1fb35cd08SHidetoshi Shimokawa.\" Copyright (c) 2003 Greg Lehey 2fb35cd08SHidetoshi Shimokawa.\" All rights reserved. 3fb35cd08SHidetoshi Shimokawa.\" 4fb35cd08SHidetoshi Shimokawa.\" Redistribution and use in source and binary forms, with or without 5fb35cd08SHidetoshi Shimokawa.\" modification, are permitted provided that the following conditions 6fb35cd08SHidetoshi Shimokawa.\" are met: 7fb35cd08SHidetoshi Shimokawa.\" 1. Redistributions of source code must retain the above copyright 8fb35cd08SHidetoshi Shimokawa.\" notice, this list of conditions and the following disclaimer. 9fb35cd08SHidetoshi Shimokawa.\" 2. Redistributions in binary form must reproduce the above copyright 10fb35cd08SHidetoshi Shimokawa.\" notice, this list of conditions and the following disclaimer in the 11fb35cd08SHidetoshi Shimokawa.\" documentation and/or other materials provided with the distribution. 12fb35cd08SHidetoshi Shimokawa.\" 13fb35cd08SHidetoshi Shimokawa.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14fb35cd08SHidetoshi Shimokawa.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15fb35cd08SHidetoshi Shimokawa.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16fb35cd08SHidetoshi Shimokawa.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17fb35cd08SHidetoshi Shimokawa.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18fb35cd08SHidetoshi Shimokawa.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19fb35cd08SHidetoshi Shimokawa.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20fb35cd08SHidetoshi Shimokawa.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21fb35cd08SHidetoshi Shimokawa.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22fb35cd08SHidetoshi Shimokawa.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23fb35cd08SHidetoshi Shimokawa.\" SUCH DAMAGE. 24fb35cd08SHidetoshi Shimokawa.\" 25fb35cd08SHidetoshi Shimokawa.\" $FreeBSD: src/share/man/man4/gdb.4,v 1.9 2004/01/28 00:02:10 grog Exp $ 26fb35cd08SHidetoshi Shimokawa.\" 27*dd7331feSSascha Wildner.Dd June 20, 2015 28fb35cd08SHidetoshi Shimokawa.Dt GDB 4 29fb35cd08SHidetoshi Shimokawa.Os 30fb35cd08SHidetoshi Shimokawa.Sh NAME 31fb35cd08SHidetoshi Shimokawa.Nm gdb 32fb35cd08SHidetoshi Shimokawa.Nd external kernel debugger 33fb35cd08SHidetoshi Shimokawa.Sh SYNOPSIS 34fb35cd08SHidetoshi Shimokawa.Cd "makeoptions DEBUG=-g" 35fb35cd08SHidetoshi Shimokawa.Cd "options DDB" 36fb35cd08SHidetoshi Shimokawa.Cd "options GDB_REMOTE_CHAT" 37fb35cd08SHidetoshi Shimokawa.Sh DESCRIPTION 38fb35cd08SHidetoshi ShimokawaThe 39fb35cd08SHidetoshi Shimokawa.Nm 40fb35cd08SHidetoshi Shimokawakernel debugger is a variation of 41fb35cd08SHidetoshi Shimokawa.Xr gdb 1 42fb35cd08SHidetoshi Shimokawawhich understands some aspects of the 43fb35cd08SHidetoshi Shimokawa.Fx 44fb35cd08SHidetoshi Shimokawakernel environment. 45fb35cd08SHidetoshi ShimokawaIt can be used in a number of ways: 46fb35cd08SHidetoshi Shimokawa.Bl -bullet 47fb35cd08SHidetoshi Shimokawa.It 48fb35cd08SHidetoshi ShimokawaIt can be used to examine the memory of the processor on which it runs. 49fb35cd08SHidetoshi Shimokawa.It 50fb35cd08SHidetoshi ShimokawaIt can be used to analyse a processor dump after a panic. 51fb35cd08SHidetoshi Shimokawa.It 52fb35cd08SHidetoshi ShimokawaIt can be used to debug another system interactively via a serial or firewire 53fb35cd08SHidetoshi Shimokawalink. 54fb35cd08SHidetoshi ShimokawaIn this mode, the processor can be stopped and single stepped. 55fb35cd08SHidetoshi Shimokawa.It 56fb35cd08SHidetoshi ShimokawaWith a firewire link, it can be used to examine the memory of a remote system 57fb35cd08SHidetoshi Shimokawawithout the participation of that system. 58fb35cd08SHidetoshi ShimokawaIn this mode, the processor cannot be stopped and single stepped, but it can be 59fb35cd08SHidetoshi Shimokawaof use when the remote system has crashed and is no longer responding. 60fb35cd08SHidetoshi Shimokawa.El 61fb35cd08SHidetoshi Shimokawa.Pp 62fb35cd08SHidetoshi ShimokawaWhen used for remote debugging, 63fb35cd08SHidetoshi Shimokawa.Nm 64fb35cd08SHidetoshi Shimokawarequires the presence of the 65fb35cd08SHidetoshi Shimokawa.Xr ddb 4 66fb35cd08SHidetoshi Shimokawakernel debugger. 67fb35cd08SHidetoshi ShimokawaCommands exist to switch between 68fb35cd08SHidetoshi Shimokawa.Nm 69fb35cd08SHidetoshi Shimokawaand 70fb35cd08SHidetoshi Shimokawa.Xr ddb 4 . 71fb35cd08SHidetoshi Shimokawa.Sh PREPARING FOR DEBUGGING 72fb35cd08SHidetoshi ShimokawaWhen debugging kernels, it is practically essential to have built a kernel with 73fb35cd08SHidetoshi Shimokawadebugging symbols 74fb35cd08SHidetoshi Shimokawa.Pq Cd "makeoptions DEBUG=-g" . 