/src/linux and enter "gdb vmlinux".
4167 +When gdb gets the symbols loaded it will read your .gdbinit file and, if
4168 +everything is working correctly, you should see gdb print out a few
4169 +lines indicating that a breakpoint has been taken. It will actually
4170 +show a line of code in the target kernel inside the kgdb activation
4173 +The gdb interaction should look something like this:
4175 + linux-dev:/usr/src/linux# gdb vmlinux
4176 + GDB is free software and you are welcome to distribute copies of it
4177 + under certain conditions; type "show copying" to see the conditions.
4178 + There is absolutely no warranty for GDB; type "show warranty" for details.
4179 + GDB 4.15.1 (i486-slackware-linux),
4180 + Copyright 1995 Free Software Foundation, Inc...
4181 + breakpoint () at i386-stub.c:750
4185 +You can now use whatever gdb commands you like to set breakpoints.
4186 +Enter "continue" to start your target machine executing again. At this
4187 +point the target system will run at full speed until it encounters
4188 +your breakpoint or gets a segment violation in the kernel, or whatever.
4190 +If you have the kgdb console enabled when you continue, gdb will print
4191 +out all the console messages.
4193 +The above example caused a breakpoint relatively early in the boot
4194 +process. For the i386 kgdb it is possible to code a break instruction
4195 +as the first C-language point in init/main.c, i.e. as the first instruction
4196 +in start_kernel(). This could be done as follows:
4198 +#include <asm/kgdb.h>
4201 +This breakpoint() is really a function that sets up the breakpoint and
4202 +single-step hardware trap cells and then executes a breakpoint. Any
4203 +early hard coded breakpoint will need to use this function. Once the
4204 +trap cells are set up they need not be set again, but doing it again
4205 +does not hurt anything, so you don't need to be concerned about which
4206 +breakpoint is hit first. Once the trap cells are set up (and the kernel
4207 +sets them up in due course even if breakpoint() is never called) the
4212 +will generate an inline breakpoint. This may be more useful as it stops
4213 +the processor at the instruction instead of in a function a step removed
4214 +from the location of interest. In either case <asm/kgdb.h> must be
4215 +included to define both breakpoint() and BREAKPOINT.
4217 +Triggering kgdbstub at other times
4218 +==================================
4220 +Often you don't need to enter the debugger until much later in the boot
4221 +or even after the machine has been running for some time. Once the
4222 +kernel is booted and interrupts are on, you can force the system to
4223 +enter the debugger by sending a control C to the debug port. This is
4224 +what the first line of the recommended .gdbinit file does. This allows
4225 +you to start gdb any time after the system is up as well as when the
4226 +system is already at a break point. (In the case where the system is
4227 +already at a break point the control C is not needed, however, it will
4228 +be ignored by the target so no harm is done. Also note the the echo
4229 +command assumes that the port speed is already set. This will be true
4230 +once gdb has connected, but it is best to set the port speed before you
4233 +Another simple way to do this is to put the following file in you ~/bin
4237 +echo -e "\003" > /dev/ttyS0
4239 +Here, the ttyS0 should be replaced with what ever port you are using.
4240 +The "\003" is control-C. Once you are connected with gdb, you can enter
4241 +control-C at the command prompt.
4243 +An alternative way to get control to the debugger is to enable the kGdb
4244 +SysRq command. Then you would enter Alt-SysRq-g (all three keys at the
4245 +same time, but push them down in the order given). To refresh your
4246 +memory of the available SysRq commands try Alt-SysRq-=. Actually any
4247 +undefined command could replace the "=", but I like to KNOW that what I
4248 +am pushing will never be defined.
