kgdb_notes.md

kgdb notes

Kernel config

CONFIG_KGDB=y
CONFIG_KGDB_KDB=y
CONFIG_PANIC_TIMEOUT=y
CONFIG_PANIC_ON_OOPS=y
CONFIG_RANDOMIZE_BASE=n # Disable KASLR

cmdline:

PMOS_NO_OUTPUT_REDIRECT console=ttyMSM0,115200 kgdboc=ttyMSM0,115200 kgdbcon nokaslr

Set up vmlinux symbols

To handle Android bootloader kernel image offset:

aarch64-linux-gnu-gdb --cd=.output -iex "target remote /dev/ttyUSB0" -ex "symbol-file vmlinux -o 0x80000"

The actual running kernel .text offset can be found with monitor info address _text, the vmlinux image one with info address _text

Kernel modules

Find kernel module offsets with the following:

; aarch64-linux-gnu-objdump --section-headers .output/drivers/net/ipa/ipa.ko | grep -e "bss\|text\|data "
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         0000c4f4  0000000000000000  0000000000000000  00000040  2**4
  7 .data         00000ba8  0000000000000000  0000000000000000  0000d178  2**3
 20 .bss          000000b8  0000000000000000  0000000000000000  00013248  2**3

Use monitor lsmod to get the list of loaded modules and their .text locations (the second address). Then the module symbols can be loaded with the following, I think.

The offset -o can be calculated by getting the .text address from the kernel and subtracting the .text offset (0x40).

add-symbol-file drivers/net/ipa/ipa.ko 0xffff80000101f000 -s .data 0xffff80000102c178 -s .bss 0xffff800001032248
add-symbol-file drivers/net/ipa/ipa.ko 0xffff800000f8b000 -s .data 0xffff800000fa01c0 -s .bss 0xffff800000fa1080 -s .text.unlikely 0xffff800000f974f4

Can also get sections with:

shift-axolotl:~$ sudo grep -i . /sys/module/ipa/sections/.*
/sys/module/ipa/sections/.altinstructions:0xffff800000f99000
/sys/module/ipa/sections/.bss:0xffff800000fa1080
/sys/module/ipa/sections/.data:0xffff800000fa01c0
/sys/module/ipa/sections/.data.once:0xffff800000fa0d68
/sys/module/ipa/sections/.exit.text:0xffff800000f97ae0
/sys/module/ipa/sections/.gnu.linkonce.this_module:0xffff800000fa0d80
/sys/module/ipa/sections/.init.plt:0xffff800000fa8040
/sys/module/ipa/sections/.init.text:0xffff800000fa8000
/sys/module/ipa/sections/.note.Linux:0xffff800000f9e1c4
/sys/module/ipa/sections/.note.gnu.build-id:0xffff800000f9e1a0
/sys/module/ipa/sections/.note.gnu.property:0xffff800000f9e180
/sys/module/ipa/sections/.plt:0xffff800000f97b40
/sys/module/ipa/sections/.rodata:0xffff800000f99208
/sys/module/ipa/sections/.rodata.str:0xffff800000f9dd4f
/sys/module/ipa/sections/.rodata.str1.8:0xffff800000f9bd58
/sys/module/ipa/sections/.strtab:0xffff800000facf30
/sys/module/ipa/sections/.symtab:0xffff800000fa9000
/sys/module/ipa/sections/.text:0xffff800000f8b000
/sys/module/ipa/sections/.text.ftrace_trampoline:0xffff800000f98380
/sys/module/ipa/sections/.text.unlikely:0xffff800000f974f4

Android kernel offset

Qualcomm's ABL shifts the kernel image by 0x80000, breaking lots of things (:

Including the kernels GDB python scripts which automatically load module symbols...

That wasn't too bad to figure out, however it did make me not realise just what lx-symbols could do...

Did a bunch of NIH and re-implemented support for a) storing the module sections in struct module b) reading the module sections in the kernel gdb python script

Just need to add support for specify the kernel image offset to lx-symbols aaaaand

(gdb) lx-symbols -o 0x80000
loading vmlinux
Using vmlinux offset 0x80000
scanning for modules in /home/cas/pmos/enchilada/kernel/.output
loading @0xffff8000014a4000: /home/cas/pmos/enchilada/kernel/.output/net/netfilter/nft_reject_inet.ko
loading @0xffff80000149f000: /home/cas/pmos/enchilada/kernel/.output/net/ipv4/netfilter/nf_reject_ipv4.ko
loading @0xffff800001492000: /home/cas/pmos/enchilada/kernel/.output/net/ipv6/netfilter/nf_reject_ipv6.ko
loading @0xffff80000148d000: /home/cas/pmos/enchilada/kernel/.output/net/netfilter/nft_reject.ko
loading @0xffff800001498000: /home/cas/pmos/enchilada/kernel/.output/net/netfilter/nft_ct.ko