75fb35cd08SHidetoshi ShimokawaIt is easiest to perform operations from the kernel build directory, by default 76*dd7331feSSascha Wildner.Pa /usr/obj/usr/src/sys/X86_64_GENERIC . 77fb35cd08SHidetoshi Shimokawa.Pp 78fb35cd08SHidetoshi ShimokawaFirst, ensure you have a copy of the debug macros in the directory: 79fb35cd08SHidetoshi Shimokawa.Pp 80fb35cd08SHidetoshi Shimokawa.Dl "make gdbinit" 81fb35cd08SHidetoshi Shimokawa.Pp 82fb35cd08SHidetoshi ShimokawaThis command performs some transformations on the macros installed in 83fb35cd08SHidetoshi Shimokawa.Pa /usr/src/tools/debugscripts 84fb35cd08SHidetoshi Shimokawato adapt them to the local environment. 85fb35cd08SHidetoshi Shimokawa.Ss "Inspecting the environment of the local machine" 86fb35cd08SHidetoshi ShimokawaTo look at and change the contents of the memory of the system you are running 87fb35cd08SHidetoshi Shimokawaon, 88fb35cd08SHidetoshi Shimokawa.Pp 89fb35cd08SHidetoshi Shimokawa.Dl "gdb -k -wcore kernel.debug /dev/mem" 90fb35cd08SHidetoshi Shimokawa.Pp 91fb35cd08SHidetoshi ShimokawaIn this mode, you need the 92fb35cd08SHidetoshi Shimokawa.Fl k 93fb35cd08SHidetoshi Shimokawaflag to indicate to 94fb35cd08SHidetoshi Shimokawa.Xr gdb 1 95fb35cd08SHidetoshi Shimokawathat the 96fb35cd08SHidetoshi Shimokawa.Dq "dump file" 97fb35cd08SHidetoshi Shimokawa.Pa /dev/mem 98fb35cd08SHidetoshi Shimokawais a kernel data file. 99fb35cd08SHidetoshi ShimokawaYou can look at live data, and if you include the 100fb35cd08SHidetoshi Shimokawa.Fl wcore 101fb35cd08SHidetoshi Shimokawaoption, you can change it at your peril. 102fb35cd08SHidetoshi ShimokawaThe system does not stop (obviously), so a number of things will not work. 103fb35cd08SHidetoshi ShimokawaYou can set breakpoints, but you cannot 104fb35cd08SHidetoshi Shimokawa.Dq continue 105fb35cd08SHidetoshi Shimokawaexecution, so they will not work. 106fb35cd08SHidetoshi Shimokawa.Ss "Debugging a crash dump" 107fb35cd08SHidetoshi ShimokawaBy default, crash dumps are stored in the directory 108fb35cd08SHidetoshi Shimokawa.Pa /var/crash . 109fb35cd08SHidetoshi ShimokawaInvestigate them from the kernel build directory with: 110fb35cd08SHidetoshi Shimokawa.Pp 111fb35cd08SHidetoshi Shimokawa.Dl "gdb -k kernel.debug /var/crash/vmcore.29" 112fb35cd08SHidetoshi Shimokawa.Pp 113fb35cd08SHidetoshi ShimokawaIn this mode, the system is obviously stopped, so you can only look at it. 114fb35cd08SHidetoshi Shimokawa.Ss "Debugging a live system with a remote link" 115fb35cd08SHidetoshi ShimokawaIn the following discussion, the term 116fb35cd08SHidetoshi Shimokawa.Dq "local system" 117fb35cd08SHidetoshi Shimokawarefers to the system running the debugger, and 118fb35cd08SHidetoshi Shimokawa.Dq "remote system" 119fb35cd08SHidetoshi Shimokawarefers to the live system being debugged. 120fb35cd08SHidetoshi Shimokawa.Pp 121fb35cd08SHidetoshi ShimokawaTo debug a live system with a remote link, the kernel must be compiled with the 122fb35cd08SHidetoshi Shimokawaoption 123fb35cd08SHidetoshi Shimokawa.Cd "options DDB" . 124fb35cd08SHidetoshi ShimokawaThe option 125fb35cd08SHidetoshi Shimokawa.Cd "options BREAK_TO_DEBUGGER" 126fb35cd08SHidetoshi Shimokawaenables the debugging machine stop the debugged machine once a connection has 127fb35cd08SHidetoshi Shimokawabeen established by pressing 128fb35cd08SHidetoshi Shimokawa.Ql ^C . 129fb35cd08SHidetoshi Shimokawa.Ss "Debugging a live system with a remote serial link" 130fb35cd08SHidetoshi ShimokawaWhen using a serial port for the remote link on the i386 platform, the serial 131fb35cd08SHidetoshi Shimokawaport must be identified by setting the flag bit 132fb35cd08SHidetoshi Shimokawa.Li 0x80 133fb35cd08SHidetoshi Shimokawafor the specified interface. 134fb35cd08SHidetoshi ShimokawaGenerally, this port will also be used as a serial console (flag bit 135fb35cd08SHidetoshi Shimokawa.Li 0x10 ) , 136b845c4c5SSascha Wildnerso the flags field for the interface in the kernel configuration file 137fb35cd08SHidetoshi Shimokawashould be: 138fb35cd08SHidetoshi Shimokawa.Pp 139b845c4c5SSascha Wildner.Dl flags 0x90 140fb35cd08SHidetoshi Shimokawa.Pp 141fb35cd08SHidetoshi ShimokawaTo share a console and debug connection on a serial line, use the 142fb35cd08SHidetoshi Shimokawa.Cd "options GDB_REMOTE_CHAT" 143fb35cd08SHidetoshi Shimokawaoption. 