4253 +You can break into the target machine at any time from the development
4254 +machine by typing ^C (see above paragraph). If the target machine has
4255 +interrupts enabled this will stop it in the kernel and enter the
4258 +There is unfortunately no way of breaking into the kernel if it is
4259 +in a loop with interrupts disabled, so if this happens to you then
4260 +you need to place exploratory breakpoints or printk's into the kernel
4261 +to find out where it is looping. The exploratory breakpoints can be
4262 +entered either thru gdb or hard coded into the source. This is very
4263 +handy if you do something like:
4265 +if (<it hurts>) BREAKPOINT;
4268 +There is a copy of an e-mail in the Documentation/i386/kgdb/ directory
4269 +(debug-nmi.txt) which describes how to create an NMI on an ISA bus
4270 +machine using a paper clip. I have a sophisticated version of this made
4271 +by wiring a push button switch into a PC104/ISA bus adapter card. The
4272 +adapter card nicely furnishes wire wrap pins for all the ISA bus
4275 +When you are done debugging the kernel on the target machine it is a
4276 +good idea to leave it in a running state. This makes reboots faster,
4277 +bypassing the fsck. So do a gdb "continue" as the last gdb command if
4278 +this is possible. To terminate gdb itself on the development machine
4279 +and leave the target machine running, first clear all breakpoints and
4280 +continue, then type ^Z to suspend gdb and then kill it with "kill %1" or
4283 +If gdbstub Does Not Work
4284 +========================
4286 +If it doesn't work, you will have to troubleshoot it. Do the easy
4287 +things first like double checking your cabling and data rates. You
4288 +might try some non-kernel based programs to see if the back-to-back
4289 +connection works properly. Just something simple like cat /etc/hosts
4290 +>/dev/ttyS0 on one machine and cat /dev/ttyS0 on the other will tell you
4291 +if you can send data from one machine to the other. Make sure it works
4292 +in both directions. There is no point in tearing out your hair in the
4293 +kernel if the line doesn't work.
4295 +All of the real action takes place in the file
4296 +/usr/src/linux/arch/i386/kernel/kgdb_stub.c. That is the code on the target
4297 +machine that interacts with gdb on the development machine. In gdb you can
4298 +turn on a debug switch with the following command:
4302 +This will print out the protocol messages that gdb is exchanging with
4303 +the target machine.
4305 +Another place to look is /usr/src/arch/i386/lib/kgdb_serial.c This is
4306 +the code that talks to the serial port on the target side. There might
4307 +be a problem there. In particular there is a section of this code that
4308 +tests the UART which will tell you what UART you have if you define
4309 +"PRNT" (just remove "_off" from the #define PRNT_off). To view this
4310 +report you will need to boot the system without any beakpoints. This
4311 +allows the kernel to run to the point where it calls kgdb to set up
4312 +interrupts. At this time kgdb will test the UART and print out the type
4313 +it finds. (You need to wait so that the printks are actually being
4314 +printed. Early in the boot they are cached, waiting for the console to
4315 +be enabled. Also, if kgdb is entered thru a breakpoint it is possible
4316 +to cause a dead lock by calling printk when the console is locked. The
4317 +stub, thus avoids doing printks from break points especially in the
4318 +serial code.) At this time, if the UART fails to do the expected thing,
4319 +kgdb will print out (using printk) information on what failed. (These
4320 +messages will be buried in all the other boot up messages. Look for
4321 +lines that start with "gdb_hook_interrupt:". You may want to use dmesg
4322 +once the system is up to view the log. If this fails or if you still
4323 +don't connect, review your answers for the port address. Use:
4325 +setserial /dev/ttyS0
4327 +to get the current port and irq information. This command will also
4328 +tell you what the system found for the UART type. The stub recognizes
4329 +the following UART types:
4331 +16450, 16550, and 16550A
4333 +If you are really desperate you can use printk debugging in the
4334 +kgdbstub code in the target kernel until you get it working. In particular,
4335 +there is a global variable in /usr/src/linux/arch/i386/kernel/kgdb_stub.c
4336 +named "remote_debug". Compile your kernel with this set to 1, rather
4337 +than 0 and the debug stub will print out lots of stuff as it does
4338 +what it does. Likewise there are debug printks in the kgdb_serial.c
4339 +code that can be turned on with simple changes in the macro defines.
4342 +Debugging Loadable Modules
4343 +==========================
4345 +This technique comes courtesy of Edouard Parmelan
4346 +<Edouard.Parmelan@quadratec.fr>
4348 +When you run gdb, enter the command
4350 +source gdbinit-modules
4352 +This will read in a file of gdb macros that was installed in your
4353 +kernel source directory when kgdb was installed. This file implements
4354 +the following commands:
4357 + Lists the loaded modules in the form <module-address> <module-name>
4359 +mod-print-symbols <module-address>
4360 + Prints all the symbols in the indicated module.
