Êíèãà: Embedded Linux Primer: A Practical, Real-World Approach
14.3.4. Useful Kernel gdb Macros
14.3.4. Useful Kernel gdb Macros
During kernel debugging, it is often useful to view the processes that are running on the system, as well as some common attributes of those processes. The kernel maintains a linked list of tasks described by struct task_struct. The address of the first task in the list is contained in the kernel global variable init_task, which represents the initial task spawned by the kernel during startup. Each task contains a struct list_head, which links the tasks in a circular linked list. These two ubiquitous kernel structures are described in the following header files:
struct task_struct .../include/linux/sched.h
struct list_head .../include/linux/list.h
Using gdb macros, we can traverse the task list and display useful information about the tasks. It is easy to modify the macros to extract the data you might be interested in. It is also a very useful tool for learning the details of kernel internals.
The first macro we examine (in Listing 14-11) is a simple one that searches the kernel's linked list of task_struct structures until it finds the given task. If it is found, it displays the name of the task.
Listing 14-11. gdb find_task Macro
1 # Helper function to find a task given a PID or the
2 # address of a task_struct.
3 # The result is set into $t
4 define find_task
5 # Addresses greater than _end: kernel data...
6 # ...user passed in an address
7 if ((unsigned)$arg0 > (unsigned)&_end)
8 set $t=(struct task_struct *)$arg0
9 else
10 # User entered a numeric PID
11 # Walk the task list to find it
12 set $t=&init_task
13 if (init_task.pid != (unsigned)$arg0)
14 find_next_task $t
15 while (&init_task!=$t && $t->pid != (unsigned)$arg0)
16 find_next_task $t
17 end
18 if ($t == &init_task)
19 printf "Couldn't find task; using init_taskn"
20 end
21 end
22 end
23 printf "Task "%s":n", $t->comm
24 end
Place this text into your .gdbinit file and restart gdb, or source[95] it using gdb's source command. (We explain the find_next_task macro later in Listing 14-15.) Invoke it as follows:
(gdb) find_task 910
Task "syslogd":
or
(gdb) find_task 0xCFFDE470
Task "bash":
Line 4 defines the macro name. Line 7 decides whether the input argument is a PID (numeric entry starting at zero and limited to a few million) or a task_struct address that must be greater than the end of the Linux kernel image itself, defined by the symbol _end.[96] If it's an address, the only action required is to cast it to the proper type to enable dereferencing the associated task_struct. This is done at line 8. As the comment in line 3 states, this macro returns a gdb convenience variable typecasted to a pointer to a struct task_struct.
If the input argument is a numeric PID, the list is traversed to find the matching task_struct. Lines 12 and 13 initialize the loop variables (gdb does not have a for statement in its macro command language), and lines 15 through 17 define the search loop. The find_next_task macro is used to extract the pointer to the next task_struct in the linked list. Finally, if the search fails, a sane return value is set (the address of init_task) so that it can be safely used in other macros.
Building on the find_task macro in Listing 14-11, we can easily create a simple ps command that displays useful information about each process running on the system.
Listing 14-12 defines a gdb macro that displays interesting information from a running process, extracted from the struct task_struct for the given process. It is invoked like any other gdb command, by typing its name followed by any required input parameters. Notice that this user-defined command requires a single argument, either a PID or the address of a task_struct.
Listing 14-12. gdb Macro: Print Process Information
1 define ps
2 # Print column headers
3 task_struct_header
4 set $t=&init_task
5 task_struct_show $t
6 find_next_task $t
7 # Walk the list
8 while &init_task!=$t
9 # Display useful info about each task
10 task_struct_show $t
11 find_next_task $t
12 end
13 end
14
15 document ps
16 Print points of interest for all tasks
17 end
This ps macro is similar to the find_task macro, except that it requires no input arguments and it adds a macro (task_struct_show) to display the useful information from each task_struct. Line 3 prints a banner line with column headings. Lines 4 through 6 set up the loop and display the first task. Lines 8 through 11 loop through each task, calling the task_struct_show macro for each.
Notice also the inclusion of the gdb document command. This allows the gdb user to get help by issuing the help ps command from the gdb command prompt as follows:
(gdb) help ps
Print points of interest for all tasks
Listing 14-13 displays the output of this macro on a target board running only minimal services.