144fb35cd08SHidetoshi Shimokawa.Ss "Debugging a live system with a remote firewire link" 145fb35cd08SHidetoshi ShimokawaAs with serial debugging, to debug a live system with a firewire link, the 146fb35cd08SHidetoshi Shimokawakernel must be compiled with the option 147fb35cd08SHidetoshi Shimokawa.Cd "options DDB" . 148fb35cd08SHidetoshi ShimokawaThe 149fb35cd08SHidetoshi Shimokawa.Cd "options GDB_REMOTE_CHAT" 150fb35cd08SHidetoshi Shimokawais not necessary, since the firewire implementation uses separate ports for the 151fb35cd08SHidetoshi Shimokawaconsole and debug connection. 152fb35cd08SHidetoshi Shimokawa.Pp 153fb35cd08SHidetoshi ShimokawaA number of steps must be performed to set up a firewire link: 154fb35cd08SHidetoshi Shimokawa.Bl -bullet 155fb35cd08SHidetoshi Shimokawa.It 156fb35cd08SHidetoshi ShimokawaEnsure that both systems have 157fb35cd08SHidetoshi Shimokawa.Xr firewire 4 158fb35cd08SHidetoshi Shimokawasupport, and that the kernel of the remote system includes the 159fb35cd08SHidetoshi Shimokawa.Xr dcons 4 160fb35cd08SHidetoshi Shimokawaand 161fb35cd08SHidetoshi Shimokawa.Xr dcons_crom 4 162fb35cd08SHidetoshi Shimokawadrivers. 163fb35cd08SHidetoshi ShimokawaIf they are not compiled into the kernel, load the KLDs: 164fb35cd08SHidetoshi Shimokawa.Pp 165fb35cd08SHidetoshi Shimokawa.Dl "kldload firewire" 166fb35cd08SHidetoshi Shimokawa.Pp 167fb35cd08SHidetoshi ShimokawaOn the remote system only: 168fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 169fb35cd08SHidetoshi Shimokawakldload dcons 170fb35cd08SHidetoshi Shimokawakldload dcons_crom 171fb35cd08SHidetoshi Shimokawa.Ed 172fb35cd08SHidetoshi Shimokawa.Pp 173fb35cd08SHidetoshi ShimokawaYou should see something like this in the 174fb35cd08SHidetoshi Shimokawa.Xr dmesg 8 175fb35cd08SHidetoshi Shimokawaoutput of the remote system: 176fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 177fb35cd08SHidetoshi Shimokawafwohci0: BUS reset 178fb35cd08SHidetoshi Shimokawafwohci0: node_id=0x8800ffc0, gen=2, non CYCLEMASTER mode 179fb35cd08SHidetoshi Shimokawafirewire0: 2 nodes, maxhop <= 1, cable IRM = 1 180fb35cd08SHidetoshi Shimokawafirewire0: bus manager 1 181fb35cd08SHidetoshi Shimokawafirewire0: New S400 device ID:00c04f3226e88061 182fb35cd08SHidetoshi Shimokawadcons_crom0: <dcons configuration ROM> on firewire0 183fb35cd08SHidetoshi Shimokawadcons_crom0: bus_addr 0x22a000 184fb35cd08SHidetoshi Shimokawa.Ed 185fb35cd08SHidetoshi Shimokawa.Pp 186fb35cd08SHidetoshi ShimokawaIt is a good idea to load these modules at boot time with the following entry in 187fb35cd08SHidetoshi Shimokawa.Pa /boot/loader.conf : 188fb35cd08SHidetoshi Shimokawa.Pp 189fb35cd08SHidetoshi Shimokawa.Dl dcons_crom_enable="YES" 190fb35cd08SHidetoshi Shimokawa.Pp 191fb35cd08SHidetoshi ShimokawaThis ensures that all three modules are loaded. 192fb35cd08SHidetoshi ShimokawaThere is no harm in loading 193fb35cd08SHidetoshi Shimokawa.Xr dcons 4 194fb35cd08SHidetoshi Shimokawaand 195fb35cd08SHidetoshi Shimokawa.Xr dcons_crom 4 196fb35cd08SHidetoshi Shimokawaon the local system, but if you only want to load the 197fb35cd08SHidetoshi Shimokawa.Xr firewire 4 198fb35cd08SHidetoshi Shimokawamodule, include the following in 199fb35cd08SHidetoshi Shimokawa.Pa /boot/loader.conf : 200fb35cd08SHidetoshi Shimokawa.Pp 201fb35cd08SHidetoshi Shimokawa.Dl firewire_enable="YES" 202fb35cd08SHidetoshi Shimokawa.It 203fb35cd08SHidetoshi ShimokawaNext, use 204fb35cd08SHidetoshi Shimokawa.Xr fwcontrol 8 205fb35cd08SHidetoshi Shimokawato find the firewire node corresponding to the remote machine. 206fb35cd08SHidetoshi ShimokawaOn the local machine you might see: 207fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 208fb35cd08SHidetoshi Shimokawa# fwcontrol 209fb35cd08SHidetoshi Shimokawa2 devices (info_len=2) 210fb35cd08SHidetoshi Shimokawanode EUI64 status 211fb35cd08SHidetoshi Shimokawa 1 0x00c04f3226e88061 0 212fb35cd08SHidetoshi Shimokawa 0 0x000199000003622b 1 213fb35cd08SHidetoshi Shimokawa.Ed 214fb35cd08SHidetoshi Shimokawa.Pp 215fb35cd08SHidetoshi ShimokawaThe first node is always the local system, so in this case, node 0 is the remote 216fb35cd08SHidetoshi Shimokawasystem. 217fb35cd08SHidetoshi ShimokawaIf there are more than two systems, check from the other end to find which node 218fb35cd08SHidetoshi Shimokawacorresponds to the remote system. 