4362 +mod-add-symbols <module-address> <object-file-path-name>
4363 + Loads the symbols from the object file and associates them
4364 + with the indicated module.
4366 +After you have loaded the module that you want to debug, use the command
4367 +mod-list to find the <module-address> of your module. Then use that
4368 +address in the mod-add-symbols command to load your module's symbols.
4369 +From that point onward you can debug your module as if it were a part
4372 +The file gdbinit-modules also contains a command named mod-add-lis as
4373 +an example of how to construct a command of your own to load your
4374 +favorite module. The idea is to "can" the pathname of the module
4375 +in the command so you don't have to type so much.
4380 +Each process in a target machine is seen as a gdb thread. gdb thread
4381 +related commands (info threads, thread n) can be used.
4383 +ia-32 hardware breakpoints
4384 +==========================
4386 +kgdb stub contains support for hardware breakpoints using debugging features
4387 +of ia-32(x86) processors. These breakpoints do not need code modification.
4388 +They use debugging registers. 4 hardware breakpoints are available in ia-32
4391 +Each hardware breakpoint can be of one of the following three types.
4393 +1. Execution breakpoint - An Execution breakpoint is triggered when code
4394 + at the breakpoint address is executed.
4396 + As limited number of hardware breakpoints are available, it is
4397 + advisable to use software breakpoints ( break command ) instead
4398 + of execution hardware breakpoints, unless modification of code
4401 +2. Write breakpoint - A write breakpoint is triggered when memory
4402 + location at the breakpoint address is written.
4404 + A write or can be placed for data of variable length. Length of
4405 + a write breakpoint indicates length of the datatype to be
4406 + watched. Length is 1 for 1 byte data , 2 for 2 byte data, 3 for
4409 +3. Access breakpoint - An access breakpoint is triggered when memory
4410 + location at the breakpoint address is either read or written.
4412 + Access breakpoints also have lengths similar to write breakpoints.
4414 +IO breakpoints in ia-32 are not supported.
4416 +Since gdb stub at present does not use the protocol used by gdb for hardware
4417 +breakpoints, hardware breakpoints are accessed through gdb macros. gdb macros
4418 +for hardware breakpoints are described below.
4420 +hwebrk - Places an execution breakpoint
4421 + hwebrk breakpointno address
4422 +hwwbrk - Places a write breakpoint
4423 + hwwbrk breakpointno length address
4424 +hwabrk - Places an access breakpoint
4425 + hwabrk breakpointno length address
4426 +hwrmbrk - Removes a breakpoint
4427 + hwrmbrk breakpointno
4428 +exinfo - Tells whether a software or hardware breakpoint has occurred.
4429 + Prints number of the hardware breakpoint if a hardware breakpoint has
4432 +Arguments required by these commands are as follows
4433 +breakpointno - 0 to 3
4435 +address - Memory location in hex digits ( without 0x ) e.g c015e9bc
4440 +When a breakpoint occurs or user issues a break ( Ctrl + C ) to gdb
4441 +client, all the processors are forced to enter the debugger. Current
4442 +thread corresponds to the thread running on the processor where
4443 +breakpoint occurred. Threads running on other processor(s) appear
4444 +similar to other non running threads in the 'info threads' output. With
4445 +in the kgdb stub there is a structure "waiting_cpus" in which kgdb
4446 +records the values of "current" and "regs" for each cpu other than the
4447 +one that hit the breakpoint. "current" is a pointer to the task
4448 +structure for the task that cpu is running, while "regs" points to the
4449 +saved registers for the task. This structure can be examined with the
4452 +ia-32 hardware debugging registers on all processors are set to same
4453 +values. Hence any hardware breakpoints may occur on any processor.
4455 +gdb troubleshooting
4456 +===================
4459 +Kill it. restart gdb. Connect to target machine.
4461 +2. gdb cannot connect to target machine (after killing a gdb and
4462 +restarting another) If the target machine was not inside debugger when
4463 +you killed gdb, gdb cannot connect because the target machine won't
4464 +respond. In this case echo "Ctrl+C"(ASCII 3) in the serial line.
