HomeDevelopmentDebuggingDebugging the kernel over JTAG

Using the debugger

The simplest way to start a kernel debug session is simply to boot the kernel as normal, using the st40load_gdb script. When the download is complete, press Ctrl+C.

Provided that the kernel has been built with debugging information, you should see output similar to the following: 

Enabling Linux kernel awareness layer [Build Mar 29 2007].
The target is assumed to be little endian
The target architecture is assumed to be sh4
0xa0000000 in ?? ()
Loading section .empty_zero_page, size 0x1000 lma 0x84001000
Loading section .text, size 0x24dba0 lma 0x84002000
Loading section __ex_table, size 0x1220 lma 0x8424fba0
Loading section .rodata, size 0x2e29c lma 0x84251000
Loading section __ksymtab, size 0x4280 lma 0x8427f29c
Loading section __ksymtab_gpl, size 0xc58 lma 0x8428351c
Loading section __ksymtab_gpl_future, size 0x30 lma 0x84284174
Loading section __ksymtab_strings, size 0xb6cc lma 0x842841a4
Loading section __param, size 0x4c4 lma 0x84290000
Loading section .data, size 0x56b30 lma 0x842904d0
Loading section .data.cacheline_aligned, size 0x16c0 lma 0x842e7000
Loading section .data.init_task, size 0x2000 lma 0x842ea000
Loading section .init.text, size 0x16720 lma 0x842ec000
Loading section .init.data, size 0x2140 lma 0x84302720
Loading section .init.setup, size 0x270 lma 0x84304860
Loading section .initcall.init, size 0x20c lma 0x84304ad0
Loading section .con_initcall.init, size 0x4 lma 0x84304cdc
Loading section .init.ramfs, size 0x86 lma 0x84304ce0
Start address 0x84002000, load size 3152458
Transfer rate: 364531 bits/sec, 165918 bytes/write.
Breakpoint 1 at 0x840030a6: file arch/sh/kernel/process.c, line 107.
Breakpoint 2 at 0x84003080: file arch/sh/kernel/process.c, line 98.
Breakpoint 3 at 0x840030c8: file arch/sh/kernel/process.c, line 113.
 
Program received signal SIGINT, Interrupt.
[Switching to [swapper]]
0x8400332a in cpu_idle () at arch/sh/kernel/process.c:76
76                      while (!need_resched())
(gdb)

The first line, 

Enabling Linux kernel awareness layer [Build Mar 29 2007].

indicates that sh4-linux-gdb has detected a a Linux kernel with debugging information, and has enabled its Linux awareness extensions. From this point on, the kernel can be debugged like any other application. For example, info threads lists all the kernel tasks: 