219fb35cd08SHidetoshi ShimokawaOn the remote machine, it looks like this: 220fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 221fb35cd08SHidetoshi Shimokawa# fwcontrol 222fb35cd08SHidetoshi Shimokawa2 devices (info_len=2) 223fb35cd08SHidetoshi Shimokawanode EUI64 status 224fb35cd08SHidetoshi Shimokawa 0 0x000199000003622b 0 225fb35cd08SHidetoshi Shimokawa 1 0x00c04f3226e88061 1 226fb35cd08SHidetoshi Shimokawa.Ed 227fb35cd08SHidetoshi Shimokawa.It 228fb35cd08SHidetoshi ShimokawaNext, establish a firewire connection with 229fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 : 230fb35cd08SHidetoshi Shimokawa.Pp 231fb35cd08SHidetoshi Shimokawa.Dl "dconschat -br -G 5556 -t 0x000199000003622b" 232fb35cd08SHidetoshi Shimokawa.Pp 233fb35cd08SHidetoshi Shimokawa.Li 0x000199000003622b 234fb35cd08SHidetoshi Shimokawais the EUI64 address of the remote node, as determined from the output of 235fb35cd08SHidetoshi Shimokawa.Xr fwcontrol 8 236fb35cd08SHidetoshi Shimokawaabove. 237fb35cd08SHidetoshi ShimokawaWhen started in this manner, 238fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 239fb35cd08SHidetoshi Shimokawaestablishes a local tunnel connection from port 240fb35cd08SHidetoshi Shimokawa.Li localhost:5556 241fb35cd08SHidetoshi Shimokawato the remote debugger. 242fb35cd08SHidetoshi ShimokawaYou can also establish a console port connection with the 243fb35cd08SHidetoshi Shimokawa.Fl C 244fb35cd08SHidetoshi Shimokawaoption to the same invocation 245fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 . 246fb35cd08SHidetoshi ShimokawaSee the 247fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 248fb35cd08SHidetoshi Shimokawamanpage for further details. 249fb35cd08SHidetoshi Shimokawa.Pp 250fb35cd08SHidetoshi ShimokawaThe 251fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 252fb35cd08SHidetoshi Shimokawautility 253fb35cd08SHidetoshi Shimokawadoes not return control to the user. 254fb35cd08SHidetoshi ShimokawaIt displays error messages and console output for the remote system, so it is a 255fb35cd08SHidetoshi Shimokawagood idea to start it in its own window. 256fb35cd08SHidetoshi Shimokawa.It 257fb35cd08SHidetoshi ShimokawaFinally, establish connection: 258fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 259fb35cd08SHidetoshi Shimokawa# gdb kernel.debug 260fb35cd08SHidetoshi ShimokawaGNU gdb 5.2.1 (FreeBSD) 261fb35cd08SHidetoshi Shimokawa.Em "(political statements omitted)" 262fb35cd08SHidetoshi ShimokawaReady to go. Enter 'tr' to connect to the remote target 263fb35cd08SHidetoshi Shimokawawith /dev/cuaa0, 'tr /dev/cuaa1' to connect to a different port 264fb35cd08SHidetoshi Shimokawaor 'trf portno' to connect to the remote target with the firewire 265fb35cd08SHidetoshi Shimokawainterface. portno defaults to 5556. 266fb35cd08SHidetoshi Shimokawa 267fb35cd08SHidetoshi ShimokawaType 'getsyms' after connection to load kld symbols. 268fb35cd08SHidetoshi Shimokawa 269fb35cd08SHidetoshi ShimokawaIf you're debugging a local system, you can use 'kldsyms' instead 270fb35cd08SHidetoshi Shimokawato load the kld symbols. That's a less obnoxious interface. 271fb35cd08SHidetoshi Shimokawa(gdb) trf 272fb35cd08SHidetoshi Shimokawa0xc21bd378 in ?? () 273fb35cd08SHidetoshi Shimokawa.Ed 274fb35cd08SHidetoshi Shimokawa.Pp 275fb35cd08SHidetoshi ShimokawaThe 276fb35cd08SHidetoshi Shimokawa.Ic trf 277fb35cd08SHidetoshi Shimokawamacro assumes a connection on port 5556. 278fb35cd08SHidetoshi ShimokawaIf you want to use a different port (by changing the invocation of 279fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 280fb35cd08SHidetoshi Shimokawaabove), use the 281fb35cd08SHidetoshi Shimokawa.Ic tr 282fb35cd08SHidetoshi Shimokawamacro instead. 283fb35cd08SHidetoshi ShimokawaFor example, if you want to use port 4711, run 284fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 285fb35cd08SHidetoshi Shimokawalike this: 286fb35cd08SHidetoshi Shimokawa.Pp 287fb35cd08SHidetoshi Shimokawa.Dl "dconschat -br -G 4711 -t 0x000199000003622b" 288fb35cd08SHidetoshi Shimokawa.Pp 289fb35cd08SHidetoshi ShimokawaThen establish connection with: 290fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 291fb35cd08SHidetoshi Shimokawa(gdb) tr localhost:4711 292fb35cd08SHidetoshi Shimokawa0xc21bd378 in ?? () 293fb35cd08SHidetoshi Shimokawa.Ed 294fb35cd08SHidetoshi Shimokawa.El 295fb35cd08SHidetoshi Shimokawa.Ss "Non-cooperative debugging a live system with a remote firewire link" 296fb35cd08SHidetoshi ShimokawaIn addition to the conventional debugging via firewire described in the previous 297fb35cd08SHidetoshi Shimokawasection, it is possible to debug a remote system without its cooperation, once 298fb35cd08SHidetoshi Shimokawaan initial connection has been established. 