4465 +e.g. echo -e "\003" > /dev/ttyS1 This forces that target machine into
4466 +debugger after which you can connect.
4468 +3. gdb cannot connect even after echoing Ctrl+C into serial line
4469 +Try changing serial line settings min to 1 and time to 0
4470 +e.g. stty min 1 time 0 < /dev/ttyS1
4473 +check serial line speed and set it to correct value if required
4474 +e.g. stty ispeed 115200 ospeed 115200 < /dev/ttyS1
4479 +Ever want to know the order of things happening? Which cpu did what and
4480 +when? How did the spinlock get the way it is? Then events are for
4481 +you. Events are defined by calls to an event collection interface and
4482 +saved for later examination. In this case, kgdb events are saved by a
4483 +very fast bit of code in kgdb which is fully SMP and interrupt protected
4484 +and they are examined by using gdb to display them. Kgdb keeps only
4485 +the last N events, where N must be a power of two and is defined at
4489 +Events are signaled to kgdb by calling:
4491 +kgdb_ts(data0,data1)
4493 +For each call kgdb records each call in an array along with other info.
4494 +Here is the array def:
4496 +struct kgdb_and_then_struct {
4500 + long long at_time;
4509 +For SMP machines the cpu is recorded, for all machines the TSC is
4510 +recorded (gets a time stamp) as well as the line number and source file
4511 +the call was made from. The address of the (from), the "if" (interrupt
4512 +flag) and the two data items are also recorded. The macro kgdb_ts casts
4513 +the types to int, so you can put any 32-bit values here. There is a
4514 +configure option to select the number of events you want to keep. A
4515 +nice number might be 128, but you can keep up to 1024 if you want. The
4516 +number must be a power of two. An "andthen" macro library is provided
4517 +for gdb to help you look at these events. It is also possible to define
4518 +a different structure for the event storage and cast the data to this
4519 +structure. For example the following structure is defined in kgdb:
4521 +struct kgdb_and_then_struct2 {
4525 + long long at_time;
4530 + struct task_struct *t1;
4531 + struct task_struct *t2;
4534 +If you use this for display, the data elements will be displayed as
4535 +pointers to task_struct entries. You may want to define your own
4536 +structure to use in casting. You should only change the last two items
4537 +and you must keep the structure size the same. Kgdb will handle these
4538 +as 32-bit ints, but within that constraint you can define a structure to
4539 +cast to any 32-bit quantity. This need only be available to gdb and is
4540 +only used for casting in the display code.
4545 +I picked up this code from Amit S. Kale and enhanced it.
4547 +If you make some really cool modification to this stuff, or if you
4548 +fix a bug, please let me know.
4551 +<george@mvista.com>
4554 +<akale@veritas.com>
4556 +(First kgdb by David Grothe <dave@gcom.com>)
4558 +(modified by Tigran Aivazian <tigran@sco.com>)
4559 + Putting gdbstub into the kernel config menu.
4561 +(modified by Scott Foehner <sfoehner@engr.sgi.com>)
4562 + Hooks for entering gdbstub at boot time.
4564 +(modified by Amit S. Kale <akale@veritas.com>)
4565 + Threads, ia-32 hw debugging, mp support, console support,
4566 + nmi watchdog handling.
4568 +(modified by George Anzinger <george@mvista.com>)
4569 + Extended threads to include the idle threads.
4570 + Enhancements to allow breakpoint() at first C code.
4571 + Use of module_init() and __setup() to automate the configure.
4572 + Enhanced the cpu "collection" code to work in early bring up.
4573 + Added ability to call functions from gdb
4574 + Print info thread stuff without going back to schedule()
4575 + Now collect the "other" cpus with a IPI/ NMI.
4576 \ No newline at end of file
4577 diff -puN /dev/null Documentation/i386/kgdb/loadmodule.sh
4578 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
4579 +++ 25-akpm/Documentation/i386/kgdb/loadmodule.sh 2003-06-25 23:14:17.000000000 -0700
4582 +# This script loads a module on a target machine and generates a gdb script.