Listing 14-13. gdb ps Macro Output
(gdb) ps
Address PID State User_NIP Kernel-SP device comm
0xC01D3750 0 Running 0xC0205E90 (none) swapper
0xC04ACB10 1 Sleeping 0x0FF6E85C 0xC04FFCE0 (none) init
0xC04AC770 2 Sleeping 0xC0501E90 (none) ksoftirqd/0
0xC04AC3D0 3 Sleeping 0xC0531E30 (none) events/0
0xC04AC030 4 Sleeping 0xC0533E30 (none) khelper
0xC04CDB30 5 Sleeping 0xC0535E30 (none) kthread
0xC04CD790 23 Sleeping 0xC06FBE30 (none) kblockd/0
0xC04CD3F0 45 Sleeping 0xC06FDE50 (none) pdflush
0xC04CD050 46 Sleeping 0xC06FFE50 (none) pdflush
0xC054B7B0 48 Sleeping 0xC0703E30 (none) aio/0
0xC054BB50 47 Sleeping 0xC0701E20 (none) kswapd0
0xC054B410 629 Sleeping 0xC0781E60 (none) kseriod
0xC054B070 663 Sleeping 0xCFC59E30 (none) rpciod/0
0xCFFDE0D0 675 Sleeping 0x0FF6E85C 0xCF86DCE0 (none) udevd
0xCF95B110 879 Sleeping 0x0FF0BE58 0xCF517D80 (none) portmap
0xCFC24090 910 Sleeping 0x0FF6E85C 0xCF61BCE0 (none) syslogd
0xCF804490 918 Sleeping 0x0FF66C7C 0xCF65DD70 (none) klogd
0xCFE350B0 948 Sleeping 0x0FF0E85C 0xCF67DCE0 (none) rpc.statd
0xCFFDE810 960 Sleeping 0x0FF6E85C 0xCF5C7CE0 (none) inetd
0xCFC24B70 964 Sleeping 0x0FEEBEAC 0xCF64FD80 (none) mvltd
0xCFE35B90 973 Sleeping 0x0FF66C7C 0xCFEF7CE0 ttyS1 getty
0xCFE357F0 974 Sleeping 0x0FF4B85C 0xCF6EBCE0 (none) in.telnetd
0xCFFDE470 979 Sleeping 0x0FEB6950 0xCF675DB0 ttyp0 bash
0xCFFDEBB0 982<Running 0x0FF6EB6C 0xCF7C3870 ttyp0 sync
(gdb)
The bulk of the work done by this ps macro is performed by the task_struct_show macro. As shown in Listing 14-13, the task_struct_show macro displays the following fields from each task_struct :
• Address Address of the task_struct for the process
• PID Process ID
• State Current state of the process
• User_NIP Userspace Next Instruction Pointer
• Kernel_SP Kernel Stack Pointer
• device Device associated with this process
• comm Name of the process (or command)
It is relatively easy to modify the macro to show the items of interest for your particular kernel debugging task. The only complexity is in the simplicity of the macro language. Because function equivalents such as strlen do not exist in gdb 's user-defined command language, screen formatting must be done by hand.
Listing 14-14 reproduces the task_struct_show macro that produced the previous listing.
Listing 14-14. gdb task_struct_show Macro
1 define task_struct_show
2 # task_struct addr and PID
3 printf "0x%08X %5d", $arg0, $arg0->pid
4
5 # Place a '<' marker on the current task
6 # if ($arg0 == current)
7 # For PowerPC, register r2 points to the "current" task
8 if ($arg0 == $r2)
9 printf "<"
10 else
11 printf " "
12 end
13
14 # State
15 if ($arg0->state == 0)
16 printf "Running "
17 else
18 if ($arg0->state == 1)
19 printf "Sleeping "
20 else
21 if ($arg0->state == 2)
22 printf "Disksleep "
23 else
24 if ($arg0->state == 4)
25 printf "Zombie "
26 else
27 if ($arg0->state == 8)
28 printf "sTopped "
29 else
30 if ($arg0->state == 16)
31 printf "Wpaging "
32 else
33 printf "%2d ", $arg0->state
34 end
35 end
36 end
37 end
38 end
39 end
40
41 # User NIP
42 if ($arg0->thread.regs)
43 printf "0x%08X ", $arg0->thread.regs->nip
44 else
45 printf " "
46 end
47
48 # Display the kernel stack pointer
49 printf "0x%08X ", $arg0->thread.ksp
50
51 # device
52 if ($arg0->signal->tty)
53 printf "%s ", $arg0->signal->tty->name
54 else
55 printf "(none) "
56 end
57
58 # comm
59 printf "%sn", $arg0->comm
60 end
Line 3 displays the address of the task_struct. Lines 8 through 12 display the process ID. If this is the current process (the process that was currently running on this CPU at the time the breakpoint was hit), it is marked with a < character.