299fb35cd08SHidetoshi ShimokawaThis corresponds to debugging a local machine using 300fb35cd08SHidetoshi Shimokawa.Pa /dev/mem . 301fb35cd08SHidetoshi ShimokawaIt can be very useful if a system crashes and the debugger no longer responds. 302fb35cd08SHidetoshi ShimokawaTo use this method, set the 303fb35cd08SHidetoshi Shimokawa.Xr sysctl 8 304fb35cd08SHidetoshi Shimokawavariables 305fb35cd08SHidetoshi Shimokawa.Va hw.firewire.fwmem.eui64_hi 306fb35cd08SHidetoshi Shimokawaand 307fb35cd08SHidetoshi Shimokawa.Va hw.firewire.fwmem.eui64_lo 308fb35cd08SHidetoshi Shimokawato the upper and lower halves of the EUI64 ID of the remote system, 309fb35cd08SHidetoshi Shimokawarespectively. 310fb35cd08SHidetoshi ShimokawaFrom the previous example, the remote machine shows: 311fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 312fb35cd08SHidetoshi Shimokawa# fwcontrol 313fb35cd08SHidetoshi Shimokawa2 devices (info_len=2) 314fb35cd08SHidetoshi Shimokawanode EUI64 status 315fb35cd08SHidetoshi Shimokawa 0 0x000199000003622b 0 316fb35cd08SHidetoshi Shimokawa 1 0x00c04f3226e88061 1 317fb35cd08SHidetoshi Shimokawa.Ed 318fb35cd08SHidetoshi Shimokawa.Pp 319fb35cd08SHidetoshi ShimokawaEnter: 320fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 321fb35cd08SHidetoshi Shimokawa# sysctl -w hw.firewire.fwmem.eui64_hi=0x00019900 322fb35cd08SHidetoshi Shimokawahw.firewire.fwmem.eui64_hi: 0 -> 104704 323fb35cd08SHidetoshi Shimokawa# sysctl -w hw.firewire.fwmem.eui64_lo=0x0003622b 324fb35cd08SHidetoshi Shimokawahw.firewire.fwmem.eui64_lo: 0 -> 221739 325fb35cd08SHidetoshi Shimokawa.Ed 326fb35cd08SHidetoshi Shimokawa.Pp 327fb35cd08SHidetoshi ShimokawaNote that the variables must be explicitly stated in hexadecimal. 328fb35cd08SHidetoshi ShimokawaAfter this, you can examine the remote machine's state with the following input: 329fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 330fb35cd08SHidetoshi Shimokawa# gdb -k kernel.debug /dev/fwmem0.0 331fb35cd08SHidetoshi ShimokawaGNU gdb 5.2.1 (FreeBSD) 332fb35cd08SHidetoshi Shimokawa.Em "(messages omitted)" 333611395e5SSascha WildnerReading symbols from /modules/dcons.ko...done. 334611395e5SSascha WildnerLoaded symbols for /modules/dcons.ko 335611395e5SSascha WildnerReading symbols from /modules/dcons_crom.ko...done. 336611395e5SSascha WildnerLoaded symbols for /modules/dcons_crom.ko 337fb35cd08SHidetoshi Shimokawa#0 sched_switch (td=0xc0922fe0) at /usr/src/sys/kern/sched_4bsd.c:621 338fb35cd08SHidetoshi Shimokawa0xc21bd378 in ?? () 339fb35cd08SHidetoshi Shimokawa.Ed 340fb35cd08SHidetoshi Shimokawa.Pp 341fb35cd08SHidetoshi ShimokawaIn this case, it is not necessary to load the symbols explicitly. 342fb35cd08SHidetoshi ShimokawaThe remote system continues to run. 343fb35cd08SHidetoshi Shimokawa.Sh COMMANDS 344fb35cd08SHidetoshi ShimokawaThe user interface to 345fb35cd08SHidetoshi Shimokawa.Nm 346fb35cd08SHidetoshi Shimokawais via 347fb35cd08SHidetoshi Shimokawa.Xr gdb 1 , 348fb35cd08SHidetoshi Shimokawaso 349fb35cd08SHidetoshi Shimokawa.Xr gdb 1 350fb35cd08SHidetoshi Shimokawacommands also work. 351fb35cd08SHidetoshi ShimokawaThis section discusses only the extensions for kernel debugging that get 352fb35cd08SHidetoshi Shimokawainstalled in the kernel build directory. 353fb35cd08SHidetoshi Shimokawa.Ss "Debugging environment" 354fb35cd08SHidetoshi ShimokawaThe following macros manipulate the debugging environment: 355fb35cd08SHidetoshi Shimokawa.Bl -tag -width indent 356fb35cd08SHidetoshi Shimokawa.It Ic ddb 357fb35cd08SHidetoshi ShimokawaSwitch back to 358fb35cd08SHidetoshi Shimokawa.Xr ddb 4 . 359fb35cd08SHidetoshi ShimokawaThis command is only meaningful when performing remote debugging. 360fb35cd08SHidetoshi Shimokawa.It Ic getsyms 361fb35cd08SHidetoshi ShimokawaDisplay 362fb35cd08SHidetoshi Shimokawa.Ic kldstat 363fb35cd08SHidetoshi Shimokawainformation for the target machine and invite user to paste it back in. 364fb35cd08SHidetoshi ShimokawaThis is required because 365fb35cd08SHidetoshi Shimokawa.Nm 366fb35cd08SHidetoshi Shimokawadoes not allow data to be passed to shell scripts. 367fb35cd08SHidetoshi ShimokawaIt is necessary for remote debugging and crash dumps; for local memory debugging 368fb35cd08SHidetoshi Shimokawause 369fb35cd08SHidetoshi Shimokawa.Ic kldsyms 370fb35cd08SHidetoshi Shimokawainstead. 371fb35cd08SHidetoshi Shimokawa.It Ic kldsyms 372fb35cd08SHidetoshi ShimokawaRead in the symbol tables for the debugging machine. 373fb35cd08SHidetoshi ShimokawaThis does not work for 374fb35cd08SHidetoshi Shimokawaremote debugging and crash dumps; use 375fb35cd08SHidetoshi Shimokawa.Ic getsyms 376fb35cd08SHidetoshi Shimokawainstead. 