4583 +# source generated gdb script to load the module file at appropriate addresses
4587 +# Loading the module on target machine and generating gdb script)
4588 +# [foo]$ loadmodule.sh <modulename>
4590 +# Loading the module file into gdb
4591 +# (gdb) source <gdbscriptpath>
4593 +# Modify following variables according to your setup.
4594 +# TESTMACHINE - Name of the target machine
4595 +# GDBSCRIPTS - The directory where a gdb script will be generated
4597 +# Author: Amit S. Kale (akale@veritas.com).
4599 +# If you run into problems, please check files pointed to by following
4601 +# ERRFILE - /tmp/<modulename>.errs contains stderr output of insmod
4602 +# MAPFILE - /tmp/<modulename>.map contains stdout output of insmod
4603 +# GDBSCRIPT - $GDBSCRIPTS/load<modulename> gdb script.
4606 +GDBSCRIPTS=/home/bar
4608 +if [ $# -lt 1 ] ; then {
4609 + echo Usage: $0 modulefile
4614 +MODULEFILEBASENAME=`basename $1`
4616 +if [ $MODULEFILE = $MODULEFILEBASENAME ] ; then {
4617 + MODULEFILE=`pwd`/$MODULEFILE
4620 +ERRFILE=/tmp/$MODULEFILEBASENAME.errs
4621 +MAPFILE=/tmp/$MODULEFILEBASENAME.map
4622 +GDBSCRIPT=$GDBSCRIPTS/load$MODULEFILEBASENAME
4624 +function findaddr() {
4625 + local ADDR=0x$(echo "$SEGMENTS" | \
4626 + grep "$1" | sed 's/^[^ ]*[ ]*[^ ]*[ ]*//' | \
4627 + sed 's/[ ]*[^ ]*$//')
4631 +function checkerrs() {
4632 + if [ "`cat $ERRFILE`" != "" ] ; then {
4639 +echo Copying $MODULEFILE to $TESTMACHINE
4640 +rcp $MODULEFILE root@${TESTMACHINE}:
4642 +echo Loading module $MODULEFILE
4643 +rsh -l root $TESTMACHINE /sbin/insmod -m ./`basename $MODULEFILE` \
4644 + > $MAPFILE 2> $ERRFILE
4647 +SEGMENTS=`head -n 11 $MAPFILE | tail -n 10`
4648 +TEXTADDR=$(findaddr "\\.text[^.]")
4649 +LOADSTRING="add-symbol-file $MODULEFILE $TEXTADDR"
4650 +SEGADDRS=`echo "$SEGMENTS" | awk '//{
4651 + if ($1 != ".text" && $1 != ".this" &&
4652 + $1 != ".kstrtab" && $1 != ".kmodtab") {
4653 + print " -s " $1 " 0x" $3 " "
4656 +LOADSTRING="$LOADSTRING $SEGADDRS"
4657 +echo Generating script $GDBSCRIPT
4658 +echo $LOADSTRING > $GDBSCRIPT
4659 diff -puN drivers/char/keyboard.c~kgdb-ga drivers/char/keyboard.c
4660 --- 25/drivers/char/keyboard.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
4661 +++ 25-akpm/drivers/char/keyboard.c 2003-06-25 23:14:17.000000000 -0700
4662 @@ -1055,6 +1055,9 @@ void kbd_keycode(unsigned int keycode, i
4664 if (sysrq_down && down && !rep) {
4665 handle_sysrq(kbd_sysrq_xlate[keycode], regs, tty);
4666 +#ifdef CONFIG_KGDB_SYSRQ
4667 + sysrq_down = 0; /* in case we miss the "up" event */
4672 diff -puN drivers/char/sysrq.c~kgdb-ga drivers/char/sysrq.c
4673 --- 25/drivers/char/sysrq.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
4674 +++ 25-akpm/drivers/char/sysrq.c 2003-06-25 23:14:17.000000000 -0700
4676 #include <linux/spinlock.h>
4678 #include <asm/ptrace.h>
4679 +#ifdef CONFIG_KGDB_SYSRQ
4681 +#define GDB_OP &kgdb_op
4682 +static struct sysrq_key_op kgdb_op={
4683 + handler: (void*)breakpoint,
4684 + help_msg: "kGdb ",
4685 + action_msg: "Debug breakpoint\n",
