Arm drive Debugging method, thought summary, notes

Debugging of the driver
I. Print: Prink, homemade proc File
Uboot Incoming CONSOLE=TTYSAC0 console=tty1
1. Kernel processing uboot Incoming parameters
Console_setup
Add_preferred_console//I want to use a console called "ttySAC0" to record it first

2. In the hardware-driven entry function:
Drivers/serial/s3c2410.c
Register_console (&s3c24xx_serial_console);

3. PRINTK
Vprintk
/* Emit the output into the temporary buffer */
First put the output information into the temporary buffer
vscnprintf

Copy the output into log_buf.
The data in the temporary buffer is processed slightly and then written to Log_buf
For example, PRINTK ("abc") will get "<4>ABC", then write Log_buf
The DMESG command can be used to print the data in the LOG_BUF to reproduce the output information of the kernel.


Call the Write function output of the hardware
Release_console_sem ();
Call_console_drivers (_con_start, _log_end);
Get the data from LOG_BUF and figure out the print level
_call_console_drivers (Start_print, Cur_index, msg_level);
If you can print at a level qualified
if ((Msg_log_level < Console_loglevel
__call_console_drivers
Con->write (Con, &log_buf (start), End-start);

Two. Analysis of segment error messages based on kernel printing
A. As a module:
1. Determine whether the instruction is a kernel or an additional module according to the PC value
pc=0xbf000018 What address does it belong to? Is it a kernel or a driver that is loaded via insmod?
First determine if the address belongs to the kernel: see System.map The address range of the function that determines the kernel: c0004000~c03265a4

If it is not within the scope of the System.map, it belongs to the Insmod loaded driver

2. Suppose it is an error introduced by the loaded driver, how to determine which driver is it?
First look at the address range of the loaded driver's function
Cat/proc/kallsyms (kernel function, address of loaded function)
Find a similar address from this information, this address <=0xbf000018
For example, find:
bf000000 T First_drv_open[first_drv]

3. Found the First_drv.ko
Disassemble it on the PC: Arm-linux-objdump-d First_drv.ko > Frist_drv.dis
Found the first_drv_open in the dis file.

After insmod in First_drv.dis file
00000000 <first_drv_open>: bf000000 T First_drv_open[first_drv]
00000018 pc = bf000018

./firstdrvtest on
Unable to handle kernel paging request at virtual address 56000050
An error occurred during kernel access with 56000050来

PGD = c3eb0000
[56000050] *pgd=00000000
Internal Error:oops:5 [#1]
Modules linked In:first_drv
Cpu:0 not tainted (2.6.22.6 #1)
PC is at first_drv_open+0x18 (offset of this instruction)/0x3c (total size of the function) [First_drv]
The PC is the address of the instruction where the error occurred
Most of the time, the PC value will only give an address, not to indicate in which function

LR is at chrdev_open+0x14c/0x164
The value of the LR register

PC = 0xbf000018

PC: [<bf000018>] LR: [<c008d888>] psr:a0000013
Sp:c3c7be88 ip:c3c7be98 fp:c3c7be94
r10:00000000 r9:c3c7a000 r8:c049abc0
r7:00000000 r6:00000000 r5:c3e740c0 r4:c06d41e0
r3:bf000000 r2:56000050 r1:bf000964 r0:00000000
The value of each register when executing the instruction that caused the error

FLAGS:NZCV IRQs on Fiqs on Mode svc_32 Segment user
control:c000717f table:33eb0000 dac:00000015
Process firstdrvtest (pid:777, stack limit = 0xc3c7a258)
The name of the current process when an error occurs is Firstdrvtest