377fb35cd08SHidetoshi Shimokawa.It Ic tr Ar interface 378fb35cd08SHidetoshi ShimokawaDebug a remote system via the specified serial or firewire interface. 379fb35cd08SHidetoshi Shimokawa.It Ic tr0 380fb35cd08SHidetoshi ShimokawaDebug a remote system via serial interface 381fb35cd08SHidetoshi Shimokawa.Pa /dev/cuaa0 . 382fb35cd08SHidetoshi Shimokawa.It Ic tr1 383fb35cd08SHidetoshi ShimokawaDebug a remote system via serial interface 384fb35cd08SHidetoshi Shimokawa.Pa /dev/cuaa1 . 385fb35cd08SHidetoshi Shimokawa.It Ic trf 386fb35cd08SHidetoshi ShimokawaDebug a remote system via firewire interface at default port 5556. 387fb35cd08SHidetoshi Shimokawa.El 388fb35cd08SHidetoshi Shimokawa.Pp 389fb35cd08SHidetoshi ShimokawaThe commands 390fb35cd08SHidetoshi Shimokawa.Ic tr0 , tr1 391fb35cd08SHidetoshi Shimokawaand 392fb35cd08SHidetoshi Shimokawa.Ic trf 393fb35cd08SHidetoshi Shimokawaare convenience commands which invoke 394fb35cd08SHidetoshi Shimokawa.Ic tr . 395fb35cd08SHidetoshi Shimokawa.Ss "The current process environment" 396fb35cd08SHidetoshi ShimokawaThe following macros are convenience functions intended to make things easier 397fb35cd08SHidetoshi Shimokawathan the standard 398fb35cd08SHidetoshi Shimokawa.Xr gdb 1 399fb35cd08SHidetoshi Shimokawacommands. 400fb35cd08SHidetoshi Shimokawa.Bl -tag -width indent 401fb35cd08SHidetoshi Shimokawa.It Ic f0 402fb35cd08SHidetoshi ShimokawaSelect stack frame 0 and show assembler-level details. 403fb35cd08SHidetoshi Shimokawa.It Ic f1 404fb35cd08SHidetoshi ShimokawaSelect stack frame 1 and show assembler-level details. 405fb35cd08SHidetoshi Shimokawa.It Ic f2 406fb35cd08SHidetoshi ShimokawaSelect stack frame 2 and show assembler-level details. 407fb35cd08SHidetoshi Shimokawa.It Ic f3 408fb35cd08SHidetoshi ShimokawaSelect stack frame 3 and show assembler-level details. 409fb35cd08SHidetoshi Shimokawa.It Ic f4 410fb35cd08SHidetoshi ShimokawaSelect stack frame 4 and show assembler-level details. 411fb35cd08SHidetoshi Shimokawa.It Ic f5 412fb35cd08SHidetoshi ShimokawaSelect stack frame 5 and show assembler-level details. 413fb35cd08SHidetoshi Shimokawa.It Ic xb 414fb35cd08SHidetoshi ShimokawaShow 12 words in hex, starting at current 415fb35cd08SHidetoshi Shimokawa.Va ebp 416fb35cd08SHidetoshi Shimokawavalue. 417fb35cd08SHidetoshi Shimokawa.It Ic xi 418fb35cd08SHidetoshi ShimokawaList the next 10 instructions from the current 419fb35cd08SHidetoshi Shimokawa.Va eip 420fb35cd08SHidetoshi Shimokawavalue. 421fb35cd08SHidetoshi Shimokawa.It Ic xp 422fb35cd08SHidetoshi ShimokawaShow the register contents and the first four parameters of the current stack 423fb35cd08SHidetoshi Shimokawaframe. 424fb35cd08SHidetoshi Shimokawa.It Ic xp0 425fb35cd08SHidetoshi ShimokawaShow the first parameter of current stack frame in various formats. 426fb35cd08SHidetoshi Shimokawa.It Ic xp1 427fb35cd08SHidetoshi ShimokawaShow the second parameter of current stack frame in various formats. 428fb35cd08SHidetoshi Shimokawa.It Ic xp2 429fb35cd08SHidetoshi ShimokawaShow the third parameter of current stack frame in various formats. 430fb35cd08SHidetoshi Shimokawa.It Ic xp3 431fb35cd08SHidetoshi ShimokawaShow the fourth parameter of current stack frame in various formats. 432fb35cd08SHidetoshi Shimokawa.It Ic xp4 433fb35cd08SHidetoshi ShimokawaShow the fifth parameter of current stack frame in various formats. 434fb35cd08SHidetoshi Shimokawa.It Ic xs 435fb35cd08SHidetoshi ShimokawaShow the last 12 words on stack in hexadecimal. 436fb35cd08SHidetoshi Shimokawa.It Ic xxp 437fb35cd08SHidetoshi ShimokawaShow the register contents and the first ten parameters. 438fb35cd08SHidetoshi Shimokawa.It Ic z 439fb35cd08SHidetoshi ShimokawaSingle step 1 instruction (over calls) and show next instruction. 440fb35cd08SHidetoshi Shimokawa.It Ic zs 441fb35cd08SHidetoshi ShimokawaSingle step 1 instruction (through calls) and show next instruction. 442fb35cd08SHidetoshi Shimokawa.El 443fb35cd08SHidetoshi Shimokawa.Ss "Examining other processes" 444fb35cd08SHidetoshi ShimokawaThe following macros access other processes. 445fb35cd08SHidetoshi ShimokawaThe 446fb35cd08SHidetoshi Shimokawa.Nm 447fb35cd08SHidetoshi Shimokawadebugger 448fb35cd08SHidetoshi Shimokawadoes not understand the concept of multiple processes, so they effectively 449fb35cd08SHidetoshi Shimokawabypass the entire 450fb35cd08SHidetoshi Shimokawa.Nm 451fb35cd08SHidetoshi Shimokawaenvironment. 