4689 +#define GDB_OP NULL
4693 extern void reset_vc(unsigned int);
4694 extern struct list_head super_blocks;
4695 @@ -240,7 +253,7 @@ static struct sysrq_key_op *sysrq_key_ta
4697 /* e */ &sysrq_term_op,
4702 /* i */ &sysrq_kill_op,
4704 diff -puN drivers/serial/8250.c~kgdb-ga drivers/serial/8250.c
4705 --- 25/drivers/serial/8250.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
4706 +++ 25-akpm/drivers/serial/8250.c 2003-06-25 23:14:17.000000000 -0700
4707 @@ -823,7 +823,7 @@ receive_chars(struct uart_8250_port *up,
4708 if (unlikely(tty->flip.count >= TTY_FLIPBUF_SIZE)) {
4709 tty->flip.work.func((void *)tty);
4710 if (tty->flip.count >= TTY_FLIPBUF_SIZE)
4711 - return; // if TTY_DONT_FLIP is set
4712 + return; /* if TTY_DONT_FLIP is set */
4714 ch = serial_inp(up, UART_RX);
4715 *tty->flip.char_buf_ptr = ch;
4716 @@ -1183,13 +1183,20 @@ static void serial8250_break_ctl(struct
4717 serial_out(up, UART_LCR, up->lcr);
4718 spin_unlock_irqrestore(&up->port.lock, flags);
4721 +static int kgdb_irq = -1;
4724 static int serial8250_startup(struct uart_port *port)
4726 struct uart_8250_port *up = (struct uart_8250_port *)port;
4727 unsigned long flags;
4731 + if ( up->port.irq == kgdb_irq){
4735 if (up->port.type == PORT_16C950) {
4736 /* Wake up and initialize UART */
4738 @@ -1853,6 +1860,11 @@ static void __init serial8250_register_p
4739 for (i = 0; i < UART_NR; i++) {
4740 struct uart_8250_port *up = &serial8250_ports[i];
4743 + if(up->port.irq == kgdb_irq){
4744 + up->port.iobase = up->port.mapbase = 0;
4748 up->port.ops = &serial8250_pops;
4749 init_timer(&up->timer);
4750 @@ -2116,7 +2128,31 @@ void serial8250_resume_port(int line, u3
4752 uart_resume_port(&serial8250_reg, &serial8250_ports[line].port, level);
4757 + * Find all the ports using the given irq and shut them down.
4758 + * Result should be that the irq will be released.
4760 +void shutdown_for_kgdb(struct async_struct * info)
4762 + int irq = info->state->irq;
4763 + struct uart_8250_port *up;
4766 + kgdb_irq = irq; /* save for later init */
4767 + for (ttyS = 0; ttyS < UART_NR; ttyS++){
4768 + up = &serial8250_ports[ttyS];
4769 + if( up->port.irq == irq && (irq_lists + irq)->head){
4770 +#ifdef CONFIG_DEBUG_SPINLOCK /* ugly business... */
4771 + if(up->port.lock.magic != SPINLOCK_MAGIC){
4772 + spin_lock_init(&up->port.lock);
4775 + serial8250_shutdown(&up->port);
4780 static int __init serial8250_init(void)
4783 diff -puN include/asm-i386/bugs.h~kgdb-ga include/asm-i386/bugs.h
4784 --- 25/include/asm-i386/bugs.h~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
4785 +++ 25-akpm/include/asm-i386/bugs.h 2003-06-25 23:14:17.000000000 -0700
4788 * include/asm-i386/bugs.h
4790 - * Copyright (C) 1994 Linus Torvalds
4791 + * Copyright (C) 1994 Linus Torvalds
4793 * Cyrix stuff, June 1998 by:
4794 * - Rafael R. Reilova (moved everything from head.S),
4795 - * <rreilova@ececs.uc.edu>
4796 + * <rreilova@ececs.uc.edu>
4797 * - Channing Corn (tests & fixes),
4798 * - Andrew D. Balsa (code cleanup).