Lines 14 through 39 decode and display the state of the process. This is followed by displaying the user process next instruction pointer (NIP) and the kernel stack pointer (SP). Finally, the device associated with the process is displayed, followed by the name of the process (stored in the ->comm element of the task_struct .)
It is important to note that this macro is architecture dependent, as shown in lines 7 and 8. In general, macros such as these are highly architecture- and version-dependent. Any time a change in the underlying structure is made, macros such as these must be updated. However, if you spend a lot of time debugging the kernel using gdb, the payback is often worth the effort.
For completeness, we present the find_next_task macro. Its implementation is less than obvious and deserves explanation. (It is assumed that you can easily deduce the task_struct_header that completes the series necessary for the ps macro presented in this section. It is nothing more than a single line arranging the column headers with the correct amount of whitespace.) Listing 14-15 presents the find_next_task macro used in our ps and find_task macros.
Listing 14-15. gdb find_next_task Macro
define find_next_task
# Given a task address, find the next task in the linked list
set $t = (struct task_struct *)$arg0
set $offset=((char *)&$t->tasks - (char *)$t)
set $t=(struct task_struct *)((char *)$t->tasks.next- (char *)$offset)
end
The function performed by this macro is simple. The implementation is slightly less than straightforward. The goal is to return the ->next pointer, which points to the next task_struct on the linked list. However, the task_struct structures are linked by the address of the struct list_head member called tasks, as opposed to the common practice of being linked by the starting address of the task_struct itself. Because the ->next pointer points to the address of the task structure element in the next task_struct on the list, we must subtract to get the address of the top of the task_struct itself. The value we subtract from the ->next pointer is the offset from that pointer's address to the top of task_struct. First we calculate the offset and then we use that offset to adjust the ->next pointer to point to the top of task_struct. Figure 14-5 should make this clear.
Figure 14-5. Task structure list linking
Now we present one final macro that will be useful in the next section when we discuss debugging loadable modules. Listing 14-16 is a simple macro that displays the kernel's list of currently installed loadable modules.
Listing 14-16. gdb List Modules Macro
1 define lsmod
2 printf "AddressttModulen"
3 set $m=(struct list_head *)&modules
4 set $done=0
5 while (!$done)
6 # list_head is 4-bytes into struct module
7 set $mp=(struct module *)((char *)$m->next - (char *)4)
8 printf "0x%08Xt%sn", $mp, $mp->name
9 if ($mp->list->next == &modules)
10 set $done=1
11 end
12 set $m=$m->next
13 end
14 end
15
16 document lsmod
17 List the loaded kernel modules and their start addresses
18 end
This simple loop starts with the kernel's global variable module. This variable is a struct list_head that marks the start of the linked list of loadable modules. The only complexity is the same as that described in Listing 14-15. We must subtract an offset from the struct list_head pointer to point to the top of the struct module. This is performed in line 7. This macro produces a simple listing of modules containing the address of the struct module and the module's name. Here is an example of its use:
(gdb) lsmod
Address Module
0xD1012A80 ip_conntrack_tftp
0xD10105A0 ip_conntrack
0xD102F9A0 loop
(gdb) help lsmod
List the loaded kernel modules and their start addresses
(gdb)
Macros such as the ones presented here are very powerful debugging aids. You can create macros in a similar fashion to display anything in the kernel that lends itself to easy access, especially the major data structures maintained as linked lists. Examples include process memory map information, module information, file system information, and timer lists and so on. The information presented here should get you started.
Îãëàâëåíèå êíèãè