452fb35cd08SHidetoshi Shimokawa.Bl -tag -width indent 453fb35cd08SHidetoshi Shimokawa.It Ic btp Ar pid 454fb35cd08SHidetoshi ShimokawaShow a backtrace for the process 455fb35cd08SHidetoshi Shimokawa.Ar pid . 456fb35cd08SHidetoshi Shimokawa.It Ic btpa 457fb35cd08SHidetoshi ShimokawaShow backtraces for all processes in the system. 458fb35cd08SHidetoshi Shimokawa.It Ic btpp 459fb35cd08SHidetoshi ShimokawaShow a backtrace for the process previously selected with 460fb35cd08SHidetoshi Shimokawa.Ic defproc . 461fb35cd08SHidetoshi Shimokawa.It Ic btr Ar ebp 462fb35cd08SHidetoshi ShimokawaShow a backtrace from the 463fb35cd08SHidetoshi Shimokawa.Ar ebp 464fb35cd08SHidetoshi Shimokawaaddress specified. 465fb35cd08SHidetoshi Shimokawa.It Ic defproc Ar pid 466fb35cd08SHidetoshi ShimokawaSpecify the PID of the process for some other commands in this section. 467fb35cd08SHidetoshi Shimokawa.It Ic fr Ar frame 468fb35cd08SHidetoshi ShimokawaShow frame 469fb35cd08SHidetoshi Shimokawa.Ar frame 470fb35cd08SHidetoshi Shimokawaof the stack of the process previously selected with 471fb35cd08SHidetoshi Shimokawa.Ic defproc . 472fb35cd08SHidetoshi Shimokawa.It Ic pcb Ar proc 473fb35cd08SHidetoshi ShimokawaShow some PCB contents of the process 474fb35cd08SHidetoshi Shimokawa.Ar proc . 475fb35cd08SHidetoshi Shimokawa.El 476fb35cd08SHidetoshi Shimokawa.Ss "Examining data structures" 477fb35cd08SHidetoshi ShimokawaYou can use standard 478fb35cd08SHidetoshi Shimokawa.Xr gdb 1 479fb35cd08SHidetoshi Shimokawacommands to look at most data structures. 480fb35cd08SHidetoshi ShimokawaThe macros in this section are 481fb35cd08SHidetoshi Shimokawaconvenience functions which typically display the data in a more readable 482fb35cd08SHidetoshi Shimokawaformat, or which omit less interesting parts of the structure. 483fb35cd08SHidetoshi Shimokawa.Bl -tag -width indent 484fb35cd08SHidetoshi Shimokawa.It Ic bp 485fb35cd08SHidetoshi ShimokawaShow information about the buffer header pointed to by the variable 486fb35cd08SHidetoshi Shimokawa.Va bp 487fb35cd08SHidetoshi Shimokawain the current frame. 488fb35cd08SHidetoshi Shimokawa.It Ic bpd 489fb35cd08SHidetoshi ShimokawaShow the contents 490fb35cd08SHidetoshi Shimokawa.Pq Vt "char *" 491fb35cd08SHidetoshi Shimokawaof 492fb35cd08SHidetoshi Shimokawa.Va bp->data 493fb35cd08SHidetoshi Shimokawain the current frame. 494fb35cd08SHidetoshi Shimokawa.It Ic bpl 495fb35cd08SHidetoshi ShimokawaShow detailed information about the buffer header 496fb35cd08SHidetoshi Shimokawa.Pq Vt "struct bp" 497fb35cd08SHidetoshi Shimokawapointed at by the local variable 498fb35cd08SHidetoshi Shimokawa.Va bp . 499fb35cd08SHidetoshi Shimokawa.It Ic bpp Ar bp 500fb35cd08SHidetoshi ShimokawaShow summary information about the buffer header 501fb35cd08SHidetoshi Shimokawa.Pq Vt "struct bp" 502fb35cd08SHidetoshi Shimokawapointed at by the parameter 503fb35cd08SHidetoshi Shimokawa.Ar bp . 504fb35cd08SHidetoshi Shimokawa.It Ic bx 505fb35cd08SHidetoshi ShimokawaPrint a number of fields from the buffer header pointed at in by the pointer 506fb35cd08SHidetoshi Shimokawa.Ar bp 507fb35cd08SHidetoshi Shimokawain the current environment. 508fb35cd08SHidetoshi Shimokawa.It Ic vdev 509fb35cd08SHidetoshi ShimokawaShow some information of the 510fb35cd08SHidetoshi Shimokawa.Vt vnode 511fb35cd08SHidetoshi Shimokawapointed to by the local variable 512fb35cd08SHidetoshi Shimokawa.Va vp . 513fb35cd08SHidetoshi Shimokawa.El 514fb35cd08SHidetoshi Shimokawa.Ss "Miscellaneous macros" 515fb35cd08SHidetoshi Shimokawa.Bl -tag -width indent 516fb35cd08SHidetoshi Shimokawa.It Ic checkmem 517fb35cd08SHidetoshi ShimokawaCheck unallocated memory for modifications. 518fb35cd08SHidetoshi ShimokawaThis assumes that the kernel has been compiled with 519fb35cd08SHidetoshi Shimokawa.Cd "options DIAGNOSTIC" 520fb35cd08SHidetoshi ShimokawaThis causes the contents of free memory to be set to 521fb35cd08SHidetoshi Shimokawa.Li 0xdeadc0de . 522fb35cd08SHidetoshi Shimokawa.It Ic dmesg 523fb35cd08SHidetoshi ShimokawaPrint the system message buffer. 524fb35cd08SHidetoshi ShimokawaThis corresponds to the 525fb35cd08SHidetoshi Shimokawa.Xr dmesg 8 526fb35cd08SHidetoshi Shimokawautility. 527fb35cd08SHidetoshi ShimokawaThis macro used to be called 528fb35cd08SHidetoshi Shimokawa.Ic msgbuf . 529fb35cd08SHidetoshi ShimokawaIt can take a very long time over a serial line, 530fb35cd08SHidetoshi Shimokawaand it is even slower via firewire 531fb35cd08SHidetoshi Shimokawaor local memory due to inefficiencies in 532fb35cd08SHidetoshi Shimokawa.Nm . 