4801 #include <asm/processor.h>
4802 #include <asm/i387.h>
4803 #include <asm/msr.h>
4807 + * Provied the command line "gdb" initial break
4809 +int __init kgdb_initial_break(char * str)
4811 + if (*str == '\0'){
4817 +__setup("gdb",kgdb_initial_break);
4819 static int __init no_halt(char *s)
4821 boot_cpu_data.hlt_works_ok = 0;
4822 @@ -140,7 +153,7 @@ static void __init check_popad(void)
4824 /* If this fails, it means that any user program may lock the CPU hard. Too bad. */
4825 if (res != 12345678) printk( "Buggy.\n" );
4826 - else printk( "OK.\n" );
4827 + else printk( "OK.\n" );
4831 diff -puN /dev/null include/asm-i386/kgdb.h
4832 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
4833 +++ 25-akpm/include/asm-i386/kgdb.h 2003-06-25 23:14:17.000000000 -0700
4839 + * This file should not include ANY others. This makes it usable
4840 + * most anywhere without the fear of include order or inclusion.
4843 + * This file may be included all the time. It is only active if
4844 + * CONFIG_KGDB is defined, otherwise it stubs out all the macros
4845 + * and entry points.
4847 +#if defined(CONFIG_KGDB) && !defined(__ASSEMBLY__)
4849 +extern void breakpoint(void);
4850 +#define INIT_KGDB_INTS kgdb_enable_ints()
4853 +#define BREAKPOINT asm(" int $3")
4856 + * GDB debug stub (or any debug stub) can point the 'linux_debug_hook'
4857 + * pointer to its routine and it will be entered as the first thing
4858 + * when a trap occurs.
4860 + * Return values are, at present, undefined.
4862 + * The debug hook routine does not necessarily return to its caller.
4863 + * It has the register image and thus may choose to resume execution
4864 + * anywhere it pleases.
4868 +extern int kgdb_handle_exception(int trapno,
4869 + int signo, int err_code, struct pt_regs *regs);
4870 +extern int in_kgdb(struct pt_regs *regs);
4872 +#ifdef CONFIG_KGDB_TS
4873 +void kgdb_tstamp(int line, char *source, int data0, int data1);
4875 + * This is the time stamp function. The macro adds the source info and
4876 + * does a cast on the data to allow most any 32-bit value.
4879 +#define kgdb_ts(data0,data1) kgdb_tstamp(__LINE__,__FILE__,(int)data0,(int)data1)
4881 +#define kgdb_ts(data0,data1)
4883 +#else /* CONFIG_KGDB && ! __ASSEMBLY__ ,stubs follow... */
4887 +#define kgdb_ts(data0,data1)
4889 +#define kgdb_handle_exception
4891 +#define INIT_KGDB_INTS
4893 +#endif /* __KGDB */
4894 diff -puN /dev/null include/asm-i386/kgdb_local.h
4895 --- /dev/null 2002-08-30 16:31:37.000000000 -0700
4896 +++ 25-akpm/include/asm-i386/kgdb_local.h 2003-06-25 23:14:17.000000000 -0700
4898 +#ifndef __KGDB_LOCAL
4899 +#define ___KGDB_LOCAL
4900 +#include <linux/config.h>
4901 +#include <linux/types.h>
4902 +#include <linux/serial.h>
4903 +#include <linux/serialP.h>
4904 +#include <linux/spinlock.h>
4905 +#include <asm/processor.h>
4906 +#include <asm/msr.h>
4907 +#include <asm/kgdb.h>
4910 +#ifdef CONFIG_KGDB_PORT
4912 +#define PORT CONFIG_KGDB_PORT
4915 +#ifdef CONFIG_KGDB_IRQ
4917 +#define IRQ CONFIG_KGDB_IRQ
4919 +#define SB_CLOCK 1843200
4920 +#define SB_BASE (SB_CLOCK/16)
4921 +#define SB_BAUD9600 SB_BASE/9600
4922 +#define SB_BAUD192 SB_BASE/19200