  29 ktrace (pid: 287 tgid: 286)  schedule_timeout (timeout=2147483646) at kernel/timer.c:1096
  28 ktrace (pid: 286 tgid: 286)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  26 getty (pid: 277 tgid: 277)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  25 dnsmasq (pid: 272 tgid: 272)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  24 xinetd (pid: 263 tgid: 263)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  23 sshd (pid: 258 tgid: 258)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  22 rpc.statd (pid: 248 tgid: 248)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  21 syslogd (pid: 212 tgid: 212)  0x8424c8a6 in schedule_timeout (timeout=2147483647) at kernel/timer.c:1071
  20 klogd (pid: 207 tgid: 207)  0x8401a3f4 in do_syslog (type=<value optimized out>, buf=0x4157b8 "", len=4095) at kernel/printk.c:208
  19 portmap (pid: 110 tgid: 110)  schedule_timeout (timeout=2147483646) at kernel/timer.c:1096
  18 [mtdblockd] (pid: 16 tgid: 16)  mtd_blktrans_thread (arg=<value optimized out>) at drivers/mtd/mtd_blkdevs.c:113
  17 [kswapd0] (pid: 12 tgid: 12)  kswapd (p=<value optimized out>) at mm/vmscan.c:1260
  16 [rpciod/0] (pid: 18 tgid: 18)  0x8402a226 in worker_thread (__cwq=<value optimized out>)at kernel/workqueue.c:214
  15 [pegasus] (pid: 17 tgid: 17)  0x8402a226 in worker_thread (__cwq=<value optimized out>) at kernel/workqueue.c:214
  14 [aio/0] (pid: 13 tgid: 13)  0x8402a226 in worker_thread (__cwq=<value optimized out>) at kernel/workqueue.c:214
  13 [pdflush] (pid: 11 tgid: 11)  pdflush (dummy=<value optimized out>) at include/asm/system.h:176
  12 [pdflush] (pid: 10 tgid: 10)  pdflush (dummy=<value optimized out>) at include/asm/system.h:176
  11 [kseriod] (pid: 9 tgid: 9)  0x841adfda in serio_thread (nothing=<value optimized out>) at drivers/input/serio/serio.c:378
  10 [khubd] (pid: 8 tgid: 8)  0x8418421e in hub_thread (__unused=<value optimized out>) at drivers/usb/core/hub.c:2890
  9 [kblockd/0] (pid: 7 tgid: 7)  0x8402a226 in worker_thread (__cwq=<value optimized out>) at kernel/workqueue.c:214
  8 [kthread] (pid: 6 tgid: 6)  0x8402a226 in worker_thread (__cwq=<value optimized out>) at kernel/workqueue.c:214
  7 [khelper] (pid: 5 tgid: 5)  0x8402a226 in worker_thread (__cwq=<value optimized out>) at kernel/workqueue.c:214
  6 [events/0] (pid: 4 tgid: 4)  0x8402a226 in worker_thread (__cwq=<value optimized out>) at kernel/workqueue.c:214
  5 [watchdog/0] (pid: 3 tgid: 3)  watchdog (__bind_cpu=<value optimized out>) at kernel/softlockup.c:99
  4 [ksoftirqd/0] (pid: 2 tgid: 2)  0x8401fc26 in ksoftirqd (__bind_cpu=<value optimized out>) at kernel/softirq.c:362
  3 init (pid: 1 tgid: 1)  schedule_timeout (timeout=500) at kernel/timer.c:1096
* 2 [swapper] (pid: 0 tgid: 0)  0x8400332a in cpu_idle () at arch/sh/kernel/process.c:76
(gdb)

The names of kernel threads are given in square brackets. info threads is aliased to info tasks when the Linux Awareness Layer is enabled.

The callstack of a task can be viewed with the backtrace command: 

[Switching to thread 29 (ktrace)]
1096            del_singleshot_timer_sync(&amp;timer);
(gdb) bt
#0  schedule_timeout (timeout=2147483646) at kernel/timer.c:1096
#1  0x84072836 in do_sys_poll (ufds=0x29feef6c, nfds=<value optimized out>, timeout=0x84072b10) at fs/select.c:624
#2  0x84072b10 in sys_poll (ufds=<value optimized out>, nfds=<value optimized out>, timeout_msecs=<value optimized out>) at fs/select.c:742
#3  0x84005144 in syscall_call () at include/asm/string.h:15
#4  0x2966e7c6 in poll () at include/asm/processor.h:274
#5  0x004011d2 in reader_thread (data=0x0) at ktrace.c:153
#6  0x295896de in start_thread () at include/asm/processor.h:274
#7  0x29679180 in clone () at include/asm/processor.h:274
(gdb)

Where possible, GDB attempts to continue backtracing through the system call boundary (syscall_call()) into userspace. For this to work, GDB needs to be able to access a copy of the filesystem in use by the target so it can read the DWARF information from the userspace binaries. The location of the filesystem should be stored in the GDB variable target-root-prefix: 

(gdb) set target-root-prefix /opt/STM/STLinux-2.3/devkit/sh4/target

For further information on using GDB, check the official documentation. All the standard functionality is present, plus we have added some useful kernel-specific commands.