533fb35cd08SHidetoshi ShimokawaWhen debugging a crash dump or over firewire, it is not necessary to start 534fb35cd08SHidetoshi Shimokawa.Nm 535fb35cd08SHidetoshi Shimokawato access the message buffer: instead, use an appropriate variation of 536fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 537fb35cd08SHidetoshi Shimokawadmesg -M /var/crash/vmcore.0 -N kernel.debug 538fb35cd08SHidetoshi Shimokawadmesg -M /dev/fwmem0.0 -N kernel.debug 539fb35cd08SHidetoshi Shimokawa.Ed 540fb35cd08SHidetoshi Shimokawa.It Ic kldstat 541fb35cd08SHidetoshi ShimokawaEquivalent of the 542fb35cd08SHidetoshi Shimokawa.Xr kldstat 8 543fb35cd08SHidetoshi Shimokawautility without options. 544fb35cd08SHidetoshi Shimokawa.It Ic pname 545fb35cd08SHidetoshi ShimokawaPrint the command name of the current process. 546fb35cd08SHidetoshi Shimokawa.It Ic ps 547fb35cd08SHidetoshi ShimokawaShow process status. 548fb35cd08SHidetoshi ShimokawaThis corresponds in concept, but not in appearance, to the 549fb35cd08SHidetoshi Shimokawa.Xr ps 1 550fb35cd08SHidetoshi Shimokawautility. 551fb35cd08SHidetoshi ShimokawaWhen debugging a crash dump or over firewire, it is not necessary to start 552fb35cd08SHidetoshi Shimokawa.Nm 553fb35cd08SHidetoshi Shimokawato display the 554fb35cd08SHidetoshi Shimokawa.Xr ps 1 555fb35cd08SHidetoshi Shimokawaoutput: instead, use an appropriate variation of 556fb35cd08SHidetoshi Shimokawa.Bd -literal -offset indent 557fb35cd08SHidetoshi Shimokawaps -M /var/crash/vmcore.0 -N kernel.debug 558fb35cd08SHidetoshi Shimokawaps -M /dev/fwmem0.0 -N kernel.debug 559fb35cd08SHidetoshi Shimokawa.Ed 560fb35cd08SHidetoshi Shimokawa.It Ic y 561fb35cd08SHidetoshi ShimokawaKludge for writing macros. 562fb35cd08SHidetoshi ShimokawaWhen writing macros, it is convenient to paste them 563fb35cd08SHidetoshi Shimokawaback into the 564fb35cd08SHidetoshi Shimokawa.Nm 565fb35cd08SHidetoshi Shimokawawindow. 566fb35cd08SHidetoshi ShimokawaUnfortunately, if the macro is already defined, 567fb35cd08SHidetoshi Shimokawa.Nm 568fb35cd08SHidetoshi Shimokawainsists on asking 569fb35cd08SHidetoshi Shimokawa.Pp 570fb35cd08SHidetoshi Shimokawa.Dl "Redefine foo?" 571fb35cd08SHidetoshi Shimokawa.Pp 572fb35cd08SHidetoshi ShimokawaIt will not give up until you answer 573fb35cd08SHidetoshi Shimokawa.Ql y . 574fb35cd08SHidetoshi ShimokawaThis command is that answer. 575fb35cd08SHidetoshi ShimokawaIt does nothing else except to print a warning 576fb35cd08SHidetoshi Shimokawamessage to remind you to remove it again. 577fb35cd08SHidetoshi Shimokawa.El 578fb35cd08SHidetoshi Shimokawa.Sh SEE ALSO 579fb35cd08SHidetoshi Shimokawa.Xr gdb 1 , 580fb35cd08SHidetoshi Shimokawa.Xr ps 1 , 581fb35cd08SHidetoshi Shimokawa.Xr ddb 4 , 582fb35cd08SHidetoshi Shimokawa.Xr firewire 4 , 583fb35cd08SHidetoshi Shimokawa.Xr dconschat 8 , 584fb35cd08SHidetoshi Shimokawa.Xr dmesg 8 , 585fb35cd08SHidetoshi Shimokawa.Xr fwcontrol 8 , 586fb35cd08SHidetoshi Shimokawa.Xr kldload 8 587ac561d34SSascha Wildner.Sh AUTHORS 588ac561d34SSascha WildnerThis man page was written by 589b2a6f486SFranco Fichtner.An Greg Lehey Aq Mt grog@FreeBSD.org . 590fb35cd08SHidetoshi Shimokawa.Sh BUGS 591fb35cd08SHidetoshi ShimokawaThe 592fb35cd08SHidetoshi Shimokawa.Xr gdb 1 593fb35cd08SHidetoshi Shimokawadebugger 594fb35cd08SHidetoshi Shimokawawas never designed to debug kernels, and it is not a very good match. 595fb35cd08SHidetoshi ShimokawaMany problems exist. 596fb35cd08SHidetoshi Shimokawa.Pp 597fb35cd08SHidetoshi ShimokawaThe 598fb35cd08SHidetoshi Shimokawa.Nm 599fb35cd08SHidetoshi Shimokawaimplementation is very inefficient, and many operations are slow. 600fb35cd08SHidetoshi Shimokawa.Pp 601fb35cd08SHidetoshi ShimokawaSerial debugging is even slower, and race conditions can make it difficult to 602fb35cd08SHidetoshi Shimokawarun the link at more than 9600 bps. 603fb35cd08SHidetoshi ShimokawaFirewire connections do not have this problem. 604fb35cd08SHidetoshi Shimokawa.Pp 605fb35cd08SHidetoshi ShimokawaThe debugging macros 606fb35cd08SHidetoshi Shimokawa.Dq "just growed" . 607fb35cd08SHidetoshi ShimokawaIn general, the person who wrote them did so while looking for a specific 608fb35cd08SHidetoshi Shimokawaproblem, so they may not be general enough, and they may behave badly when used 609fb35cd08SHidetoshi Shimokawain ways for which they were not intended, even if those ways make sense. 610fb35cd08SHidetoshi Shimokawa.Pp 611fb35cd08SHidetoshi ShimokawaMany of these commands only work on the ia32 architecture. 612