4923 +#define SB_BAUD384 SB_BASE/38400
4924 +#define SB_BAUD576 SB_BASE/57600
4925 +#define SB_BAUD1152 SB_BASE/115200
4926 +#ifdef CONFIG_KGDB_9600BAUD
4927 +#define SB_BAUD SB_BAUD9600
4929 +#ifdef CONFIG_KGDB_19200BAUD
4930 +#define SB_BAUD SB_BAUD192
4932 +#ifdef CONFIG_KGDB_38400BAUD
4933 +#define SB_BAUD SB_BAUD384
4935 +#ifdef CONFIG_KGDB_57600BAUD
4936 +#define SB_BAUD SB_BAUD576
4938 +#ifdef CONFIG_KGDB_115200BAUD
4939 +#define SB_BAUD SB_BAUD1152
4942 +#define SB_BAUD SB_BAUD1152 /* Start with this if not given */
4945 +#ifndef CONFIG_X86_TSC
4947 +#define rdtsc(a,b) if (a++ > 10000){a = 0; b++;}
4949 +#define rdtscll(s) s++
4952 +#ifdef _raw_read_unlock /* must use a name that is "define"ed, not an inline */
4954 +#undef spin_trylock
4956 +#define spin_lock _raw_spin_lock
4957 +#define spin_trylock _raw_spin_trylock
4958 +#define spin_unlock _raw_spin_unlock
4961 +#undef spin_unlock_wait
4962 +#define spin_unlock_wait(x) do { cpu_relax(); barrier();} \
4963 + while(spin_is_locked(x))
4966 +#define SB_MCR UART_MCR_OUT2 | UART_MCR_DTR | UART_MCR_RTS
4969 +#define SB_STATE { \
4970 + magic: SSTATE_MAGIC, \
4971 + baud_base: SB_BASE, \
4975 + custom_divisor:SB_BAUD}
4976 +#define SB_INFO { \
4977 + magic: SERIAL_MAGIC, \
4978 + port: PORT,0,FLAGS, \
4980 + tty: (struct tty_struct *)&state, \
4983 +extern void putDebugChar(int);
4984 +/* RTAI support needs us to really stop/start interrupts */
4986 +#define kgdb_sti() __asm__ __volatile__("sti": : :"memory")
4987 +#define kgdb_cli() __asm__ __volatile__("cli": : :"memory")
4988 +#define kgdb_local_save_flags(x) __asm__ __volatile__(\
4989 + "pushfl ; popl %0":"=g" (x): /* no input */)
4990 +#define kgdb_local_irq_restore(x) __asm__ __volatile__(\
4991 + "pushl %0 ; popfl": \
4992 + /* no output */ :"g" (x):"memory", "cc")
4993 +#define kgdb_local_irq_save(x) kgdb_local_save_flags(x); kgdb_cli()
4995 +#ifdef CONFIG_SERIAL
4996 +extern void shutdown_for_kgdb(struct async_struct *info);
4998 +#define INIT_KDEBUG putDebugChar("+");
4999 +#endif /* __KGDB_LOCAL */
5000 diff -puN include/linux/config.h~kgdb-ga include/linux/config.h
5001 --- 25/include/linux/config.h~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
5002 +++ 25-akpm/include/linux/config.h 2003-06-25 23:14:17.000000000 -0700
5004 #define _LINUX_CONFIG_H
5006 #include <linux/autoconf.h>
5008 +#include <asm/kgdb.h>
5012 diff -puN kernel/sched.c~kgdb-ga kernel/sched.c
5013 --- 25/kernel/sched.c~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
5014 +++ 25-akpm/kernel/sched.c 2003-06-25 23:14:17.000000000 -0700
5015 @@ -1604,6 +1604,13 @@ out_unlock:
5016 task_rq_unlock(rq, &flags);
5019 +#if defined( CONFIG_KGDB)
5020 +struct task_struct * kgdb_get_idle(int this_cpu)
5022 + return runqueues[this_cpu].idle;
5029 diff -puN MAINTAINERS~kgdb-ga MAINTAINERS
5030 --- 25/MAINTAINERS~kgdb-ga 2003-06-25 23:14:17.000000000 -0700
5031 +++ 25-akpm/MAINTAINERS 2003-06-25 23:14:17.000000000 -0700
5032 @@ -1059,6 +1059,12 @@ L: kbuild-devel@lists.sourceforge.net
5033 W: http://kbuild.sourceforge.net
5036 +KGDB FOR I386 PLATFORM
5038 +M: george@mvista.com
5039 +L: linux-net@vger.kernel.org
5044 M: neilb@cse.unsw.edu.au