Stack
Stack: (0xc3c7be88 to 0xc3c7c000)
Be80:c3c7bebc c3c7be98 c008d888 bf000010 00000000 c049abc0
BEA0:C3E740C0 c008d73c c0474e20 c3e766a8 c3c7bee4 c3c7bec0 c0089e48 c008d74c
bec0:c049abc0 c3c7bf04 00000003 ffffff9c c002c044 c3d10000 C3C7BEFC c3c7bee8
BEE0:C0089F64 c0089d58 00000000 00000002 c3c7bf68 c3c7bf00 c0089fb8 c0089f40
bf00:c3c7bf04 c3e766a8 C0474e20 00000000 00000000 c3eb1000 00000101 00000001
bf20:00000000 c3c7a000 c04a7468 c04a7460 ffffffe8 c3d10000 c3c7bf68 c3c7bf48
bf40:c008a16c c009fc70 00000003 00000000 c049abc0 00000002 bec1fee0 c3c7bf94
BF60:C3C7BF6C c008a2f4 c0089f88 00008520 bec1fed4 0000860c 00008670 00000005
bf80:c002c044 4013365c c3c7bfa4 c3c7bf98 c008a3a8 c008a2b0 00000000 C3c7bfa8
bfa0:c002bea0 c008a394 bec1fed4 0000860c 00008720 00000002 bec1fee0 00000001
Bfc0:bec1fed4 0000860c 00008670 00000002 00008520 00000000 4013365c bec1fea8
bfe0:00000000 bec1fe84 0000266c 400c98e0 60000010 00008720 00000000 00000000

BackTrace: (backtracking)
[<bf000000>] (first_drv_open+0x0/0x3c [first_drv]) from [<c008d888>] (chrdev_open+ 0x14c/0x164)
[<c008d73c>] (chrdev_open+0x0/0x164) from [<c0089e48>] (__dentry_open+0x100/0x1e8)
R8:c3e766a8 r7:c0474e20 r6:c008d73c r5:c3e740c0 r4:c049abc0
[<c0089d48>] (__dentry_open+0x0/0x1e8) from [ <c0089f64>] (nameidata_to_filp+0x34/0x48)
[<c0089f30>] (nameidata_to_filp+0x0/0x48) from [< C0089fb8>] (do_filp_open+0x40/0x48)
r4:00000002
[<c0089f78>] (do_filp_open+0x0/0x48) from [< C008a2f4>] (do_sys_open+0x54/0xe4)
R5:bec1fee0 r4:00000002
[<c008a2a0>] (Do_sys_open+0x0/0xe4) from [<c008a3a8>] (sys_open+0x24/0x28)
[<c008a384>] (sys_open+0x0/0x28) from [<c002bea0>] (ret_fast_syscall+0x0/0x2c)
code:e24cb004 e59f1024 e3a00000 e5912000 (e5923000)
Segmentation fault
#

B. programmed into the kernel
Modules Linked In:
Cpu:0 not tainted (2.6.22.6 #2)
PC is at first_drv_open+0x18/0x3c
LR is at chrdev_open+0x14c/0x164
PC: [<c014e6c0>] LR: [<c008638c>] psr:a0000013
Sp:c3a03e88 ip:c3a03e98 fp:c3a03e94
r10:00000000 r9:c3a02000 R8:C03F3C60
r7:00000000 r6:00000000 R5:C38A0C50 r4:c3c1e780
R3:c014e6a8 r2:56000050 r1:c031a47c r0:00000000
FLAGS:NZCV IRQs on Fiqs on Mode svc_32 Segment user
control:c000717f table:339f0000 dac:00000015
Process firstdrvtest (pid:750, stack limit = 0xc3a02258)

1. Determine whether the instruction is a kernel or an additional module according to the PC value
Pc=c014e6c0 belongs to the kernel (see SYSTEM.MAP)

2. Disassembly kernel: arm-linux-objdump-d vmlinux > Vmlinux.dis
Search the dis file for c014e6c0.
C014e6a8 <first_drv_open>:
C014E6A8:E1A0C00D mov IP, SP
c014e6ac:e92dd800 Stmdb sp!, {fp, IP, LR, PC}
c014e6b0:e24cb004 Sub fp, IP, #4; 0x4
c014e6b4:e59f1024 LDR R1, [pc, #36]; C014e6e0 <.text+0x1276e0>
c014e6b8:e3a00000 mov r0, #0; 0x0
c014e6bc:e5912000 LDR R2, [R1]
c014e6c0:e5923000 LDR R3, [R2]//error in this r2=56000050

3. Analyze function call procedure according to stack information
#./firstdrvtest on
Unable to handle kernel paging request at virtual address 56000050
PGD = c3e78000
[56000050] *pgd=00000000
Internal Error:oops:5 [#1]
Modules linked In:first_drv
Cpu:0 not tainted (2.6.22.6 #48)
PC is at first_drv_open+0x18/0x3c [First_drv]
LR is at chrdev_open+0x14c/0x164
PC: [<bf000018>] LR: [<c008c888>] psr:a0000013
3.1 Determine the error location based on the PC
bf000018 belongs to Insmod module
bf000000 T First_drv_open [First_drv]

3.2 Determine which function it belongs to
Disassembly First_drv.ko

Sp:c3e69e88 ip:c3e69e98 fp:c3e69e94
r10:00000000 r9:c3e68000 r8:c0490620
r7:00000000 r6:00000000 r5:c3e320a0 r4:c06a8300
r3:bf000000 r2:56000050 r1:bf000964 r0:00000000
FLAGS:NZCV IRQs on Fiqs on Mode svc_32 Segment user
control:c000717f table:33e78000 dac:00000015
Process firstdrvtest (pid:752, stack limit = 0xc3e68258)
Stack: (0xc3e69e88 to 0xc3e6a000)
9e80:c3e69ebc c3e69e98 c008c888 bf000010 00000000 c0490620
First_drv_open ' sp LR chrdev_open ' SP

9ea0:c3e320a0 c008c73c c0465e20 c3e36cb4 c3e69ee4 c3e69ec0 c0088e48 c008c74c
Lr

9ec0:c0490620 c3e69f04 00000003 ffffff9c c002b044 c06e0000 C3E69EFC c3e69ee8
__dentry_open ' SP

9EE0:C0088F64 c0088d58 00000000 00000002 c3e69f68 c3e69f00 c0088fb8 c0088f40
LR Nameidata_to_filp ' SP LR

9f00:c3e69f04 c3e36cb4 C0465e20 00000000 00000000 c3e79000 00000101 00000001
Do_filp_open ' SP

9f20:00000000 c3e68000 c04c1468 c04c1460 ffffffe8 c06e0000 c3e69f68 c3e69f48
9f40:c008916c c009ec70 00000003 00000000 c0490620 00000002 be94eee0 c3e69f94
9F60:C3E69F6C c00892f4 c0088f88 00008520 be94eed4 0000860c 00008670 00000005
LR Do_sys_open ' SP

9f80:c002b044 4013365c c3e69fa4 c3e69f98 c00893a8 c00892b0 00000000 C3e69fa8
LR Sys_open ' SP

9fa0:c002aea0 c0089394 be94eed4 0000860c 00008720 00000002 be94eee0 00000001
LR Ret_fast_syscall ' SP

9fc0:be94eed4 0000860c 00008670 00000002 00008520 00000000 4013365c be94eea8
9fe0:00000000 be94ee84 0000266c 400c98e0 60000010 00008720 00000000 00000000

Three. Homemade Tools
Register Editor

Four. Modify the kernel to locate the system zombie problem
./firstdrvtest on
Asm_do_irq = S3c2410_timer_interrupt:pid = 752, Task name = FIRSTDR Vtest
pc = bf000084
Asm_do_irq = s3c2410_timer_interrupt:pid = 752, Task name = firstdrvtest
PC = bf000084 For interrupts, the pc-4 is the address where the interrupt occurs immediately

See/proc/kallsyms
First_drv.dis
00000000 <first_drv_open>: bf000000 T First_drv_open[first_drv]
0000003C <first_drv_write>:
3c:e1a0c00d MOVIP, SP
40:e92dd800 stmdbsp!, {fp, IP, LR, PC}
44:e24cb004 SUBFP, IP, #4; 0x4
48:e24dd004 subsp, sp, #4; 0x4
4c:e3cd3d7f BICR3, SP, #8128; 0x1fc0
50:e3c3303f BICR3, R3, #63; 0x3f
54:e5933008 LDRR3, [R3, #8]
58:e0910002 addsr0, R1, R2
5c:30d00003 sbcccsr0, R0, R3
60:33a03000 MOVCCR3, #0; 0x0
64:e3530000 CMPR3, #0; 0x0
68:e24b0010 subr0, FP, #16; 0x10
6c:1a00001c bnee4 <init_module+0x5c>
70:ebfffffe bl70 <first_drv_write+0x34>
74:ea00001f Bf8 <init_module+0x70>
78:e3520000 CMPR2, #0; 0x0
7c:11a01002 Movner1, R2
80:1bfffffe blne80 <first_drv_write+0x44>//Card dead Place
84:ea00001f b108 <init_module+0x80>

Arm drive Debugging method, thought summary, notes